I can not tell you about using the UmbracoApiController, but there is a way how you could achieve that e.g. in a razor view.
@using Umbraco.Web.Security
@{
var ticket = new HttpContextWrapper(HttpContext.Current).GetUmbracoAuthTicket();
bool userLoggedIn = ticket != null;
}
@if (userLoggedIn)
{
// provide download link here
}
The reason i need to use it in the UmbracoApiController is because i have made a media handler which restricts media uploaded to a certain media folder / parent.
The idea being that only backoffice users can download these items, by clicking the link from the backoffice media section.
I'm pretty sure, you could also use the authentication method in a custom controller which then should be a derived class from UmbracoApiController. I've only worked with the authorized json controller and would probably solve it something like this:
using System.Net;
using System.Web;
using System.Web.Mvc;
using Umbraco.Web.Editors;
using Umbraco.Web.Security;
namespace MyProject.ApiController
{
[Route("api/[controller]")]
public class MyCustomApiController : UmbracoAuthorizedJsonController
{
public HttpStatusCode MyRestrictedDownloadAction(string requestedFileName)
{
var ticket = new HttpContextWrapper(HttpContext.Current).GetUmbracoAuthTicket();
bool loggedIn = ticket != null;
string path = "http://example.com/path/to/my/dir";
if(loggedIn)
{
using(var client = new WebClient())
{
client.DownloadFile(path, requestedFileName);
return HttpStatusCode.OK;
}
}
return HttpStatusCode.Unauthorized;
}
}
}
Check is user is logged into backoffice
Hi,
I am trying to restrict files / folders so that they can only be downloaded by a logged in backoffice user.
How can i carry out a check to see if the user is logged into the backoffice and authenticated, whilst using the umbracoapicontroller
Thank!
I can not tell you about using the UmbracoApiController, but there is a way how you could achieve that e.g. in a razor view.
Hope this helps you.
Thanks for your help!
The reason i need to use it in the UmbracoApiController is because i have made a media handler which restricts media uploaded to a certain media folder / parent.
The idea being that only backoffice users can download these items, by clicking the link from the backoffice media section.
I have found a solution for this, by handling it in the IHTTPHandler rather than in the controller.
I used the getumbracoticket method to carry it the check.
I'm pretty sure, you could also use the authentication method in a custom controller which then should be a derived class from UmbracoApiController. I've only worked with the authorized json controller and would probably solve it something like this:
is working on a reply...