Documentation (Sitecore 5.3)

Sitecore MediaHandler module allows the developers to prevent unauthorized Extranet Users from downloading certain files from the web server. The module is implemented as .NET HttpHandler.

1. Installation Guide

The MediaHandler module is distributed as a standard Sitecore package. Thus to start using it, you should install the package. Please refer to the Installation Wizard article if you are not familiar with the standard Package Designer tool.

The package installs the sitecore.mediahandler.dll assembly to the “/bin” folder of your site.

The /downloads folder contains the example.download file.

Add the following lines to web.config file:

Add httpHandler to httpHandlers section

    <httpHandlers>
        <add verb="*" path="*.download" type="Sitecore.MediaHandler, Sitecore.MediaHandler" />
     </httpHandlers>
If you create your own page to handle NoMediaPermissionUrl request (it should be physical file), you should add the following setting to the settings section:
<setting name="NoMediaPermissionUrl" value="url-to-the-page" />

For this setting to work, it is also necessary to map the *.download extension to aspnet_isapi.dll in IIS. Please follow the steps below to do this:

Start IIS Manager;
Right-click a Web Site, select “Properties” from the context menu;
Switch to the “Home Directory” tab;
Click the ‘Configuration’ button in the ‘Application settings’ pane;
In the ‘Application Configuration’ dialog box, switch to the ‘Mappings’ tab;
Click the ‘Add’ button;
In the ‘Add/edit application extension mapping’ dialog box, enter the path to aspnet_isapi.dll and the extension of the file to map (.download).

2. Administrator’s Manual

ASP.NET User in Windows 2000 and XP or Network Service User in Window 2003 Server must have read access rights to the downloadable files which are to be handled by the module. Since ASP.NET user is a member of the “Users” group, this is usually true by default.

For each _filename_._ext_ restricted file you should create a _filename_.download file in the /downloads folder.

The *.download file should have the following format:

The “file” attribute contains the full path to the restricted file.

The “roles” attribute contains a pipe-separated list of roles that are allowed to download the file. Asterisk character (“*”) means all roles.

Please see the example.download file.

After a *.download file is created, you can add a link to it at a web page, for example:

<a href="/SdnArchive/downloads/example.download">downloadable file</a>

When a User clicks on the link to the *.download file, MediaHandler checks whether the User is currently logged in (Extranet Security) and whether the User is a member of a Role which is allowed to download the file. If so, the handler reads the file from the disk and flushes its content to output stream (the name of the file is handled correctly by appending a "content-disposition" header to the HTTP response).

If the User is not a member of any Role allowed to download the file, one will be redirected to the error page. By default, it is the access denied Sitecore CMS page, but a custom error page can be set by adding “NoMediaPermissionUrl” setting to web.config file.