We have an umbraco MVC website with which we are trying to use ImageResizer. In order to keep uploaded files out of a publicly accessible area, images are stored outside of the webroot and we use a controller to deliver them to browswer (e.g. an image url on a page would be something like <img src="/umbraco/surface/AttachmentSurface/ShowImage/999?" alt="Here there be an image, yarrr!">)
The ShowImage action is something like:
public ActionResult ShowImage(int id)
{
using (DBContext db = new DBContext())
{
Attachment a = db.Attachments.FirstOrDefault(x.ID == id);
if (a != null)
{
byte[] file = System.IO.File.ReadAllBytes(System.IO.Path.Combine(System.Configuration.ConfigurationManager.AppSettings["UploadPath"], a.Path, a.FileName));
return this.File(file, a.MimeType);
}
}
}
If we use the URL API on a publicly accessible image (e.g. <img src="/images/kitty.jpg?width=33&height=33&mode=crop" alt="Here there be kitties, yarrr!">), then everything works as expected.
However, we've tried using the URL API to resize our images delivered by the controller to no avail (e.g. <img src="/umbraco/surface/AttachmentSurface/ShowImage/999?width=33&height=33&mode=crop" alt="Here there be an image, yarrr!">).
Is the only way around this to use the Managed API and resize the image before delivering? I seem to remember the documentation saying something to the effect that it's a bad idea to use it from within an MVC Action...
Thanks for any help.
ImageResizer doesn't operate as middleware, unfortunately, as middleware can't access the right resources in order to do a good job. It controls the request from beginning to end, and tries to integrate smoothly with existing authentication, URL rewrite, and CMS modules. That's why it doesn't work on an MVC action. It wouldn't be able to cache to disk, and it would have a severe performance overhead from double-buffering.
If you're just trying to block access to original files, you could do that in a variety of ways without moving the files outside of the root (UrlAuthorization, AuthorizeRequest event, disabling handlers for that folder, etc).
If you want to control where the images come from, you should implement an IVirtualImageProvider class. ImageResizer does include an IVirtualImageProvider plugin (named VirtualFolder) that can provide access to external/off root files. If your needs are basic, give that a try, and drop the MVC action.
Related
I have a solution based on the Visual Studio template that is successfully using IdentityServer4.
What think I understand is:
The IS4 integration implements endpoints at /authentication/{action}, e.g. authentication/login
IS4 routes that request to host/Identity/Account/Login.cshtml. I have scaffolded identity so I can see that .cshtml file in my project.
The code-behind Login.cshtml.cs takes care of speaking with SignInManager, etc.
In the client project the "LoginDisplay.razor" component redirects to /authentication/login when I click the login button. I presume that this is where step 1 above is invoked, which redirects to the location in step 2.
Fine. Now, I want to customise the whole login UI.
From instructions at: https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/additional-scenarios?view=aspnetcore-5.0 I can see that:
I can configure authentication paths to be anything I want. For example:
builder.Services.AddApiAuthorization(options => {
options.AuthenticationPaths.LogInPath = "security/login";
})
So, I have created a razor component to handle security/login:
#page "/security/{action}"
#using Microsoft.AspNetCore.Components.WebAssembly.Authentication
<RemoteAuthenticatorView Action="#Action">
<LoggingIn>
This is the new login page
</LoggingIn>
</RemoteAuthenticatorView>
#code{
[Parameter] public string Action { get; set; }
}
My expectation was that after clicking "Login", I would be routed to the above and presented with a page that just said:
"This is the new login page"
and thought that from there, I would:
Customise the UI within the <LoggingIn> fragment.
Make a call to an API that would then replicate the logic in the scaffolded login.cshtml file that actually logs the user in.
That line of code from the login.cshtml.cs file looks like this:
var result = await _signInManager.PasswordSignInAsync(
Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: false);
However, it seems that the razor component I created for /security/login is simply a 'transient' message that appears before being routed to the scaffolded login.csthml file.
So, to me, it seems that I am unable to actually change the physical page used to collect the user's credentials. I am only able to change the transient screen that appears before the originally scaffolded login page is shown.
Does this mean that if I want a customised UI for logging in I need to directly edit the scaffolded page as opposed to creating a whole new UI in the WebAssembly project that calls an APIController that I create to take care of using SignInManager?
