private byte[] DownloadFileHandler(NameValueCollection boundVariables, JsonObject operationInput, string outputFormat, string requestProperties, out string responseProperties) { responseProperties = ""; ////Make sure you set the response properties (Content-Type header) properly string fileId = Guid.NewGuid().ToString("N"); string fileName = "testFile_" + fileId + ".txt"; string inputText; bool found = operationInput.TryGetString("inputText", out inputText); if (!found || string.IsNullOrEmpty(inputText)) { inputText = "default input..."; } string file = localFilePath + "\\" + fileName; System.IO.StreamWriter sw = System.IO.File.CreateText(file); sw.WriteLine(inputText); sw.Close(); long fileSize = new System.IO.FileInfo(file).Length; if (outputFormat == "json") { responseProperties = "{\"Content-Type\" : \"application/json\"}"; string requestURL = ServerUtilities.GetServerEnvironment().Properties.GetProperty("RequestContextURL") as string; string fileVirutualURL = requestURL + "/rest/directories/arcgisoutput/" + virtualFilePath + "/" + fileName; JsonObject jsonResult = new JsonObject(); jsonResult.AddString("url", fileVirutualURL); jsonResult.AddString("fileName", fileName); jsonResult.AddString("fileSizeBytes", Convert.ToString(fileSize)); return(Encoding.UTF8.GetBytes(jsonResult.ToJson())); } else if (outputFormat == "file") { responseProperties = "{\"Content-Type\" : \"application/octet-stream\",\"Content-Disposition\": \"attachment; filename=" + fileName + "\"}"; return(System.IO.File.ReadAllBytes(file)); } return(Encoding.UTF8.GetBytes("")); }
/// <summary> /// Very basic authorization filter. /// Uses hard-coded role list. /// Only checks authorization on find, identify and export, all other operations are forbidden. /// </summary> /// <param name="operationName">REST operation name</param> /// <returns>Returns true if access is allowed</returns> private bool CheckAuthorization(string operationName) { if (string.IsNullOrEmpty(operationName)) { return(true); //allow resource access } /* * By default, block access for all users. */ /* * List of roles that have access. * * Here we have defined a single list to control access for all * operations but depending on the use case we can create per operation * level lists or even read this information from an external file. */ var authorizedRoles = new HashSet <String> { "gold123", "platinum123" }; /* * List of operations we need to authorize, */ var operationsToCheckForAuthorization = new HashSet <String> { "find", "identify", "export" }; /* * Check if the user if authorized to perform the operation. * * Note: Here we are checking for all valid Map Service operations. If * you need to use this SOI for a published Image Service you need to * extend this to cover all Image Service operations. */ if (operationsToCheckForAuthorization.Contains(operationName.ToLower())) { /* * Get all roles the user belongs to. */ var userRoleSet = ServerUtilities.GetGroupInfo(ServerUtilities.GetServerEnvironment()); if (null == userRoleSet) { return(false); } //Check if user role set intersection with the authorized role set contains any elements. //In other words, if one of user's roles is authorized. return(userRoleSet.Intersect(authorizedRoles).Any()); } /* * We support only operations find, identify, export * for all other operations we do not allow access. */ return(false); }