Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I serve static files only to authorized users?

Tags:

c#

asp.net-core

asp.net-core-staticfile

I have a collection of Excel spreadsheets that I'd like to serve in my ASP.NET 5 webapp only to authorized users.

  1. Where should I store the files? I assume in wwwroot (e.g., wwwroot/files).
  2. If in wwwroot, how do I allow access only to authorized users? (I'd like to serve them up as a [Authorize] FileResult from the controller, but this still leaves the files open to direct access through a URL I believe.)
  3. How do I reference a location in wwwroot through my FileResult action in the controller?

Thanks much!

like image 260
Gabe Avatar asked Apr 21 '16 16:04

Gabe

People also ask

How do you secure a static file?

We can protect static files with authorization on the ASP.NET Core web application by using the OnPrepareResponse property of the options argument for "Static Files" middleware. Don't forget that place the calling UseAuthentication() at before of the calling UseStaticFiles(...) .

How do you serve a static file?

To serve static files for Go 1.12+ in the standard environment, you define the handlers in your app. yaml file using either the static_dir or static_files elements. The content in the static files or static directories are unaffected by the scaling settings in your app.

1 Answers

Yes, they should go in wwwroot. Currently there is no built-in way to secure wwwroot directories. But creating a middleware module to accomplish it is pretty straightforward. There is an easy to follow tutorial here.

If you're not familiar with developing middleware, I posted a GitHub project that shows how to create middleware in three easy steps. You can download the project here.

You don't need a controller to access static files.

like image 136
Clint B Avatar answered Oct 07 '22 01:10

Clint B
Sign in to Comment

Related questions

Why is The Iteration Variable in a C# foreach statement read-only?
ntohs() and ntohl() equivalent?
Which type to save percentages
What is the difference between static methods in a Non static class and static methods in a static class?
Has foreach's use of variables been changed in C# 5?
Asp.net Web Api set response status code to number
How to use Moq in unit test that calls another method in same class
Deserialize JSON string to Dictionary<string,object>
Get Windows User Display Name
What does the win/any runtime mean in .NET Core
Is .NET Core 2.0 logging broken?
How can I retrieve a table from stored procedure to a datatable?
.NET - c# - Cross partition query is required but disabled trouble on DocumentDB data access
How best to communicate between AppDomains?
Linq: What is the difference between == and equals in a join?
KeyDown : recognizing multiple keys
Form constructor vs Form_Load [duplicate]
Checking constructor parameter for null before calling base
Mocking objects without no-argument constructor in C# / .NET
WCF: What is a ServiceHost?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!