Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Aaron 58 posts 406 karma points MVP 2x c-trib
    Oct 14, 2019 @ 14:53
    Aaron
    0

    Check is user is logged into backoffice

    Hi,

    I am trying to restrict files / folders so that they can only be downloaded by a logged in backoffice user.

    How can i carry out a check to see if the user is logged into the backoffice and authenticated, whilst using the umbracoapicontroller

    Thank!

  • mcgrph 35 posts 162 karma points
    Oct 14, 2019 @ 15:54
    mcgrph
    0

    I can not tell you about using the UmbracoApiController, but there is a way how you could achieve that e.g. in a razor view.

    @using Umbraco.Web.Security
    
    @{
        var ticket = new HttpContextWrapper(HttpContext.Current).GetUmbracoAuthTicket();
        bool userLoggedIn = ticket != null;
    }
    
    @if (userLoggedIn)
    {
        // provide download link here
    }
    

    Hope this helps you.

  • Aaron 58 posts 406 karma points MVP 2x c-trib
    Oct 14, 2019 @ 15:57
    Aaron
    0

    Thanks for your help!

    The reason i need to use it in the UmbracoApiController is because i have made a media handler which restricts media uploaded to a certain media folder / parent.

    The idea being that only backoffice users can download these items, by clicking the link from the backoffice media section.

  • Aaron 58 posts 406 karma points MVP 2x c-trib
    Oct 14, 2019 @ 16:13
    Aaron
    0

    I have found a solution for this, by handling it in the IHTTPHandler rather than in the controller.

    I used the getumbracoticket method to carry it the check.

  • mcgrph 35 posts 162 karma points
    Oct 14, 2019 @ 16:21
    mcgrph
    0

    I'm pretty sure, you could also use the authentication method in a custom controller which then should be a derived class from UmbracoApiController. I've only worked with the authorized json controller and would probably solve it something like this:

    using System.Net;
    using System.Web;
    using System.Web.Mvc;
    using Umbraco.Web.Editors;
    using Umbraco.Web.Security;
    
    namespace MyProject.ApiController
    {
        [Route("api/[controller]")]
        public class MyCustomApiController : UmbracoAuthorizedJsonController
        {
            public HttpStatusCode MyRestrictedDownloadAction(string requestedFileName)
            {
                var ticket      = new HttpContextWrapper(HttpContext.Current).GetUmbracoAuthTicket();
                bool loggedIn   = ticket != null;
                string path     = "http://example.com/path/to/my/dir";
    
                if(loggedIn)
                {
                    using(var client = new WebClient())
                    {
                        client.DownloadFile(path, requestedFileName);
                        return HttpStatusCode.OK;
                    }
                }
    
                return HttpStatusCode.Unauthorized;
            }
        }
    }
    
Please Sign in or register to post replies

Write your reply to:

Draft