0

I am developing a module for Orchard which will restrict the items in the Media folder by looking up the authenticated user permissions.

The first thing was editing the web.config in the Media folder like this:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <appSettings>
    <add key="webpages:Enabled" value="false" />
  </appSettings>
  <system.web>
    <httpHandlers>
      <add path="*" verb="*" type="MediaFileAccess.AuthorizedMediaHandler" />
    </httpHandlers>
  </system.web>
  <system.webServer>
    <staticContent>
      <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="7.00:00:00" />
    </staticContent>
    <handlers accessPolicy="Script,Read">
      <add name="AuthorizedFile" path="*" verb="*"
           type="MediaFileAccess.AuthorizedMediaHandler,MediaFileAccess"
           preCondition="integratedMode" />
    </handlers>
  </system.webServer>
</configuration>

The handler which is registered in the web.config:

public class AuthorizedMediaHandler : IHttpHandler, IDependency
{
    private readonly IAuthenticationService _authenticationService;

    public AuthorizedMediaHandler(IAuthenticationService authenticationService)
    {
        _authenticationService = authenticationService;
    }

    public bool IsReusable { get { return false; } }

    public void ProcessRequest(HttpContext context)
    {
        // Do something using the injected services...
    }
}

When I navigate to a Media item url system throws MissingMethodException. That's normal because system cannot find the parameterless constructor.

So, how can I inject the Orchard services into a IHttpHandler?

Levent Esen
  • 559
  • 7
  • 18

3 Answers3

1

Have you checked Glympse out? uses HttpHandlers, theres a SO question here.

there is a discussion here that got me thinking.

Get your web.configs working and it should be ok. i do not know about the IDependency bit, might not need it.

Community
  • 1
  • 1
ErMasca
  • 741
  • 1
  • 7
  • 17
1

You will definitely not able to inject. sorry,i omitted that in my answer earlier.

You can create a Orchard module that adds a filter or with a Controller that hijacks the route you specify and serves the file from somewhere actually safe.

Orchard takes over IIS. that is why you need to add the staticfilemodule in the folder's web.config, to let IIS in and that is what makes it not secure.

If you really need to go that road, perhaps a very quick service call to Orchard or talking directly to a db.

ErMasca
  • 741
  • 1
  • 7
  • 17
  • I created a Controller and set a route with "Media/{*path}" pattern, then set RouteCollection.RouteExistingFiles to true in Global.asax.cs file, finally it works :) – Levent Esen Oct 14 '15 at 06:30
1

While you won't be able to inject dependencies like this you can still access Orchard'd DI container with the magic of IShim. Check out how e.g. OrchardLog4netLogger resolves dependencies from IOrchardHostContainer.

Keep in mind though that this container is the application-wide one: to be able to resolve your standard IDependency types you'll need to first get the ShellContext from IOrchardHost, then create a WorkContextScope from its LifetimeScope as LifetimeScope.CreateWorkContextScope().

I know it seems complicated, and indeed there are a lot of hoops involved. But the bottom line is that this way you can resolve services from Orchard's (and its shells') DI containers in any class.

Piedone
  • 2,693
  • 2
  • 24
  • 43