Basically there is no security associated with the RadUpload. It uses a simple server handler for processing the files. The POST requests are submitted directly to the handler, without any validation on the client or on the server.
If you need to pass the user_id, or any other info that is available in the browser you can pass it as a parameters on every upload request and to validate it on the server.
Please let us know if this works for you - we can create a simple example to show you how to pass additional parameters to the upload handler.
the Telerik team
Check out Telerik Trainer
, the state of the art learning tool for Telerik products.