+1-888-365-2779
Try Now
More in this section

Forums / Developing with Sitefinity / Document Permissions

Document Permissions

7 posts, 0 answered
  1. Ben Alexandra
    Ben Alexandra avatar
    215 posts
    Registered:
    15 Sep 2012
    28 Apr 2008
    Link to this post
    Hi,

    Is there a way to set/have permissions on documents?  I have a client (school) who has a password protected area for Parents.  Works great with your built-in permissions, but we'd like to add a PDF that ONLY people logged in as a certain group could view.  Right now we can just upload it and only link it in from that section, but if the Url got out, anyone could download it and Google might even index it.  We'd like to create a Parents Document Library, but set permissions so ever if the link gets out, only people who are logged in can view/download the document.

    Is this doable, or something you could add for us?  I'm sure there are other people would like to be able to do this with their online PDFs and docs

    Thanks

    Ben
  2. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    29 Apr 2008
    Link to this post
    Hi Ben Alexandra,

    We plan to implement security permissions on category level but still cannot commit to any time frame for it. Using libraries, it is not possible to set permissions for a document so far.

    However, you could achieve something similar to this using a regular upload. For example, you have a directory named pdf_files, and want to restrict the access to it. Just add this code in your web.config file :

      <location path="pdf_files" > 
        <system.web> 
          <authorization> 
            <deny users="?"/> 
          </authorization> 
        </system.web> 
      </location> 

    You also have to map the pdf extension to IIS as ISAPI filter. Your pdf files will be available after authentication, but it is not possible to have ROLES in this case - any authorized user will have access to this directory.

    If you would like to achieve similar functionality with Roles enabled, you should create a custom HttpModule, and hook on the PostAuthenticateRequest event. Then, check if the request is for the desired directory and check the role membership of the user.

    I hope you find this answer helpful.

    Kind regards,
    Georgi
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  3. Ben Alexandra
    Ben Alexandra avatar
    215 posts
    Registered:
    15 Sep 2012
    29 May 2008
    Link to this post
    Hi,

    I did this, but I seem to be missing something (maybe an HttpHandler for .PDFs?).  What happens is that now ALL PDFs don't download from the site and I'm guessing it's that IIS hands over those file types to .NET and .NET doesn't know how to handle it without explicit instructions.  Is that possible?

    I did some research on finding what line to add and found things like http://blogs.msdn.com/nikhiln/archive/2008/05/22/httphandler-to-authorize-file-downloads-c-code-sample.aspx but that doesn't even compile.  I would think there would be a simple line to add to the web.config for handling .PDFs, but haven't found anything.

    <system.web> 
        <httpHandlers> 
            <add verb="GET" path="*.pdf"  
                 type="Microsoft.Web.PortalFramework.HttpHandlers.PdfDownloadAuthorizationHandler, 
                 Microsoft.Web.PortalFramework" /> 
        </httpHandlers> 
    </system.web> 

    Any ideas on my next step?

    Ben
  4. Ben Alexandra
    Ben Alexandra avatar
    215 posts
    Registered:
    15 Sep 2012
    30 May 2008
    Link to this post
    OK, I think I figured it out.  The missing step is that you have to create a PDF handler (below) and add an HttpHandler to the web.config (first).

    <system.web> 
        <httpHandlers> 
           <add verb="*" path="*.rss" type="Telerik.Rss.RssHttpHandler, Telerik.Rss"/> 
           <add verb="GET" path="*.pdf" type="Trakkware.HttpHandlers.PdfHandler"/> 
        </httpHandlers> 
    </system.web> 


    using System;   
    using System.Web;  
     
    namespace Trakkware.HttpHandlers  
    {  
        public class PdfHandler : IHttpHandler  
        {  
            public PdfHandler() { }  
            #region Implementation of IHttpHandler  
            public void ProcessRequest(System.Web.HttpContext context)  
            {  
                string FileName = context.Server.MapPath(context.Request.FilePath);  
                context.Response.ContentType = "application/pdf";  
                context.Response.WriteFile(FileName);  
            }  
            public bool IsReusable  
            {  
                get { return false; }  
            }  
            #endregion  
        }  
    }  

    Once you add .PDFs to be handled by .NET in IIS and the steps above, plus the web.config setting that you guys suggested, you are good to go and in order to view any PDFs in the folder ~/Files/PDFs/Login_Required/ you need to log in. 

    Here's an example: http://www.waldorfsandiego.org/Files/PDFs/Login_Required/school_directory.pdf

    Works like a charm

    Thanks

    Ben

  5. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    02 Jun 2008
    Link to this post
    Hi Ben Alexandra,

    You are right, sorry for omitting to mention about the custom HttpHandler.
    We are glad that everything is working fine.

