I went back with a solution found here for a similar question that I asked, and it was rejected at work because the use case is slightly different. So the this is the scenario: we have users with different custom roles, which are designated by a code. These do not match with the Access Right groups that we can create. So I want to know if it is possible to intercept a request for a media asset and before it is actually served for me to make additional security checks on that request before delivering the media.
Does EpiServer have some API or a mechanism that would make this possible?
Yes there are content events, please see http://world.episerver.com/documentation/Class-library/?documentId=cms/9/34FD9C4D, and more specific the CreatingContent event. Just check if the content that is being created is inherting from MediaData and then do your custom validation.
Sorry, missread your question. Not CREATING content.
I guess you have to develop an http module or replace the static file handler (not recomended).
Do you not recommend creating an http module or to replace the static file handler? Both? What are the possible problems of doing so?