I have a situation where certain media files are "activated" on a per-user basis (by entering a code printed on a physical product). In this instance, the media files should only be served to logged-in users who have activated those items.
Is it possible to extend/override the HasAccess method to allow custom authorisation checks?
Yes it's possible. You have to use the event system where you can cancel access to a file. Currently onsite but someting like this should help you i think? More samples in the documentation check for events. http://mediaprotect.soetemansoftware.nl/documentation.aspx
/// <summary> /// Example code for the Requesting event /// </summary> public class ProtectedFolderRequest : ApplicationBase { /// <summary> /// Constructor to wire up the requesting event /// Make sure your class derives from ApplicationBase otherwise this constructor never gets hit /// </summary> public ProtectedFolderRequest() { Request.FileRequesting += new Request.FileRequestingEventHandler(Request_FileRequesting); }
/// <summary> /// Handles the FileRequesting event to check if the user has access /// </summary> private void Request_FileRequesting(object sender, MediaProtect.Library.EventArgs.FileRequestingEventArgs e) { //Check if the user request a protected folder and the role of the user if (e.Path.StartsWith("/protected/", StringComparison.CurrentCultureIgnoreCase) && !Roles.IsUserInRole("Subscriber")) { //Cancel the event when a user requests a file from the /protected folder and is not in the subscriber role e.Cancel = true;
//Specify the login page. MediaProtect will redirect to this page e.RedirectPage = "/login/"; } } }
Custom authorisation in HasAccess method... possible?
Hi Richard
I have a situation where certain media files are "activated" on a per-user basis (by entering a code printed on a physical product). In this instance, the media files should only be served to logged-in users who have activated those items.
Is it possible to extend/override the HasAccess method to allow custom authorisation checks?
Thanks
Mike
Hi Mike,
Yes it's possible. You have to use the event system where you can cancel access to a file. Currently onsite but someting like this should help you i think? More samples in the documentation check for events. http://mediaprotect.soetemansoftware.nl/documentation.aspx
/// <summary>
/// Example code for the Requesting event
/// </summary>
public class ProtectedFolderRequest : ApplicationBase
{
/// <summary>
/// Constructor to wire up the requesting event
/// Make sure your class derives from ApplicationBase otherwise this constructor never gets hit
/// </summary>
public ProtectedFolderRequest()
{
Request.FileRequesting += new Request.FileRequestingEventHandler(Request_FileRequesting);
}
/// <summary>
/// Handles the FileRequesting event to check if the user has access
/// </summary>
private void Request_FileRequesting(object sender, MediaProtect.Library.EventArgs.FileRequestingEventArgs e)
{
//Check if the user request a protected folder and the role of the user
if (e.Path.StartsWith("/protected/", StringComparison.CurrentCultureIgnoreCase) && !Roles.IsUserInRole("Subscriber"))
{
//Cancel the event when a user requests a file from the /protected folder and is not in the subscriber role
e.Cancel = true;
//Specify the login page. MediaProtect will redirect to this page
e.RedirectPage = "/login/";
}
}
}
Let me know if you need ore info please.
Hope this helps,
Richard
is working on a reply...