I am not sure if this has been asked again, but in the docs I saw how to enable static file authorization for MVC projects.
I am building a Blazor WASM AspNet hosted site which will act as an image gallery website where people will be able to upload images.
The requirement is to add authorization so that a user should be able to see only images he owns.
This is already implemented but the issue is that the images uploaded are saved as static files on the back-end server, under wwwroot
, and are by default public available.
I tried to use another approach to upload the images as byte[]
directly in MSSQL
but I don't think it is a good idea to store images in db.
I also tried to read the bytes from the static files on the API and return them as base64
encoded strings to the client, but this is also not a good approach for large images.
The only approach I see fit is to save images as static files on the back-end, save the links to them in database and expose the files for authorized users somehow?
Is this possible?
You will need to serve the files from a controller action instead of static files, then you can use the [Authorize]
attribute like you ussually do. Don't save your images in the wwwroot folder.
public IActionResult DisplayImage() => new FileStreamResult(new FileStream(pathToImage, FileMode.Open, FileAccess.Read), "image/png");