Overriding Access denied method for Media

Join us this Friday for AI in Action at the Virtual Happy Hour! This free virtual event is open to all—enroll now on Academy and don’t miss out.

AI OnAI Off

Home / Forums / Developers (Main Products) Forum / CMS 7.5 - 11 /

Overriding Access denied method for Media

Dileep D

Vote:

Sorry I am reposting this question since for some reason previous link seems broken.

I need to tap into Access denied routine for media files and instead of taking them to home page, present an access denied page. I am able to do this for pages using OnAuthorization Method of AuthorizeContentAttribute.

Can't figure out how to do this for Media files (PDF)

#220966

Apr 09, 2020 3:13

Ten Ten

Vote:

You can create Controller for Media

#220985

Apr 09, 2020 14:33

Sanjay Kumar

Vote:

Hi Dileep,

Using the below code you can redirect to a visitor on the 404 pages when it will click on the pdf link on page.

    [ContentType(DisplayName = "PdfFile", GUID = "21ffdb5d-a602-4d33-9da6-a2a0888b1937", Description = "Upload media file")]
    [MediaDescriptor(ExtensionString = "pdf")]
    public class PdfFile : MediaData
    {
      
    }

if you want custom processing before sending the media to the visitor, the example below shows how you can implement your own HTTP handler for PDF type media.

    public class CustomFileHandler : IHttpHandler, IRenderTemplate<PdfFile>
    {
        private readonly IContentRouteHelper _contentRouteHelper;
        private readonly IAccessDeniedHandler _accessDeniedHandler;

        // we need to provide a parameterless constructor
        public CustomFileHandler(IContentRouteHelper contentRouteHelper, IAccessDeniedHandler accessDeniedHandler)
        {
            _contentRouteHelper = contentRouteHelper;
            _accessDeniedHandler = accessDeniedHandler;
        }

        public CustomFileHandler() : this(ServiceLocator.Current.GetInstance<IContentRouteHelper>(), ServiceLocator.Current.GetInstance<IAccessDeniedHandler>())
        {
        }

        public bool IsReusable => false;

        public void ProcessRequest(HttpContext context)
        {
            //Get file content
            var content = _contentRouteHelper.Content;
            var mediaContent = content as MediaData;
            if (mediaContent == null || mediaContent.MimeType.Contains("application/pdf"))
            {
                throw new HttpException(404, "Not Found.");
            }

            //Check access
            if (!content.QueryDistinctAccess(AccessLevel.Read))
            {
                _accessDeniedHandler.AccessDenied(new HttpContextWrapper(context));
                return;
            }

            //Cast to custom file
            var customFile = content as PdfFile;
            if (customFile?.BinaryData == null)
            {
                throw new HttpException(404, "Not Found.");
            }

            //Set caching policy
            context.Response.Cache.SetCacheability(HttpCacheability.Private);
            context.Response.Cache.SetMaxAge(TimeSpan.FromDays(1));

            //Do custom processing
            //TransmitProcessedFile(customFile.BinaryData)
        }
    }

Thanks,

#220991

Apr 09, 2020 19:13

Dileep D

Vote:

Hi Sanjay,
Thanks for the information. I started on similar route and tried to route the user to my custom access denied page instead of _accessdeniedhanler.AccessDenied method and it supposedly worked fine. But in the events of where user had access to file, the file was rendered as blank. Not sure if I have to add something in TransmitProcessedFile or if there is an implementation of it to just render the file as usual

#221022

Apr 10, 2020 15:25

Will

Vote:

Hi Dileep and Sanjay,

Did you ever figure out how to default to the custom episerver file rendering if the custom authorization passes? I do not need to do any custom processing and would like to render it as it would normally.

#221529

Apr 20, 2020 21:32

Please login to post a reply