Bruce is right. But, you need to decide how important protecting those
images is.
You might be able to get away with checking for a session variable that
the calling page created.
Any method you use COULD be hacked. But, they'd have to have some idea
what you were doing first.
Are the images really THAT important? Could you put a visible water mark
on them instead?
-----Original Message-----
From: bruce barker [mailto:
[email protected]]
Posted At: Wednesday, November 28, 2007 11:59 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Protect an Image File in ASP.NET Web Project?
Subject: Re: Protect an Image File in ASP.NET Web Project?
this adds little protection, as image properties will give the url.
checking the urlreferrer will prevent legitimate users, as many
browser/proxies strip this for security.
you best bet is using a 1 time token on the url.
myimage.aspx?id=<access token>
the accesstoken is a key to the actual image to return. the key should
only be good for 1 use (or limited time use).
again this will only stop casual use, a good hacker could beat this.
-- bruce (sqlwork.com)
Dave said:
private void Page_Load(object sender, System.EventArgs e)
{
Response.ClearContent();
Response.ClearHeaders();
Response.ContentType = image mime type here;
Response.WriteFile(filename);
Response.End();
}
-----Original Message-----
From: Mike [mailto:
[email protected]]
Posted At: Wednesday, November 28, 2007 10:35 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Protect an Image File in ASP.NET Web Project?
Subject: Re: Protect an Image File in ASP.NET Web Project?
Dave - You mention serving them up on an aspx page. What exactly does
that
mean or how would I do that? I understand how to check the
request.urlreferrer, I'm just unfamiliar w/serving an image on an aspx
page.
Thanks.
Dave Bush said:
Place the files in a different directory and serve them up with an aspx
page. Have the aspx page
Check the Request.UrlReferrer prior to serving them up.
You could also use a 404 error handler so that they look like they are
still gifs, but because you are calling them from a directory different
then they are really in, the 404 handler will kick in and serve up the
file for you.
Dave Bush
http://blog.dmbcllc.com
-----Original Message-----
From: Mike [mailto:
[email protected]]
Posted At: Wednesday, November 28, 2007 9:44 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Protect an Image File in ASP.NET Web Project?
Subject: Protect an Image File in ASP.NET Web Project?
Hi. I have an ASP.NET 2.0 web application which contains an Images
directory
with all website images. How can I prevent other websites from
creating
img
tags with the source as my images? I want to prevent other websites
from
serving my image.
For example - How can I prevent another website from doing this?
<img src="
http://mywebsitename/images/image1.jpg"
Is this possible? Thanks
