How do I configure user authorization on dynamically created resources in an ASP.NET web app using Forms authentication? -

Assume that some users log in to my web app, they become certified (something other than an unknown user As), so they can use any resource in the directory. The system.web / authorization section of Web.config is set to access anonymous users like this:

  & lt; System.web & gt; & Lt; Authority & gt; & Lt; Deny users = "?" / & Gt; & Lt; / Authorization & gt; & Lt; /system.web>   
 Actually, what I think, it only saves files accessed via ASP.NET system. If I put a JPG file there, then it is accessible to everyone without authentication / authorization. To make sure all files are safe, there is a separate section for this:  
  & lt; System.webServer & gt; & Lt; Security & gt; & Lt; Authority & gt; & Lt; Add entry type = "reject" user = "?" / & Gt; & Lt; / Authorization & gt; & Lt; / Safety & gt; & Lt; System.webServer & gt;   
 Of course, now when someone tries to use the JPG file, they are not redirected to the login page. Instead, they receive a dirty HTTP error 401.2 - unauthorized.  
 Now, suppose a user causes the reason for creating a file on the server, in terms of this detailed form authentication and authorization plan, do I ensure that only the user's web browser Can access through the URL through that file? For example, should I modify the web.config file? If so, do I have to do this manually or can it be done through code? Will the application be interrupted / restart often by modifying it?   
 
 
 You can not make it sure. You should be clear with form authentication and authorization, listing concrete users or roles. There is no chance to specify it dynamically.  
 I use generic handlers for dynamically created resources There is no need to protect the temporary files from this perspective, because there is no temporary file content is directly streamed to the user. Your security is part of your application logic, possibly inside the generic handler.