0

I have a mobile app with talks to backed api implemented in asp.net web api. User can post pictures from app, which I am saving in my content directory. Now user can also request the same url from app and its served to user directly from IIS.

What i want to make sure is only user who uploaded the picture should be able to fetch it. Any other user should receive 404.

Is there a way I can handle this using web api? I dont want to read file in controller and serve as base64 because this is not efficient way. I want to continue serve picture from content directory via IIS and apply authorization on top of it.

has anyone came across this problem?

paresh.bijvani
  • 233
  • 1
  • 4
  • 12
  • IIS doesn't have build in mechanism for it; you will need to keep track of the owner of the file in persist storage such as Database, and apply logic when the file is required. You don't have to return base64; Web API has few other ways to return file data. – Win Mar 13 '17 at 21:03
  • I have user and file mapping. Only issue is if I write action in Web API to check that mapping, I need to to return file as byte array as response content, which is not efficient. – paresh.bijvani Mar 13 '17 at 21:09
  • Well, nothing will be as efficient as IIS serving static file directly to client *except CDN*. I don't think you have any other option. – Win Mar 13 '17 at 21:49

0 Answers0