alirobe · November 23, 2023 02:36 · Nov 23, 2023 · Mar 7, 2022 · Mar 7, 2022 · Mar 5, 2022
diff --git a/credit.txt b/credit.txt
@@ -2,4 +2,6 @@ Original code here: https://giacomodeliberali.com/blog/umbraco-protect-media-ite
 This is the result of me modifying things and trying to get it working in Umbraco 9 cloud.
 
 One major difference: I decided to redirect all ~/media folder requests to /secure, and handle it there.
-This is because I had trouble hijacking /media in umbraco cloud, probably due to my own ignorance.
+This is because I had trouble hijacking /media in umbraco cloud, probably due to my own ignorance.
+
+You'll need to disable CDN cache entirely in Umbraco Cloud for this to work, otherwise I think media requests are handled by Cloudflare.
diff --git a/SecureMediaController.cs b/SecureMediaController.cs
@@ -18,13 +18,13 @@ public SecureMediaController(IMediaService mediaService, IMemberService memberSe
             _memberService = memberService;
             _mediaFileManager = mediaFileManager;
         }
-
+        
         public ActionResult Index(string id, string file)
         {
             // reconstruct the media path and retrieve it
             string mediaPath = $"/media/{id}/{file}";
             var media = _mediaService.GetMediaByPath(mediaPath);
-
+            
             if (media == null) 
                 return NotFound();
 

diff --git a/SecureMediaController.cs b/SecureMediaController.cs
@@ -46,6 +46,8 @@ public ActionResult Index(string id, string file)
                 var mimeType = MimeTypes.GetMimeType(file);
                 return new FileStreamResult(fileStreamReader, mimeType);
             }
+
+            return NotFound();
         }
     }
 }
diff --git a/SecureMediaController.cs b/SecureMediaController.cs
@@ -12,11 +12,11 @@ public class SecureMediaController : Controller
         private readonly IMemberService _memberService;
         private readonly MediaFileManager _mediaFileManager;
 
-        public SecureMediaController(IMediaService mediaService, IMemberService memberService, MediaFileManager _mediaFileManager)
+        public SecureMediaController(IMediaService mediaService, IMemberService memberService, MediaFileManager mediaFileManager)
         {
             _mediaService = mediaService;
             _memberService = memberService;
-            _mediaFileManager = _mediaFileManager;
+            _mediaFileManager = mediaFileManager;
         }
 
         public ActionResult Index(string id, string file)

diff --git a/SecureMediaController.cs b/SecureMediaController.cs
@@ -6,9 +6,6 @@
 
 namespace UmbracoProject.Controllers
 {
-    /// <summary>
-    /// Handles all request to media items in order to check is they need auth or not
-    /// </summary>
     public class SecureMediaController : Controller
     {
         private readonly IMediaService _mediaService;
@@ -22,13 +19,7 @@ public SecureMediaController(IMediaService mediaService, IMemberService memberSe
             _mediaFileManager = _mediaFileManager;
         }
 
-
-        /// <summary>
-        /// The action called when processing a media request
-        /// </summary>
-        /// <param name="id">The umbraco file id</param>
-        /// <param name="file">The umbraco filename with extension</param>
-        public async Task<ActionResult> Index(string id, string file)
+        public ActionResult Index(string id, string file)
         {
             // reconstruct the media path and retrieve it
             string mediaPath = $"/media/{id}/{file}";
@@ -38,7 +29,7 @@ public async Task<ActionResult> Index(string id, string file)
                 return NotFound();
 