It would actually be a lot less work to do that than to take the approach of creating a Client-side UI that calls an API that I create, etc. so, with hindsight, editing the scaffolded cshtml file is probably the best way to go. But am still confused as to what value is really being brought by being able to configure options.AuthenticationPaths.LogInPath.
Cornerstone's carousel didn't work for my client's design, and so I built a custom hero component that I've included on several custom page templates. To allow the client to manually update images, I've set the hero images to use the {{cdn}} handlebars helper to pull images down from WebDAV.
E.g. background-image: url('{{cdn "webdav:img/home-hero.jpg"}}');
The issue we're running into now, is that, because the CDN caches asset files for the site on the server, when my client updates home-hero.jpg through WebDAV, the server has no way of knowing, and so it continues to serve the old version of home-hero.jpg.
Is there a way for my client to force re-caching of assets, or to bypass it altogether? I've attempted to use the imbypass parameter (webdav:img/home-hero.jpg?imgbypass=on), but this apparently just serves the unoptimized, but already cached, image.
One solution would be to append a random query string to the image src URL to prevent caching. If you're developing on a Stencil theme, the easiest way to accomplish this would be to use the {{moment}} helper to generate a date string so you can be sure you're getting a unique value each time.
<img src="/content/home-hero.jpg?{{moment}}"/>
will render as:
<img src="/content/home-hero.jpg?2018-08-23T00:00:00-05:00">
More info on using query strings to prevent caching: https://css-tricks.com/strategies-for-cache-busting-css/
I have an ASP.NET Web API web service which I want to use for file uploading. The way I do this is that the client posts a JSON object to the service at http://myserver.com/api/images/upload .
The object would contain a base64 string representation of the image, plus some metadata, e.g:
{ companyId: 12345, image: "someBase64encodedStringRepresentingTheImage" }
I would like to use TinyMCE on the client side, but I can't figure out how to customize it such that images are uploaded to the server in that format. (Actually, it doesn't seem like TinyMCE comes with an image uploader at all)
TinyMCE 4.2+ actually has its own built in process for handling the upload of images that you place in the editor:
https://www.tinymce.com/docs/advanced/handle-async-image-uploads/
The basic process is that TinyMCE will create a separate HTTP POST for each image that you insert into the editor. It will send that image to a URL of your choosing (via HTTP POST) based on the setting of the images_upload_url option in your init.
The image handler at the URL referenced in the images_upload_url (which you have to create) has to do whatever needs to be done to "store" the image in your application. That could mean something like:
Store the item in a folder on your web server
Store the item in a database
Store the item in an asset management system
...regardless of where you choose to store the image your image handler needs to return a single line of JSON telling TinyMCE the new location of the image. As referenced in the TinyMCE documentation this might look like:
{ location : '/uploaded/image/path/image.png' }
TinyMCE will then update the image's src attribute to the value you return. If you use the images_upload_base_path setting in the init that will be prepended to the returned location.
The net here is that TinyMCE knows when an embedded image exists in your content but it can't possibly know what to do with that image in the context of your application so that job (the "image handler") is something you must create.
There is an option for you to write your own image handler if the default one is not sufficient:
https://www.tinymce.com/docs/configure/file-image-upload/#images_upload_handler
I would recommend trying to use the uploader that comes with TinyMCE so you don't have to write and maintain your own code going forward (always easier) but if the built in code is not appropriate you can indeed replace it with your own function.
I'm using an existing upload script that require user authentication. However since I did not write the upload script, it's nearly impossible for me to read the source code and make it into separate view and controller file. The problem is if the script does not get routed by the bootstrap file, it has no access to the Yii variable and thus user log in information.
I tried to set a custom session variable when the user login. However it work barely because my custom session would expire before the session set by Yii.
Any help would be appreciated.
Because of the way the script is written I've only been able to find one way of doing this. It will involve re-writing some elements of the script.
Save the filemanager in protected/vendors.
