We are going to let users upload files and we need to be able to protect their files such that only they can access them. In order to do this I am using OWIN app.UseStaticFiles() to handle static file requests. If the request goes to a specific base folder then I check the user's id and verify they have access to the requested folder.
If they don't have access I am returning an Unauthorized response. However, I noticed that in doing so it takes the user to the login page which wasn't what I expected. Obviously this isn't a matter of needing to login, but a matter of they just don't have access and should receive a response stating such.
Should I be giving a different response?
You can use a 403 Forbidden error insead