Maybe I'm going about this wrong, but I have a .Net web application being served through IIS, and I'm trying to figure out how to get more fine-tuned permissions on images that exist on the filesystem. As of right now, if you have a link to the image, you can load it, regardless of whether or not you're logged in to the site.
My question is, what configuration settings would I be looking for to allow images to be loaded while logged in to the site, but deny permissions if the user has no sort of authentication? As an additional step, is there anything I can do to take whatever credentials the user has and use it for additional account permissions? E.g. think of the case on facebook where user A is friends with user B and not user C, user B shouldn't be able to share links to user A's pictures with user C, and none of the users should be able to load that link if they're not logged into their accounts.
Any pointers on which configurations to look at?
Aucun commentaire:
Enregistrer un commentaire