You need a controller to handle the routing of the request. This will also give you the access control that you need. Call it FileUpload and create it where you normally create controllers in your project. Right at the start of the controller, before the class is declared, import the fileUpload files from it's previously saved location; Yii::import('application.vendors.*');
You need an action to handle the incoming request. Call this actionIndex. Give it the following code.
public function actionIndex() {
//Start capturing the output from the script
ob_start();
require_once('filemanager/dialog.php');
//Finish capturing output, and save to a variable
$output = ob_end_clean();
$this->render('index', array('output' => $output));
}
Then you need a view file. Call it 'output.php' and it just contains one line; <?php echo $output; ?>
This will render the html generated by the script, and hopefully contain it within your existing template.
Your first problem is that the script sends headers which aren't discarded by ob_start. You will need to delete these from the script. It also starts a session, which will throw an error 'Session already started', which can be cured by changing the first line of config.php to
if(!isset($_SESSION))
{
session_start();
}
Your next problem will be that none of the scripts and stylesheets are loaded, because the vendor hasn't used relative filepaths, and also because you've just deleted the headers. You will need to re-write lots of the script to include the necessary files. Fortunately, you now have access to Yii functions, so can use the asset manager to publish all the js and css files needed by the script.
Your final (hopefully!) problem will be the urls used by the script page. Currently they are all pointing to files within the script. You will need to rewrite these to use Yii routing. Fortunately, inside the main file dialog.php you should have access to all the normal Yii functions, so you can set $baseUrl as $this->createUrl() etc. If you need to add extra actions to the controller you can follow the pattern above to call other files, like the upload.php file in the script.
Hope that all works for you!
You are using a Framework with mvc pattern so controllers are preferred way to route requests .As per your problem i would suggest you to use htaccess file to do the routing to the required file and handle other files by Yii
copy code from existing source to new Yii Controler/Action ... done :D
I would like to utilize some of the social collaboration features in Sharepoint 2010, such as the Noteboard webpart and tagging, but do not want to use the My Site profile pages.
I have already built a custom control that redirects from the userdisp.aspx page to a custom user profile page. I would like to continue to use that custom profile page. However, it seems like user profile links that are generated by the Noteboard webpart, for example, go directly to the /Sites/MySites/person.aspx page without being routed through the /_layouts/userdisp.aspx page. So my profile redirect control doesn't catch it.
In Sharepoint Central Admin, under Manage Service Applications > User Profile Service Application > Manage User Permissions, I have only checked the box for "Use Social Features", not "Create Personal Site," so I am not sure why the profile page is not linking to the old userdisp.aspx page.
Is it possible to redirect these links back to the userdisp.aspx page?
It appears to be hardcoded into the webpart.
I looked at Microsoft.SharePoint.Portal.WebControls.SocialCommentControl and the link comes from UserProfile.PublicUrl, which is defined as:
public override Uri PublicUrl
{
get
{
string userProfileUrl = UserProfileGlobal.GetUserProfileURL(
this.m_objManager.UserProfileApplicationProxy,
this.m_objManager.PartitionID,
"?accountname=",
this.m_UserProfileFields["AccountName"].ToString());
if (!string.IsNullOrEmpty(userProfileUrl))
return new Uri(userProfileUrl);
else
return (Uri) null;
}
}
which eventually calls:
internal static string GetUserProfileURL(string profileWebUrl, string strIdentifier, string strValue)
{
if (string.IsNullOrEmpty(profileWebUrl))
return (string) null;
else
return PersonalSpaceGlobal.EnsureTrailingSlash(profileWebUrl)
+ "Person.aspx"
+ strIdentifier
+ (strIdentifier.Equals("?accountname=", StringComparison.OrdinalIgnoreCase)
? SPHttpUtility.UrlKeyValueEncode(strValue).Replace(":", "%3A")
: SPHttpUtility.UrlKeyValueEncode(strValue));
}
I can think of two workarounds:
Add jQuery to your page to change the URL (selector = span.socialcomment-username > a)
Create your own webpart containing a custom control that inherits from SocialCommentControl, which overrides RenderComment.
Overriding RenderComment is probably going to be messy. You will need to copy the decompiled code for the method just to change the following into your own code:
SocialCommentControl._GetProperty(
comment,
SocialCommentControl.SocialCommentProperty.PublicPage)
Hopefully, there are no internal method calls within RenderComment's 67 lines of code. Otherwise, it is going to be a lot more difficult to implement. It would be a lot easier if you could simply override _GetProperty, but unfortunately, it is a static method.
All of that to say, I would probably recommend the jQuery option over extending SocialCommentControl.