I want to control access to all the media files through custom MVC controllers where I can do some custom authentication for my members. Access to the media folder should only be possible through an authenticated (backoffice) user. We'll be using

Umbraco.StorageProviders.AzureBlob

, so perhaps a fork of this is required? The only other option that I can think of is to use the Media Protect extension from Soeteman, if it works with Azure, which is a dependency I'd prefer to avoid. Any ideas how I might go about this?

you can have a look at how the exiting user and membership stuff is written and extend that to create a new group called media restricted.. so it only allows users in an autheticated group to see the media section

Thanks for giving is some thought Ravi. Perhaps I wasn't clear though. This is less about User permissions, as I don't mind those people seeing and manging the media. This is about members who are using the website. The media being uploaded is commercially sensitive and so I don't want anyone downloading the file if they happen to have the URL. I can proxy downloads through an MVC controller to confirm that the member is authorised for the media file, but that doesn't block any anonymous user from downloading the media file directly with

/media/1234/my-contract.pdf

. I think I'm going to have to do a custom build of the Azure Storage Provider, with a User Authentication check as part of it.

@User May I suggest “people” instead of "guys"? We use gender inclusive language in this Discord. 😀

Can you add some middleware that exits early if the member should not have access to the file? You could have a property that links a file to a specific member.

oh from that way.. gotcha.. that's why I thought its seems simpler.. and why i was asking the questions , making that suggestion I think the typical answer is some kind of handlers for those files or may any file located in a specific folder .. i believe you are on the right path young padawan etc

Interesting Middleware. You mean this right @krebil? https://docs.umbraco.com/umbraco-cms/reference/routing/custom-middleware I think that is probably the answer. Cheers. I'm using the Content Delivery API alongside Member Groups to control access to media. There is no role-based access in Media, resulting in referenced media potentially being returning in API responses. So I'm having to create a content item for every media item that I wish to surface. Those content items can have a Hijack Controller to return the associated media item. I just need to prevent access via other means. It is easier therefore to put a barrier in place to prevent all media access publicly. If middlewear will allow me to return a 401 for any requests to

/media/*

from anyone who isn't currently logged in as an Umbraco User then 🎉

@David Peck (Peck Tech) Yes or more broadly https://learn.microsoft.com/en-us/aspnet/core/fundamentals/middleware/?view=aspnetcore-8.0 The placement of the middleware is important, you might have to play around with it a bit. Since you might want some Umbraco stuff to be set up already but you don't want Umbraco to finish the request.

Cracking. Ta

Middleware will allow you to return a 401 response. If you only want to hide some of your media, you can totally create a new media folder type and restrict access to everything inside. Something like adding a member group picker should work. Then you check if the current member is in those groups.

I'll do something like that. I want to prevent the Content Delivery API from returning the names of media items that a user might not have access which middlewear can't fix. Middlewear can help with the authentication of download requests though for sure. It's the right approach I'm sure

Yeah, the other one i more tricky. You can probably use a decorator pattern to change something in the delivery API request pipeline. Like decorate one of the services. https://dev.to/d_inventor/design-patterns-in-umbraco-part-2-3j5l Maybe this one: https://github.com/umbraco/Umbraco-CMS/blob/contrib/src/Umbraco.Core/DeliveryApi/IApiMediaQueryService.cs