Well, yes. In that case if Joe Blow uploads an SLA (service-level agreement) in PDF format and it goes off from the browser to the REST API and then whoever (who the user?) is running the REST API at IIS writes a file from the bytes, that user is not the same user as Joe Blow himself when he tries to turnaround and click on a link which theoretically exposes that file via an anchor link tag at the web. This could be bad if you don't want to allow everyone and their dog direct access to the file share that link leads into. How do you get around that permissions challenge? Instead of giving Joe Blow a link to the file, why not have him make a REST call that returns an HttpResponseMessage (in C# since 2012) with a copy of the file that was drunk up by the user who wrote it in the first place and then streamed out? This StackOverflow article touches on it.
Addendum 10/14/2019: The better way to pull the file back down is like this.
No comments:
Post a Comment