protecting static files / wwwroot under Kestral / core

[TWhidden]

Using your example, trying to implement this to protect static files using a simple auth method such as digest.

I implemented a middleware, but for whatever reason I can't get it to prompt with the HandleChallengeAsync but the HandleAuthenticateAsync is called every time.

I wrote up a more detailed Stackoverflow post (https://stackoverflow.com/questions/58494687/aspnet-core-3-protecting-static-files-wwwroot-with-custom-auth-provider-such) but was curious if you had a better / cleaner solution to protecting the files hosted under static / wwwroot folder in Kestral / netcore3.

[flakey-bit]

Hi!

I hadn't considered the use-case of protecting static content. The docs say

The Static File Middleware doesn't provide authorization checks. Any files served by it, including those under wwwroot, are publicly accessible. To serve files based on authorization:

• Store them outside of wwwroot and any directory accessible to the Static File Middleware.

• Serve them via an action method to which authorization is applied. Return a FileResult object

If you can send a complete sample project, I'll try to take a look.

[TWhidden]

Nah, mainly just wanted to confirm that was indeed the answer. Much appreciated on your feedback.