We have this website where we also have a visa application module. The visa application module requires the user to create an account. Whenever the user uploads attachments it is saved in a specific folder inside attachments. This specific folder corresponds to a uniquely generated numbers that is assigned to each user.
Now what I need is if the user is not login they should not be able to access the files inside the attachment folders.
How can I achieve that using http handler?
I have this code
if (HttpContext.Current.Session["UserRegistrationID"] != null)
{
if (HttpContext.Current.Session["UserRegistrationID"].ToString() != "")
{
DownloadFile(context);
}
else
{
context.Response.Write("You don't have the rights to access this file.");
context.Response.Flush();
}
}
else
{
context.Response.Write("You don't have the rights to access this file.");
context.Response.Flush();
}
protected void DownloadFile(HttpContext context)
{
context.Response.ContentType = "image/jpg";
context.Response.WriteFile(context.Request.PhysicalPath);
context.Response.Flush();
}
But the problem is I'm having a problem configuring it in web config.
Does anybody knows how to do this?