Current possible way to Restrict Direct Access to files is placing in App_Data folder. But if i use app_data folder it will block direct browser access as well as rendering in HTML. I want to allow files in App_Data programmatically to render at Client side with some sort of Authorization i.e: Session value
Right now if upload files to other folders and render in html it will work but it will also expose direct access to files which is not required & in my scenario is a security loop hole.
What I have tried so far 1. I have achieved restricting file download via direct url. Using FileResult Method. But i am still unable to render files in client side (Jquery).