Sign in Register
Go to solution
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Aaron 58 posts 406 karma points MVP 2x c-trib
    Oct 14, 2019 @ 14:53
    Aaron
    0

    Check is user is logged into backoffice

    Hi,

    I am trying to restrict files / folders so that they can only be downloaded by a logged in backoffice user.

    How can i carry out a check to see if the user is logged into the backoffice and authenticated, whilst using the umbracoapicontroller

    Thank!

    Copy Link
  • mcgrph 35 posts 162 karma points
    Oct 14, 2019 @ 15:54
    mcgrph
    0

    I can not tell you about using the UmbracoApiController, but there is a way how you could achieve that e.g. in a razor view.

    @using Umbraco.Web.Security

@{
    var ticket = new HttpContextWrapper(HttpContext.Current).GetUmbracoAuthTicket();
    bool userLoggedIn = ticket != null;
}

@if (userLoggedIn)
{
    // provide download link here
}

    Hope this helps you.

    Copy Link
  • Aaron 58 posts 406 karma points MVP 2x c-trib
    Oct 14, 2019 @ 15:57
    Aaron
    0

    Thanks for your help!

    The reason i need to use it in the UmbracoApiController is because i have made a media handler which restricts media uploaded to a certain media folder / parent.

    The idea being that only backoffice users can download these items, by clicking the link from the backoffice media section.

    Copy Link
  • Aaron 58 posts 406 karma points MVP 2x c-trib
    Oct 14, 2019 @ 16:13
    Aaron
    0

    I have found a solution for this, by handling it in the IHTTPHandler rather than in the controller.

    I used the getumbracoticket method to carry it the check.

    Copy Link
  • mcgrph 35 posts 162 karma points
    Oct 14, 2019 @ 16:21
    mcgrph
    0

    I'm pretty sure, you could also use the authentication method in a custom controller which then should be a derived class from UmbracoApiController. I've only worked with the authorized json controller and would probably solve it something like this:

    using System.Net;
using System.Web;
using System.Web.Mvc;
using Umbraco.Web.Editors;
using Umbraco.Web.Security;

namespace MyProject.ApiController
{
    [Route("api/[controller]")]
    public class MyCustomApiController : UmbracoAuthorizedJsonController
    {
        public HttpStatusCode MyRestrictedDownloadAction(string requestedFileName)
        {
            var ticket      = new HttpContextWrapper(HttpContext.Current).GetUmbracoAuthTicket();
            bool loggedIn   = ticket != null;
            string path     = "http://example.com/path/to/my/dir";

            if(loggedIn)
            {
                using(var client = new WebClient())
                {
                    client.DownloadFile(path, requestedFileName);
                    return HttpStatusCode.OK;
                }
            }

            return HttpStatusCode.Unauthorized;
        }
    }
}
    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft