Try our conversational search powered by Generative AI!

AI OnAI Off

Overriding Access denied method for Media

Dileep D
Dileep D
Vote:
 

Sorry I am reposting this question since for some reason previous link seems broken.

I need to tap into Access denied routine for media files and instead of taking them to home page, present an access denied page. I am able to do this for pages using OnAuthorization Method of AuthorizeContentAttribute.

Can't figure out how to do this for Media files (PDF)

#220966
Apr 09, 2020 3:13
Ten Ten
Ten Ten
Vote:
 

You can create Controller for Media

#220985
Apr 09, 2020 14:33
Sanjay Kumar
Sanjay Kumar
Vote:
 

Hi Dileep, 

Using the below code you can redirect to a visitor on the 404 pages when it will click on the pdf link on page.

    [ContentType(DisplayName = "PdfFile", GUID = "21ffdb5d-a602-4d33-9da6-a2a0888b1937", Description = "Upload media file")]
    [MediaDescriptor(ExtensionString = "pdf")]
    public class PdfFile : MediaData
    {
      
    }

if you want custom processing before sending the media to the visitor, the example below shows how you can implement your own HTTP handler for PDF type media.

    public class CustomFileHandler : IHttpHandler, IRenderTemplate<PdfFile>
    {
        private readonly IContentRouteHelper _contentRouteHelper;
        private readonly IAccessDeniedHandler _accessDeniedHandler;

        // we need to provide a parameterless constructor
        public CustomFileHandler(IContentRouteHelper contentRouteHelper, IAccessDeniedHandler accessDeniedHandler)
        {
            _contentRouteHelper = contentRouteHelper;
            _accessDeniedHandler = accessDeniedHandler;
        }

        public CustomFileHandler() : this(ServiceLocator.Current.GetInstance<IContentRouteHelper>(), ServiceLocator.Current.GetInstance<IAccessDeniedHandler>())
        {
        }

        public bool IsReusable => false;

        public void ProcessRequest(HttpContext context)
        {
            //Get file content
            var content = _contentRouteHelper.Content;
            var mediaContent = content as MediaData;
            if (mediaContent == null || mediaContent.MimeType.Contains("application/pdf"))
            {
                throw new HttpException(404, "Not Found.");
            }

            //Check access
            if (!content.QueryDistinctAccess(AccessLevel.Read))
            {
                _accessDeniedHandler.AccessDenied(new HttpContextWrapper(context));
                return;
            }

            //Cast to custom file
            var customFile = content as PdfFile;
            if (customFile?.BinaryData == null)
            {
                throw new HttpException(404, "Not Found.");
            }

            //Set caching policy
            context.Response.Cache.SetCacheability(HttpCacheability.Private);
            context.Response.Cache.SetMaxAge(TimeSpan.FromDays(1));

            //Do custom processing
            //TransmitProcessedFile(customFile.BinaryData)
        }
    }

Thanks,

#220991
Apr 09, 2020 19:13
Dileep D
Dileep D
Vote:
 

Hi Sanjay,
Thanks for the information. I started on similar route and tried to route the user to my custom access denied page instead of _accessdeniedhanler.AccessDenied method and it supposedly worked fine. But in the events of where user had access to file, the file was rendered as blank. Not sure if I have to add something in TransmitProcessedFile or if there is an implementation of it to just render the file as usual

#221022
Apr 10, 2020 15:25
Will
Will
Vote:
 

Hi Dileep and Sanjay,

Did you ever figure out how to default to the custom episerver file rendering if the custom authorization passes? I do not need to do any custom processing and would like to render it as it would normally.

#221529
Apr 20, 2020 21:32
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.