Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Server side control of resource (html or image files) access
#1
I've this scenario:
1) user connect to IW server and a new session is started. The IW server return the main page with an HTML template including login fields.

2) user complete the login form and login with async event.
In CallBack function response the JS function getInfo() is called:

Code:
function getInfo() {
        $.get("img/item.html", function( my_var ) {
          $("#appInfoContent").html(my_var);
        });       
      }

This function load a resource (maybe html file or images etc..) and put it in an element.

My question is: how can i control server side the access to the resource file?
Server side have to check if user i logged or not, and if not logged it have to deny the "img/item.html" resource.
 
Many thanks.
Reply
#2
In general, static files (like images and videos) are served without any session validation.

Having said that, there are several ways to accomplish that, but I would use a TContentHandler to deal with that.

I would register a content handler for a specific url/path (example LoginResource) and then I would request it like

$.get("/LoginResource", xxxxx);

The LoginResource content handler have full access to the session object and the request. It can just decide based on those, which file it will serve. It can also skip the "serving file" part and just redirect to a specific file in your wwwroot folder. In this case it your content handler would descend from TContentRedirect. The code is relatively short and straightforward.

Are you familiar with content handlers?
Reply
#3
Hello Alexandre,
in the past few days, before posting the item here, I've found info in docs.atozed.com and demo folder about THandlers and I thought I could find the answer here, but I'm no sure.
My implementation involves returning an html page to authenticated user whitch in turn calls up a gallery of images.
It is not clear to me if the calls made to the images via html tags (src = ...) can still be handled by the THandlers himself. If yes, I would have the control and thus solved the problem.
If, on the other hand, you need to create as many THandlers as there are resources (the gallery can contain dozens of image files) then no, also because the number of images may vary.
Could I alternatively use asynchronous calls to a page method which in turn returns a stream of the PNG file? An example would be useful to me. However, I would not like to have a performance degradation. At the moment the application is able to dynamically load the html page and all its images in the wwwroot in an optimal and very fast way and I would like to keep this performance.
Reply
#4
Hi,

virtually any request can be handled by a content handler as long as you have control over the URL used in it. In your case, you clearly do. There is absolutely no performance penalty

So it is jut a matter of creating a content handler to deal with the files.

Have a look at this demo I've just created: https://github.com/Atozed/IntraWeb/tree/...entHandler
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)