    Sincerely yours,
    Georgi
    the Telerik team

    Instantly find answers to your questions at the new Telerik Support Center
  6. Marianella
    Marianella avatar
    11 posts
    Registered:
    30 Sep 2010
    31 May 2011
    Link to this post
    Hello all,

    I want to make sure I am doing this right. Within which tags should I be adding the following code snippets? I am a newbie at all this, and would like to do this exact same thing on my site. Any help would be super. Many thanks

    <system.web> 
        <httpHandlers> 
           <add verb="*" path="*.rss" type="Telerik.Rss.RssHttpHandler, Telerik.Rss"/> 
           <add verb="GET" path="*.pdf" type="Trakkware.HttpHandlers.PdfHandler"/> 
        </httpHandlers> 
    </system.web> 


    using System;   
    using System.Web;  
     
    namespace Trakkware.HttpHandlers  
    {  
        public class PdfHandler : IHttpHandler  
        {  
            public PdfHandler() { }  
            #region Implementation of IHttpHandler  
            public void ProcessRequest(System.Web.HttpContext context)  
            {  
                string FileName = context.Server.MapPath(context.Request.FilePath);  
                context.Response.ContentType = "application/pdf";  
                context.Response.WriteFile(FileName);  
            }  
            public bool IsReusable  
            {  
                get { return false; }  
            }  
            #endregion  
        }  
    }  
  7. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    02 Jun 2011
    Link to this post
    Hello Marianella,

    1.Override the ContentHttpHandler. Then, check whether the user from a specified role has permissions to see the files in our library.

    using System;
    using System.Web;
    using System.Web.Security;
    using Telerik.Cms.Engine;
      
    //Override ContentHttpHandler
    public class CustomCmsContentHandler : ContentHttpHandler
    {
          
        public override void ProcessRequest(HttpContext context)
        {
      
            //restrict access to mylib
            string path = String.Concat(context.Request.ApplicationPath, "/libraries/mylib/");
      
            if (context.Request.RawUrl.StartsWith(path, StringComparison.OrdinalIgnoreCase))
            {
                //check whether the user is authenticated or not.
                RolePrincipal principal = context.User as RolePrincipal;
                if (principal == null
                    || !principal.Identity.IsAuthenticated
                    || !principal.IsInRole("Administrators"))
                {
                    throw new HttpException(403, "Access forbidden");
                    return;
                }
            }
      
            base.ProcessRequest(context);
        }
    }

    Setup

    1. Add CustomCmsContentHandler class to App_Code folder.
    2. Then, change your web.config and replace the handler as below:

    Replace:

    <add name="SitefinityThumbnail" path="*.tmb" verb="*" preCondition="integratedMode" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" /> 
    <add name="SitefinityThumbnailAdd" path="*.tmb.ashx" verb="*" preCondition="integratedMode" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" /> 
    <add name="SitefinityLibrary" path="*.sflb" verb="*" preCondition="integratedMode" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" /> 
    <add name="SitefinityLibraryAdd" path="*.sflb.ashx" verb="*" preCondition="integratedMode" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" /> 


    with:

    <add name="SitefinityThumbnail" path="*.tmb" verb="*" preCondition="integratedMode" type="CustomCmsContentHandler, App_Code" /> 
    <add name="SitefinityThumbnailAdd" path="*.tmb.ashx" verb="*" preCondition="integratedMode" type="CustomCmsContentHandler, App_Code" /> 
    <add name="SitefinityLibrary" path="*.sflb" verb="*" preCondition="integratedMode" type="CustomCmsContentHandler, App_Code" /> 
    <add name="SitefinityLibraryAdd" path="*.sflb.ashx" verb="*" preCondition="integratedMode" type="CustomCmsContentHandler, App_Code" /> 

    3. Replace

    <httpHandlers> 
    <add verb="GET" path="*.sflb" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" /> 
    <add verb="GET" path="*.sflb.ashx" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" /> 
    <add verb="GET" path="*.tmb" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" /> 
    <add verb="GET" path="*.tmb.ashx" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" /> 
    </httpHandlers> 


    with:

    <httpHandlers> 
    <add verb="GET" path="*.sflb" type="CustomCmsContentHandler, App_Code" /> 
    <add verb="GET" path="*.sflb.ashx" type="CustomCmsContentHandler, App_Code" /> 
    <add verb="GET" path="*.tmb" type="CustomCmsContentHandler, App_Code" /> 
    <add verb="GET" path="*.tmb.ashx" type="CustomCmsContentHandler, App_Code" /> 
    </httpHandlers> 


    I hope this helps.

    Regards,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
Register for webinar
7 posts, 0 answered