I am creating a site that has an "Uploads" directory where users can upload
image files (let's say .jpgs and .gifs). When a user uploads an image, the
system creates a directory within this "Uploads" directory to place their
image in. What I would like to do is protect the ENTIRE uploads directory so
a user cannot navigate directly to http://mysite/uploads/2/img.jpg without
logging into the site first (I'm using forms authentication). I'm trying to
protect the image files using the following in my web.config:
<httpHandlers>
<add verb="*" path="*.jpg" type="System.Web.HttpForbiddenHandler" />
<add verb="*" path="*.gif" type="System.Web.HttpForbiddenHandler" />
</httpHandlers>
but it has no effect. What can I do to accomplish this?
thnx