Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Aaron 59 posts 407 karma points MVP 2x c-trib
    Oct 14, 2019 @ 14:53
    Aaron
    0

    Check is user is logged into backoffice

    Hi,

    I am trying to restrict files / folders so that they can only be downloaded by a logged in backoffice user.

    How can i carry out a check to see if the user is logged into the backoffice and authenticated, whilst using the umbracoapicontroller

    Thank!

    Copy Link
  • mcgrph 35 posts 162 karma points
    Oct 14, 2019 @ 15:54
    mcgrph
    0

    I can not tell you about using the UmbracoApiController, but there is a way how you could achieve that e.g. in a razor view.

    @using Umbraco.Web.Security

@{
    var ticket = new HttpContextWrapper(HttpContext.Current).GetUmbracoAuthTicket();
    bool userLoggedIn = ticket != null;
}

@if (userLoggedIn)
{
    // provide download link here
}

    Hope this helps you.

    Copy Link
  • Aaron 59 posts 407 karma points MVP 2x c-trib
    Oct 14, 2019 @ 15:57
    Aaron
    0

    Thanks for your help!

    The reason i need to use it in the UmbracoApiController is because i have made a media handler which restricts media uploaded to a certain media folder / parent.

    The idea being that only backoffice users can download these items, by clicking the link from the backoffice media section.

    Copy Link
  • Aaron 59 posts 407 karma points MVP 2x c-trib
    Oct 14, 2019 @ 16:13
    Aaron
    0

    I have found a solution for this, by handling it in the IHTTPHandler rather than in the controller.

    I used the getumbracoticket method to carry it the check.

    Copy Link
  • mcgrph 35 posts 162 karma points
    Oct 14, 2019 @ 16:21
    mcgrph
    0

    I'm pretty sure, you could also use the authentication method in a custom controller which then should be a derived class from UmbracoApiController. I've only worked with the authorized json controller and would probably solve it something like this:

    using System.Net;
using System.Web;
using System.Web.Mvc;
using Umbraco.Web.Editors;
using Umbraco.Web.Security;

namespace MyProject.ApiController
{
    [Route("api/[controller]")]
    public class MyCustomApiController : UmbracoAuthorizedJsonController
    {
        public HttpStatusCode MyRestrictedDownloadAction(string requestedFileName)
        {
            var ticket      = new HttpContextWrapper(HttpContext.Current).GetUmbracoAuthTicket();
            bool loggedIn   = ticket != null;
            string path     = "http://example.com/path/to/my/dir";

            if(loggedIn)
            {
                using(var client = new WebClient())
                {
                    client.DownloadFile(path, requestedFileName);
                    return HttpStatusCode.OK;
                }
            }

            return HttpStatusCode.Unauthorized;
        }
    }
}
    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies