DEVHIDE
Login Or Sign up

Syncfusion FileManager secure download

292 Views Asked by At

I am creating a webassembly app using the Syncfusion FileManager component. I have secured the API for uploading using the FileManager using the [Authorize] attribute in the controller and setting the Authorization header of the httpclient being used by the FileManager component to the Authorization header of the httpClient I am using throughout the app.

The download function of the FileManager does not allow for this (according to Syncfusion support).

Finally, my question: How can I secure the download api endpoint? Do I really need to secure it? Wouldn't someone have to know that I am using the FileManager component, how to construct an object to send to the download api endpoint AND know what the filename and directory structure is?

webassembly syncfusion authorize-attribute
Original Q&A
2

There are 2 best solutions below

0
Jim On BEST ANSWER

I ended up requiring the user to enter their username and password before downloading. I pass the loginModel to the controller and use signInManager to verify the password (this is no more insecure than handling a login). If the account is good, the content is returned; if not, an "unauthorized" message is displayed.

0
Indhumathy On

As per current implementation of File Manager component, the HttpClient instance is only sent in Read and Upload operation since we have handled only those file operations using Http request. You can use the OnSend event to set HttpClientInstance for both Read and Upload operation.

The Download operation of File Manager is handled by using form submit. We doesn’t handle it by using Http request, so it is not possible to pass the HttpClientInstance here. However, you can send custom values from client to server for Download operation. You can prevent our default download operation by setting args.Cancel as true in BeforeDownload event. Then you can trigger the customized download operation using an interop call where you can pass custom values to server side.

Check the below forum to pass custom value in Download operation

https://www.syncfusion.com/forums/169552/how-to-use-httpclient-for-file-manager

Related Questions in WEBASSEMBLY

Related Questions in SYNCFUSION

Related Questions in AUTHORIZE-ATTRIBUTE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.