We've been building Umbraco sites for years but have only recently had a client with the requirements to protect their media.
Having research this, there are a few articles out there describing how to achieve authorized media they're often limited in scope and aren't as full featured as we'd ideally like.
There is a relatively featured rich package available for Umbraco but it's a little expensive depending on the size of your client. More importantly we couldn't easily expand the features to the specific requirements we have.
For these reasons we've decided to create our own. And because we love the Umbraco community and want to give something back we're going to open source our work and publish our own media authorization nuget package: CodeWizards.Umbraco.MediaAuthorization.
Minimal code setup is one of our main points so what does this look like?
public class MediaComposer : ComponentComposer<MediaAuthorizationComponent>
{
}
That's it. One class to compose the media authorization component.
This wires up all the required services in to Umbraco's DI Container, registers the relevant middle ware and takes care of adding the required properties to the media types.
Now you've installed the package, you'll have new options in the settings section of umbraco:
One of the benefits of our logs page is that it utilizes Umbraco "Infinite Editing" features to open the media and member nodes.
Now that we're installed and configured setting up authorization is as simple as adding one (or more) groups to a Image, File or Folder:
Now, unauthenticated / unauthorized requests will be logged under the logs option in the back office.
Unauthenticated requests will be redirected to the login page with a "returnUrl" parameter for the media the user was attempting to browse.
Unauthorized requests will be redirected to the "Access Denied Page".
If the Login page or Access denied page are not specified then the server will return a HTTP status code 403 (forbidden)
In addition if you need to add more media "types" then merely adding a required group property to it (with the alias "requiredGroup") will allow the package to authroize those as it does other media types.
CodeWizards.Umbraco.MediaAuthorization will be on nuget soon.
We'll update this article with the link to the nuget package and the link to the github page once it's live.
Please comment with any suggestions for future features / questions you might have!
About the author
Lee Higgitt
My experience has been realising retail and ecommerce initiatives. I specialise in high transaction code and user interface implementations.
My passions are low friction user interfaces and maximising enjoyment of systems. I also love games of all sorts.
We're Honestly Here to Help!
Get in Touch
Got questions? We're always happy to (at least) try and help. Give us a call, email, tweet, FB post or just shout if you have questions.
Code Wizards were very efficient and transparent. It was a pleasure working with them as they brought valuable advice, insight and development to achieve our project's success.
Daniel Ross, Head of IT and Development, 52 Entertainment / Virtual Regatta
Code Wizards are a pleasure to work with.
Richard Corps, Serial Entrepreneur and Augmented Reality Expert
We've challenged their team to integrate our cutting edge AI, AR and VR solutions and always come up trumps.
I love their approach and help on strategy.
Working In Partnership
We're up for (almost) anything.
We believe that life is better in co-op (and if we can't help then we probably know somebody else that we can direct you to). Get in touch.