search

trannamtrung1st / elFinder.Net.Core

An elFinder backend connector with less magic code and more compatibility. This enables .NET Standard 2.0 projects to easily integrate elFinder functionalities.
Apache License 2.0
12 stars 8 forks source link

Download file with authorization #2

Closed benny-adiwijaya closed 3 years ago

benny-adiwijaya commented 3 years ago

Hi,

I have a problem when download file. I'm using Blazor and web token authentication using customHeaders. The problem is that I cant download any file from Elfinder.

The browser says, "Failed - Needs authorization." I don't get any errors in the browser console nor network tab. I tested the API with Postman (and web token), and everything is fine.

I think customHeaders are not included when I try to download from elfinder, have you any idea to solve this problem? Thank you

trannamtrung1st commented 3 years ago

Hi @benny-adiwijaya, it is elFinder client that does not send the Authorization header when requesting files download. As current, you can implement the following steps to enable it:

Solution 1

Use Cookies authentication since it is automatically sent along with the request.

Solution 2

  1. In the FilesController, if the conResult.response is of type Zipdl1stResponse, then customize the conResult.response.file by adding a specific hash of the real file value, e.g: original: file_AS215.tmp --> {yourHashOfFile}___file_AS215.tmp
  2. For the second request, elFinder will send a GET and you will need to write your custom logic to verify the hash above, then replace cmd.Query with a clone and an adjustment of the targets[1] value to the original file value (without the {yourHashOfFile}___).

  3. Use IAuthenticationService and IAuthorizationService instead of AuthorizeAttribute, or use attribute with multiple schemes.

    Sorry for the inconvenience but it is the only two solutions I can think of.

benny-adiwijaya commented 3 years ago

Thank you for your answer.. I think I'm gonna get rid the AuthorizeAttribute