 
-            // N.B. THE FOLLOWING BIT IS UNTESTED AS I AM DOING SOMETHING ELSE HERE 
+            // THE FOLLOWING BIT IS UNTESTED AS I AM DOING SOMETHING ELSE HERE 
             if (media.IsProtectedMedia())
             {
                 // check if the user has right roles

diff --git a/appsettings.json b/appsettings.json
@@ -0,0 +1,11 @@
+for Umbraco Cloud, get these values from Umbraco Cloud Project Manager -> Settings -> Connection Details -> Blob Storage Connection Details
+
+"Umbraco": {
+    "Storage": {
+      "AzureBlob": {
+        "Media": {
+          "ConnectionString": "BlobEndpoint=https://ucmediastoragewelive.blob.core.windows.net/;SharedAccessSignature=[4. Shared Access Signature, without the first question mark]",
+          "ContainerName": "[3. Container Name GUID only, no curly braces]"
+        }
+      }
+    },
diff --git a/Startup.cs b/Startup.cs
@@ -1,22 +1,23 @@
-        public void ConfigureServices(IServiceCollection services)
-        {
+public void ConfigureServices(IServiceCollection services)
+{
 #pragma warning disable IDE0022 // Use expression body for methods
-            services.AddUmbraco(_env, _config)
-                .AddBackOffice()
-                .AddWebsite()
-                .AddComposers()
-                // For Umbraco Cloud:
-                .AddAzureBlobMediaFileSystem(options =>
-                {
-                    options.ConnectionString = _config.GetValue("Umbraco:Storage:AzureBlob:Media:ConnectionString", "");
-                    options.ContainerName = _config.GetValue("Umbraco:Storage:AzureBlob:Media:ContainerName", "");
-                })
-                .Build();
+    services.AddUmbraco(_env, _config)
+        .AddBackOffice()
+        .AddWebsite()
+        .AddComposers()
+        // For Umbraco Cloud:
+        .AddAzureBlobMediaFileSystem(options =>
+        {
+            options.ConnectionString = _config.GetValue("Umbraco:Storage:AzureBlob:Media:ConnectionString", "");
+            options.ContainerName = _config.GetValue("Umbraco:Storage:AzureBlob:Media:ContainerName", "");
+        })
+        .Build();
 #pragma warning restore IDE0022 // Use expression body for methods
-        }
-// add the u.EndpointRouteBuilder.MapControllerRoute bit
+}
 
-app.UseUmbraco()
+public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
+{
+  app.UseUmbraco()
   .WithMiddleware(u =>
   {
       u.UseBackOffice();
@@ -38,4 +39,5 @@ public void ConfigureServices(IServiceCollection services)
               action = "Index"
           }
       );
-  });
+  });
+}
diff --git a/SecureMediaController.cs b/SecureMediaController.cs
@@ -1,16 +1,8 @@
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Mvc.ViewEngines;
-using Microsoft.Extensions.Logging;
 using Umbraco.Cms.Core.Services;
-using Umbraco.Cms.Core.Web;
-using Umbraco.Cms.Web.Common.Controllers;
 using MimeKit;
-using Microsoft.AspNetCore.Hosting;
-using System.IO;
 using Umbraco.Cms.Core.Models;
-using Umbraco.Cms.Core.Security;
-using Umbraco.Cms.Web.Common.Security;
-using System.Threading.Tasks;
+using Umbraco.Cms.Core.IO;
 
 namespace UmbracoProject.Controllers
 {
@@ -21,13 +13,13 @@ public class SecureMediaController : Controller
     {
         private readonly IMediaService _mediaService;
         private readonly IMemberService _memberService;
-        private readonly IHostingEnvironment _hostingEnvironment;
+        private readonly MediaFileManager _mediaFileManager;
 
-        public SecureMediaController(IMediaService mediaService, IMemberService memberService, IHostingEnvironment hostingEnvironment)
+        public SecureMediaController(IMediaService mediaService, IMemberService memberService, MediaFileManager _mediaFileManager)
         {
             _mediaService = mediaService;
             _memberService = memberService;
-            _hostingEnvironment = hostingEnvironment;
+            _mediaFileManager = _mediaFileManager;
         }
 
 
@@ -58,10 +50,11 @@ public async Task<ActionResult> Index(string id, string file)
             }
             // UNTESTED BIT ENDS 
 
