Protect files with asp.net forms authentication

Question

I'm using Asp.net running on a shared hosting environment. I'm using forms authentication to authenticate users. Now I need to add support for the users to create pdfs and images and save them on the server. The problem is that I need to protect the pdf/image created so only the user that created the file can use it, so it is protected from other users and also from users not logged in on the website.

I've read for example http://aspadvice.com/blogs/rjdudley/archive/2005/10/03/12984.aspx but that only protect the file from users not logged in, all logged in users can still use the file even if they didn't created it.

What is the best way to solve this issue? Thanks!

Answer 1

I don't believe that this can be done with forms authentication. Once a user has authenticated with forms then they are authenticated. What your talking about is authorization not authentication. Can you build a front end to allow people to view the images/pdf's that they are allowed to while preventing others from seeing it? Maybe make an ashx handler to serve the PDF/image from a directory that is not browsable from the internet?