Search code examples
c#asp.net-coreasp.net-core-webapiblazor-client-side

ASP.NET Core API static files authorization


I am not sure if this has been asked again, but in the docs I saw how to enable static file authorization for MVC projects.

I am building a Blazor WASM AspNet hosted site which will act as an image gallery website where people will be able to upload images.

The requirement is to add authorization so that a user should be able to see only images he owns. This is already implemented but the issue is that the images uploaded are saved as static files on the back-end server, under wwwroot, and are by default public available.

I tried to use another approach to upload the images as byte[] directly in MSSQL but I don't think it is a good idea to store images in db.

I also tried to read the bytes from the static files on the API and return them as base64 encoded strings to the client, but this is also not a good approach for large images.

The only approach I see fit is to save images as static files on the back-end, save the links to them in database and expose the files for authorized users somehow?

Is this possible?


Solution

  • You will need to serve the files from a controller action instead of static files, then you can use the [Authorize] attribute like you ussually do. Don't save your images in the wwwroot folder.

    public IActionResult DisplayImage() => new FileStreamResult(new FileStream(pathToImage, FileMode.Open, FileAccess.Read), "image/png");