-            var mediaLocation = Path.Combine(_hostingEnvironment.WebRootPath, mediaPath);
-            var fileStreamReader = new StreamReader(mediaLocation);
-            return new FileStreamResult(fileStreamReader.BaseStream, MimeKit.MimeTypes.GetMimeType(file));
-
+            if (_mediaFileManager.FileSystem.FileExists(mediaPath)) {
+                var fileStreamReader = _mediaFileManager.FileSystem.OpenFile(mediaPath);
+                var mimeType = MimeTypes.GetMimeType(file);
+                return new FileStreamResult(fileStreamReader, mimeType);
+            }
         }
     }
 }
diff --git a/Startup.cs b/Startup.cs
@@ -1,16 +1,35 @@
+        public void ConfigureServices(IServiceCollection services)
+        {
+#pragma warning disable IDE0022 // Use expression body for methods
+            services.AddUmbraco(_env, _config)
+                .AddBackOffice()
+                .AddWebsite()
+                .AddComposers()
+                // For Umbraco Cloud:
+                .AddAzureBlobMediaFileSystem(options =>
+                {
+                    options.ConnectionString = _config.GetValue("Umbraco:Storage:AzureBlob:Media:ConnectionString", "");
+                    options.ContainerName = _config.GetValue("Umbraco:Storage:AzureBlob:Media:ContainerName", "");
+                })
+                .Build();
+#pragma warning restore IDE0022 // Use expression body for methods
+        }
 // add the u.EndpointRouteBuilder.MapControllerRoute bit
 
 app.UseUmbraco()
   .WithMiddleware(u =>
   {
       u.UseBackOffice();
       u.UseWebsite();
+      // For Umbraco Cloud:
+      u.UseAzureBlobMediaFileSystem();
   })
   .WithEndpoints(u =>
   {
       u.UseInstallerEndpoints();
       u.UseBackOfficeEndpoints();
       u.UseWebsiteEndpoints();
+      // For all sites:
       u.EndpointRouteBuilder.MapControllerRoute(
           "SecureMediaRoute",
           "secure/{id?}/{file?}",

diff --git a/SecureMediaController.cs b/SecureMediaController.cs
@@ -58,7 +58,7 @@ public async Task<ActionResult> Index(string id, string file)
             }
             // UNTESTED BIT ENDS 
 
-            var mediaLocation = Path.Combine(_hostingEnvironment.WebRootPath + mediaPath);
+            var mediaLocation = Path.Combine(_hostingEnvironment.WebRootPath, mediaPath);
             var fileStreamReader = new StreamReader(mediaLocation);
             return new FileStreamResult(fileStreamReader.BaseStream, MimeKit.MimeTypes.GetMimeType(file));
 

diff --git a/web.Production.config b/web.Production.config
@@ -5,7 +5,7 @@
 			<rewrite xdt:Transform="InsertIfMissing">
 				<rules>
 					<rule xdt:Locator="Match(name)" xdt:Transform="InsertIfMissing" name="lock media folder" stopProcessing="true">
-						<match url="~/media/(.*)" />
+						<match url="^media/(.*)" />
 						<action type="Redirect" url="/secure/{R:1}" appendQueryString="true" redirectType="Temporary" />
 					</rule>
 				</rules>

diff --git a/SecureMediaController.cs b/SecureMediaController.cs
@@ -30,9 +30,6 @@ public SecureMediaController(IMediaService mediaService, IMemberService memberSe
             _hostingEnvironment = hostingEnvironment;
         }
 
-        /// <summary>
-        /// The umbraco media service
-        /// </summary>
 
