Skip to the content

Building a media authorization package for Umbraco 8

Umbraco has built-in authorization for pages but when it comes to media, you're up the creek with no paddle!


We've been building Umbraco sites for years but have only recently had a client with the requirements to protect their media.

Having research this, there are a few articles out there describing how to achieve authorized media they're often limited in scope and aren't as full featured as we'd ideally like.


There is a relatively featured rich package available for Umbraco but it's a little expensive depending on the size of your client.  More importantly we couldn't easily expand the features to the specific requirements we have.

For these reasons we've decided to create our own.  And because we love the Umbraco community and want to give something back we're going to open source our work and publish our own media authorization nuget package: CodeWizards.Umbraco.MediaAuthorization.


Our first goal is to achieve relative feature parity with current available solutons:


  • Role based permissions on Media files and folders
  • Logging of anauthorized requests
  • Configurable Login / unauthrized pages
  • Backoffice UI to manage the package.
  • Minimal code setup


Getting started



Code configuration:

Minimal code setup is one of our main points so what does this look like?

public class MediaComposer : ComponentComposer<MediaAuthorizationComponent>

That's it. One class to compose the media authorization component.

This wires up all the required services in to Umbraco's DI Container, registers the relevant middle ware and takes care of adding the required properties to the media types.



Configure Login / Access denies pages:

Now you've installed the package, you'll have new options in the settings section of umbraco:



Config is where you specify the login / access denied pages (along with other settings in the future):


And Log is where the access logs are stored:


One of the benefits of our logs page is that it utilizes Umbraco "Infinite Editing" features to open the media and member nodes.


Configuring access:

Now that we're installed and configured setting up authorization is as simple as adding one (or more) groups to a Image, File or Folder:


Now, unauthenticated / unauthorized requests will be logged under the logs option in the back office.


Unauthenticated requests will be redirected to the login page with a "returnUrl" parameter for the media the user was attempting to browse.

Unauthorized requests will be redirected to the "Access Denied Page".

If the Login page or Access denied page are not specified then the server will return a HTTP status code 403 (forbidden)


In addition if you need to add more media "types" then merely adding a required group property to it (with the alias "requiredGroup") will allow the package to authroize those as it does other media types. 


And it's as easy as that!

CodeWizards.Umbraco.MediaAuthorization will be on nuget soon. 

We'll update this article with the link to the nuget package and the link to the github page once it's live.


Please comment with any suggestions for future features / questions you might have!

About the author

Lee Higgitt

Lee Higgitt

My experience has been realising retail and ecommerce initiatives. I specialise in high transaction code and user interface implementations.

My passions are low friction user interfaces and maximising enjoyment of systems.  I also love games of all sorts.

comments powered by Disqus

We're Honestly Here to Help!

Get in Touch

Got questions?  We're always happy to (at least) try and help.  Give us a call, email, tweet, FB post or just shout if you have questions.

Code Wizards worked with us a number of initiatives including enhancing our Giving Voucher proposition and fleshing out our Giving Street concept. They provide a good blend of both business and technology expertise. We are grateful for their contribution to TheGivingMachine allowing us to improve our services and enhance our social impact

Richard Morris, Founder and CEO TheGivingMachine

Code Wizards are a pleasure to work with.

We've challenged their team to integrate our cutting edge AI, AR and VR solutions and always come up trumps.

I love their approach and help on strategy.

Richard Corps, Serial Entrepreneur and Augmented Reality Expert

Working In Partnership

We're up for (almost) anything.

We believe that life is better in co-op (and if we can't help then we probably know somebody else that we can direct you to).  Get in touch.