I have a folder of jpg images on an IIS server & we need to secure them so that only people with a particular permission can view them. We have implemented WIF based STS (not AD) for authentication on other parts of the site & I would like to be able to use a particular claim on a WIF authenticated user to allow them read access to these image files through IIS (IIS 7).
I could write a custom handler to do the check but I would rather not have to pass the static files through the .net pipeline. We have looked at the C2WTS option but that seems to be hard coded to use the UPN claim which our STS doesn't provide.