         /// <summary>
         /// The action called when processing a media request

diff --git a/SecureMediaController.cs b/SecureMediaController.cs
@@ -0,0 +1,70 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.ViewEngines;
+using Microsoft.Extensions.Logging;
+using Umbraco.Cms.Core.Services;
+using Umbraco.Cms.Core.Web;
+using Umbraco.Cms.Web.Common.Controllers;
+using MimeKit;
+using Microsoft.AspNetCore.Hosting;
+using System.IO;
+using Umbraco.Cms.Core.Models;
+using Umbraco.Cms.Core.Security;
+using Umbraco.Cms.Web.Common.Security;
+using System.Threading.Tasks;
+
+namespace UmbracoProject.Controllers
+{
+    /// <summary>
+    /// Handles all request to media items in order to check is they need auth or not
+    /// </summary>
+    public class SecureMediaController : Controller
+    {
+        private readonly IMediaService _mediaService;
+        private readonly IMemberService _memberService;
+        private readonly IHostingEnvironment _hostingEnvironment;
+
+        public SecureMediaController(IMediaService mediaService, IMemberService memberService, IHostingEnvironment hostingEnvironment)
+        {
+            _mediaService = mediaService;
+            _memberService = memberService;
+            _hostingEnvironment = hostingEnvironment;
+        }
+
+        /// <summary>
+        /// The umbraco media service
+        /// </summary>
+
+        /// <summary>
+        /// The action called when processing a media request
+        /// </summary>
+        /// <param name="id">The umbraco file id</param>
+        /// <param name="file">The umbraco filename with extension</param>
+        public async Task<ActionResult> Index(string id, string file)
+        {
+            // reconstruct the media path and retrieve it
+            string mediaPath = $"/media/{id}/{file}";
+            var media = _mediaService.GetMediaByPath(mediaPath);
+
+            if (media == null) 
+                return NotFound();
+
+
+            // N.B. THE FOLLOWING BIT IS UNTESTED AS I AM DOING SOMETHING ELSE HERE 
+            if (media.IsProtectedMedia())
+            {
+                // check if the user has right roles
+                if (!this.HttpContext.User.IsInRole("YourRole"))
+                {
+                    // otherwise redirect
+                    return Redirect(Defaults.LoginRoute); 
+                }
+            }
+            // UNTESTED BIT ENDS 
+
+            var mediaLocation = Path.Combine(_hostingEnvironment.WebRootPath + mediaPath);
+            var fileStreamReader = new StreamReader(mediaLocation);
+            return new FileStreamResult(fileStreamReader.BaseStream, MimeKit.MimeTypes.GetMimeType(file));
+
+        }
+    }
+}
diff --git a/Startup.cs b/Startup.cs
@@ -0,0 +1,22 @@
+// add the u.EndpointRouteBuilder.MapControllerRoute bit
+
+app.UseUmbraco()
+  .WithMiddleware(u =>
+  {
+      u.UseBackOffice();
+      u.UseWebsite();
+  })
+  .WithEndpoints(u =>
+  {
+      u.UseInstallerEndpoints();
+      u.UseBackOfficeEndpoints();
+      u.UseWebsiteEndpoints();
+      u.EndpointRouteBuilder.MapControllerRoute(
+          "SecureMediaRoute",
+          "secure/{id?}/{file?}",
+          new { 
+              controller = "SecureMedia",
+              action = "Index"
+          }
+      );
+  });
diff --git a/credit.txt b/credit.txt
@@ -0,0 +1,5 @@
+Original code here: https://giacomodeliberali.com/blog/umbraco-protect-media-items
+This is the result of me modifying things and trying to get it working in Umbraco 9 cloud.
+
+One major difference: I decided to redirect all ~/media folder requests to /secure, and handle it there.
+This is because I had trouble hijacking /media in umbraco cloud, probably due to my own ignorance.
diff --git a/web.Production.config b/web.Production.config
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
+	<location>
+		<system.webServer>
+			<rewrite xdt:Transform="InsertIfMissing">
+				<rules>
+					<rule xdt:Locator="Match(name)" xdt:Transform="InsertIfMissing" name="lock media folder" stopProcessing="true">
+						<match url="~/media/(.*)" />
+						<action type="Redirect" url="/secure/{R:1}" appendQueryString="true" redirectType="Temporary" />
+					</rule>
+				</rules>
+			</rewrite>
+		</system.webServer>
+	</location>
+</configuration>
No results found