Try our conversational search powered by Generative AI!

Overriding Access denied method for Media


Sorry I am reposting this question since for some reason previous link seems broken.

I need to tap into Access denied routine for media files and instead of taking them to home page, present an access denied page. I am able to do this for pages using OnAuthorization Method of AuthorizeContentAttribute.

Can't figure out how to do this for Media files (PDF)

Apr 09, 2020 3:13

You can create Controller for Media

Apr 09, 2020 14:33

Hi Dileep, 

Using the below code you can redirect to a visitor on the 404 pages when it will click on the pdf link on page.

    [ContentType(DisplayName = "PdfFile", GUID = "21ffdb5d-a602-4d33-9da6-a2a0888b1937", Description = "Upload media file")]
    [MediaDescriptor(ExtensionString = "pdf")]
    public class PdfFile : MediaData

if you want custom processing before sending the media to the visitor, the example below shows how you can implement your own HTTP handler for PDF type media.

    public class CustomFileHandler : IHttpHandler, IRenderTemplate<PdfFile>
        private readonly IContentRouteHelper _contentRouteHelper;
        private readonly IAccessDeniedHandler _accessDeniedHandler;

        // we need to provide a parameterless constructor
        public CustomFileHandler(IContentRouteHelper contentRouteHelper, IAccessDeniedHandler accessDeniedHandler)
            _contentRouteHelper = contentRouteHelper;
            _accessDeniedHandler = accessDeniedHandler;

        public CustomFileHandler() : this(ServiceLocator.Current.GetInstance<IContentRouteHelper>(), ServiceLocator.Current.GetInstance<IAccessDeniedHandler>())

        public bool IsReusable => false;

        public void ProcessRequest(HttpContext context)
            //Get file content
            var content = _contentRouteHelper.Content;
            var mediaContent = content as MediaData;
            if (mediaContent == null || mediaContent.MimeType.Contains("application/pdf"))
                throw new HttpException(404, "Not Found.");

            //Check access
            if (!content.QueryDistinctAccess(AccessLevel.Read))
                _accessDeniedHandler.AccessDenied(new HttpContextWrapper(context));

            //Cast to custom file
            var customFile = content as PdfFile;
            if (customFile?.BinaryData == null)
                throw new HttpException(404, "Not Found.");

            //Set caching policy

            //Do custom processing


Apr 09, 2020 19:13

Hi Sanjay,
Thanks for the information. I started on similar route and tried to route the user to my custom access denied page instead of _accessdeniedhanler.AccessDenied method and it supposedly worked fine. But in the events of where user had access to file, the file was rendered as blank. Not sure if I have to add something in TransmitProcessedFile or if there is an implementation of it to just render the file as usual

Apr 10, 2020 15:25

Hi Dileep and Sanjay,

Did you ever figure out how to default to the custom episerver file rendering if the custom authorization passes? I do not need to do any custom processing and would like to render it as it would normally.

Apr 20, 2020 21:32
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.