access denied accessing "getattachment" ur in .net core

lawrence whittemore asked on January 31, 2023 21:33

Because the front end of the kentico 13 sites do not offer windows authentication as a default option, we've made a work around. Kentico sends the user to account/accessdenied if the user doesn't have access to a page. So we've created a work around that checks if the user is an AD user and if so we log them in as a kentico user and reload the page.

This has worked so far, but I have run into a new issue where if a user comes to the intranet from a link that uses the getattachment url it sends the user to the error page without going through the accessdenied.

anyone have any thoughts?

Recent Answers


Not Applicable answered on February 1, 2023 13:59

Is there an error in the event log? What error is shown to the user? Are your attachments stored on the file system or in the database? If stored on the file system, there may be a problem with the file system permissions.

See Storing files in the Kentico documentation and Troubleshooting disk permission problems.

0 votesVote for this answer Mark as a Correct answer

lawrence whittemore answered on February 1, 2023 14:09

There is no error that the user sees, it just takes them to the not authorized to view page. It sends them directly to my error controller with a 403 error code.

It wouldn't be that bad to work around if I could figure out how to get the url of the page they don't have access to, but it doesn't seem to be in the headers and the url httpcontext gets is the error/403 url even though the url in the browser is to the gettattachment url

0 votesVote for this answer Mark as a Correct answer

Arjan van Hugten answered on February 2, 2023 10:23

For me it isn't clear what the workaround is that you used for the authentication. But if you did it with middleware you could try adding the middleware earlier in the startup registration. That way you could try authenticate the user before Kentico handles the GetAttachment url's.

0 votesVote for this answer Mark as a Correct answer

lawrence whittemore answered on February 2, 2023 15:12

We tried to make something work with middleware but failed. Even tried to have a Kentico consultant help us, but we got nowhere. All we need is something that recognizes that the user is logged in via windows authentication and then take that users name and log them in as a Kentico user instead. We were able to figure out a workaround like I said, doing this when the user hits the access denied page that Kentico sends them to.

I think I have another workaround for the file stuff. Instead of linking to the getattachment we'll just link to the url of the page. Which will log the user in first. We'll probably take another look at setting up some sort of middleware as well if you have any thoughts on the best way to accomplish that.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.