Require authentication to access media files (secure media) #3590
Comments
|
What you tried seem to be what to do. Not sure about why it doesn't work. @jtkech any idea? |
|
Can you share the code related to what you are trying to do? Maybe you are doing things at the app level that you would need to do at the tenant level, through a module or the app with our tenant helpers. Hmm, if through a middleware need to take into account the configure |
|
This is exactly what I need. Did you find a solution for this @inhumator? |
|
@jtkech The solution I came up with was to limit access to all media requests from the startup.cs file services.AddOrchardCms((builder) =>
{
builder.Configure((app, router, __) =>
{
app.Use(async (context, next) =>
{
if (context.Request.Path.StartsWithSegments("/media") && !context.User.Identity.IsAuthenticated)
{
context.Response.StatusCode = 401;
return;
}
await next.Invoke();
});
});
});Unfortunately, this solves half of our problem as we also wanted the media files to be accesible from direfent tenant and this workaround only works for users autehtnicated to the default tenant. |
|
I would need to try it. Hmm, are you using a different name for If you use the same name it would run too soon, before we append the tenant prefix to the |
Piedone
changed the title
|
See related discussion about secure Media access from here. |
|
Please check out this PR for an intended Secure Media feature: #15173. |
|
Please give your feedback about subfolder permissions here: #9369 (comment). |
|
If anybody has any feedback on the #15173 PR, please let us know under it. Otherwise, I'll merge it in a week. |
Could you point me in the right direction for adding authentication requirement for media files ?
I want all the files in media module to be accessible only to authenticated users.
I tried adding middleware but the User.Identity doesn't get set that early.
On the other hand OnPrepareResponse is too late as the data is already sent.
The text was updated successfully, but these errors were encountered: