Developer forum

Well in short I need to be able to lock away files from the public (Former secure folder), and only be able to serve them based on whoever is logged in. - Think intranet.

I think I can find a solution to build, was just making sure I wasn't going to waste time doing so if there already was a way to do it. 

Hi Claus

We do not have that feature currently.

You might be able to inject your own file provider - e.g. we do this to serve static files in the root of the website (www.domain.com/*) from a sub folder inside DW filesystem (/Files/System/wwwroot):

internal sealed class VirtualWebRootFileMiddleware(RequestDelegate next)
{
    private const string VirtualWebRootPath = "/Files/System/wwwroot";
    private static readonly FileExtensionContentTypeProvider ContentTypeProvider = new();

    public async Task Invoke(HttpContext ctx)
    {
        if (IsRootFileRequest(ctx.Request.Path, out var filePath))
        {
            var path = FilePathHelper.GetAbsolutePath(TransformRootFileRequest(filePath));
            if (File.Exists(path))
            {
                if (ContentTypeProvider.TryGetContentType(path, out var contentType))
                    ctx.Response.ContentType = contentType;

                await ctx.Response.SendFileAsync(path).ConfigureAwait(true);
                return;
            }
        }

        await next(ctx).ConfigureAwait(true);
    }

    private static string TransformRootFileRequest(string path) => $"{VirtualWebRootPath}/{path.TrimStart('/')}";

    private static bool IsRootFileRequest(PathString pathString, [NotNullWhen(true)] out string? fileName)
    {
        fileName = null;

        if (pathString.Value is not string path)
            return false;

        var isAbsolute = path.StartsWith('/');

        if (!isAbsolute)
            return false;

        fileName = pathString;
        return true;
    }
}

internal static class VirtualWebRootFileMiddlewareExtensions
{
    public static IApplicationBuilder UseVirtualWebRootFileMiddleware(this IApplicationBuilder app)
    {
        return app.UseMiddleware<VirtualWebRootFileMiddleware>();
    }
}

You should be able to do something similar - and get the files from a non-public location and then check for permissions.

You can inject that with IPipeline:

public sealed class CustomPipeline : IPipeline

{

    public int Rank { get; } = 3;


    public void RegisterServices(IServiceCollection services, IMvcCoreBuilder mvcBuilder)

    {

       services.Add*(...)

 }


    public void RegisterApplicationComponents(IApplicationBuilder app)

    {

        app.Use*(...);

    }


    public void RunInitializers()

    {

       //Something to initialize

    }

}

Hi again

Alright, might be something I'll look into - and prob. create a related feature request on github, as due to things like form uploads, extranets and intranets, we have a rather high need for the ability to block access to files the public, and only allow it to whoever we grant access. - Form uploads i currently get a bit around by renameing the uploaded files to something with a long guid prepended, but it isn't really a perfect solution :)