public async Task <IActionResult> GetSpecificItem([FromRoute] string guildid, [FromRoute] string caseid, [FromRoute] string filename) { logger.LogInformation($"{HttpContext.Request.Method} {HttpContext.Request.Path} | Incoming request."); Identity currentIdentity = await identityManager.GetIdentity(HttpContext); User currentUser = await currentIdentity.GetCurrentDiscordUser(); if (currentUser == null) { logger.LogInformation($"{HttpContext.Request.Method} {HttpContext.Request.Path} | 401 Unauthorized."); return(Unauthorized()); } ModCase modCase = await database.SelectSpecificModCase(guildid, caseid); if (!await currentIdentity.HasModRoleOrHigherOnGuild(guildid, this.database) && !config.Value.SiteAdminDiscordUserIds.Contains(currentUser.Id)) { if (modCase == null) { logger.LogInformation($"{HttpContext.Request.Method} {HttpContext.Request.Path} | 401 Unauthorized."); return(Unauthorized()); } else { if (modCase.UserId != currentUser.Id) { logger.LogInformation($"{HttpContext.Request.Method} {HttpContext.Request.Path} | 401 Unauthorized."); return(Unauthorized()); } } } // ======================================================== var filePath = Path.Combine(config.Value.AbsolutePathToFileUpload, guildid, caseid, filename); byte[] fileData = filesHandler.ReadFile(filePath); if (fileData == null) { logger.LogInformation($"{HttpContext.Request.Method} {HttpContext.Request.Path} | 404 Not Found."); return(NotFound()); } string contentType = filesHandler.GetContentType(filePath); var cd = new System.Net.Mime.ContentDisposition { FileName = filename, Inline = true, }; HttpContext.Response.Headers.Add("Content-Disposition", cd.ToString()); HttpContext.Response.Headers.Add("Content-Type", contentType); return(File(fileData, contentType)); }