How can one prevent accessing content directly?

Question

Using ASP MVC 4.5, how can one apply security measures in order to prevent users from accessing content directly?

Like for example preventing the access of images or other files stored on the web server just by entering their link.

Answer 1

1. Place your image in a non-web accessible folder.
2. Create a server side script (for example, an HttpHandler) that can read the image file and return its contents in the HTTP response.
3. In that script, perform your user validation to make sure the user has access to that file.
4. In the HTML, have the src attribute of the img tag point to your script.

The user can still directly type in the URL to your script to see the image. But you can at least require that the user is logged into your site and is authorized to view the image.