0

I have a Controller that lets a user that logged in can download a file that has been purchased.

In My Controller I have an action like bellow

     //My custom attribute that authorizes user
    [FrontPanelAuthorize(Roles="user")]

    public ActionResult GetFile(int fileId,string password)
    {
        try
        {
            //hashes password
            Hasher hash = new Hasher();
            var hashPass = hash.MD5HashForPassword(password, "");

            //getting current logged in user
            var Us = _useRepository.GetByFirst(n => n.Username == User.Identity.Name);

            //getting current file to download
            var file = _useRepository.Db.Theme.FirstOrDefault(n => n.ThemeId== fileId).ThemeFile;
            if (Us.Password == hashPass)
            {
                if (IsAuthorizedToDownload(fileId))
                {
                    //preparing file to download and getting the directory of the file
                    FileDownloader fileToDl = new FileDownloader();
                    var fileDirecory = fileToDl.PrepareFileToDownload(Us, file);

                    //returning file
                    return new FilePathResult(fileDirecory,"application.zip")
                    {
                        FileDownloadName = file.FileName
                    };
                }
                return new Http403Result();
            }
            return new Http403Result();
        }
        catch
        {
            return HttpNotFound();
        }
    }

I can get file in firefox well,but when I want to get file via Internet Download Manager I get 403 Forbidden Error,

I also checked with breakpoints,It sends me to HandleUnauthorizedRequest() Method of my authorize attribute,

I want to know if there is a way that lets a user can log in via internet download manager or force an unauthenticated user to log in in Internet Download Manager.

I Appreciate Your Help,

Update* Http403Result called from HandleUnauthorizedRequest() in FronPanelAuthorizeAttribute class 

public class FrontPanelAuthorizeAttribute:AuthorizeAttribute
    {
        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            filterContext.Result = new Http403Result();
        }
    }
Ali Vahidinasab
  • 109
  • 13
  • How `IsAuthorizedToDownload` method works with file id (please show related code to explain it)? Since it returns 403 error I assume that `return new Http403Result()` has executed after checking `hashPass` value, due to `IsAuthorizedToDownload` returns `false`. AFAIK, IDM uses HTTP port 80 to download files, probably requiring `AllowAnonymousAttribute` to handle unauthenticated users. – Tetsuya Yamamoto Dec 05 '16 at 05:03
  • when I put breakoint,It leads me to FrontPanelAuthorize attribute and action method is not even called. IsAuthorizedToDownload returns true when I check manually with firefox,It just checks if user has purchased the file. – Ali Vahidinasab Dec 05 '16 at 05:13
  • Could you provide logic flow inside `FrontPanelAuthorizeAttribute` class? Have you using ASP .NET Identity to give user role authorization inside the attribute? From your explanation seems that `Http403Result` method called from custom attribute usage, not inside action method. – Tetsuya Yamamoto Dec 05 '16 at 05:50
  • I Updated My Question. – Ali Vahidinasab Dec 05 '16 at 07:22

0 Answers0