+1-888-365-2779
Try Now
More in this section

Forums / Security / Protect Direct Links to Libraries - Solution

Protect Direct Links to Libraries - Solution

2 posts, 0 answered
  1. Cameron
    Cameron avatar
    42 posts
    Registered:
    27 Jul 2009
    23 Jul 2010
    Link to this post
    I was having trouble getting the libraries protected from direct linking. It seemed the URL to the documents would work without the user being logged in to Sitefinity. Here's my solution that redirects anyone who has not logged in back to the login screen instead of serving up the file from the library:

    Create a CustomCMSContentHandler.cs file in the App_Code folder:
    using System;
    using System.Web;
    using System.Web.Security;
    using Telerik.Cms.Engine;
     
    //Override ContentHttpHandler
    public class CustomCmsContentHandler : ContentHttpHandler
    {
     
        public override void ProcessRequest(HttpContext context)
        {
     
            //check whether the user is authenticated or not.
            RolePrincipal principal = context.User as RolePrincipal;
            if (principal == null
                || !principal.Identity.IsAuthenticated
                )
            {
     
                System.Web.HttpContext.Current.Response.Redirect("http://yourwebaddress");
     
            }
     
             base.ProcessRequest(context);
     
        }
    }

    Modify web.config:

    Replace

    <add name="SitefinityThumbnail" path="*.tmb" verb="*" preCondition="integratedMode" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />
    <add name="SitefinityThumbnailAdd" path="*.tmb.ashx" verb="*" preCondition="integratedMode" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />
    <add name="SitefinityLibrary" path="*.sflb" verb="*" preCondition="integratedMode" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />
    <add name="SitefinityLibraryAdd" path="*.sflb.ashx" verb="*" preCondition="integratedMode" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />
    with
    <add name="SitefinityThumbnail" path="*.tmb" verb="*" preCondition="integratedMode" type="CustomCmsContentHandler, App_Code" />
                <add name="SitefinityThumbnailAdd" path="*.tmb.ashx" verb="*" preCondition="integratedMode" type="CustomCmsContentHandler, App_Code" />
                <add name="SitefinityLibrary" path="*.sflb" verb="*" preCondition="integratedMode" type="CustomCmsContentHandler, App_Code" />
                <add name="SitefinityLibraryAdd" path="*.sflb.ashx" verb="*" preCondition="integratedMode" type="CustomCmsContentHandler, App_Code" />

    and replace
    <add verb="GET" path="*.sflb" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />
    <add verb="GET" path="*.sflb.ashx" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />
    <add verb="GET" path="*.tmb" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />
    <add verb="GET" path="*.tmb.ashx" type="Telerik.Cms.Engine.ContentHttpHandler, Telerik.Cms.Engine" />
    with
    <add verb="GET" path="*.sflb" type="CustomCmsContentHandler, App_Code" />
                <add verb="GET" path="*.sflb.ashx" type="CustomCmsContentHandler, App_Code" />
                <add verb="GET" path="*.tmb" type="CustomCmsContentHandler, App_Code" />
                <add verb="GET" path="*.tmb.ashx" type="CustomCmsContentHandler, App_Code" />
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    25 Nov 2016
    25 Jul 2010
    Link to this post
    Hello Michael Buchsbaum,

    Similar  code has been provided  by us in our forums


    Sincerely yours,
    Ivan Dimitrov
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
2 posts, 0 answered