More: Deny direct access to jpg, swf... files, without authentication

[Matt]

Hello,
I raised a question a few msg back, but it wasn't complete:

I'm working on a portal where the main page is
desktopdefault.aspx and all content (jpg, css, swf files) is stored in
www.domain.com/content/flash/example.swf
or
www.domain.com/content/images/example.jpg
and injected in the desktopdefault.aspx page.
It means that in the desktopdefault.aspx page, located in the website
root, I find references to ./content/flash/example.swf (or jpg...)

How can I prevent users doing
www.domain.com/content/images/example.jpg
and getting the image (or the html file, or whatever inside the
content directory?)
It doesn't matter if the user is authenticated or not, I just want the
user to see the content through the desktopdefault.aspx page.

Is not a matter of authentication, because the whole site may be
public, but I don't want users to access directly the content stored
in /content.
I can change associations on the webserver to have asp.net deal with
all those filetypes, but how can I detect if the browser is accessing
the example.jpg through the www.domain.com/content/images/example.jpg
path or through an image tag ./content/images/example.jpg inside
desktopdefault.aspx?

Thanks!

 

[David Young]

Couple of things you could try:

1) store your images in a database. That way they have to use your page to
get at them.
2) Don't link directly to the image, but rather, link to a aspx file that
serves up the images.
<img src=imageGetter.aspx?imageid=myimage.jpg">

There's probably other ways to do it as well.