Security :: Securing Web Images So Only Pages Can Access Them?
Nov 9, 2010
I only want my web images to be visibleSimpliied, a digital media page pulls html content from a database using SQL security and renders that HTML. That digital media page is secured in that only a returing Paypal transaction user with a matching transaction can access it. But today that HTML content makes references to images on my site, those images can be freely directly over the web.The backend is asp.net 2.0. Would it be possible for me to secure the web folder with my images to some generic user and impersonate access from my pages so that attempts to access images directly fails?f not, any way to solve all that html content on serverside somehow and turn it into something else I can secure?
View 1 Replies
Similar Messages:
Jan 23, 2011
I am working with Staff Images and Staff Dependants Images (photos) and I have to deal with such images among Adobe LiveCycle Forms, File System JPEG Format, Storing them in SQL Server, and finally, displaying them in regual web forms (ASPX).
In order to have the most reasonable and flexible desing, I did the following to:
1. Load the image from predefined location defined in web.config.
2. Convert the images to Memory Stream,
3. Convert the images to Base64 format,
4. Convert the image to XML Node.
In web.config, I defined the following:
[Code]....
I load the Staff Photo into Memory Stream as follows:
[Code]....
And I create the Base64 XML Node as follows:
[Code]....
As a matter of fact, all above is working 100% correctly while dealing with Adobe LiveCycle Form, for Loading and Saving Imgaes from/to PDF.
The above method will allow me to finally save images to SQL Server field type varbinary(max) and also into File System as regular image files. Also, I have full security and control over the images, becuase the above method will allow me to have full control for who is authorized to get/view the images. The end-user does not have direct access to where the images are stored.
How to use the above method to display the image on a regular ASPX Web Page using Image Server Control ? I do not want to use the src='path to image file', I want to be able to push the image content/binary to the IE without providing a link to the image file, how I can do this ?
My objective is to prevent the user from having direct access to the image files from the Browser.
View 5 Replies
Dec 23, 2010
I read that with IIS 7, ASP.NET has become an intrinsic part of IIS instead of an external ISAPI DLL. They say that the main reason for this change is that it's now possible to secure files that previously have not been handled by ASP.NET.
I want to check this out, so I have created a Forms authentication web site and added the following files to it:
Default.aspxLogin.aspxHtmlPage.html
Moreover, I have set the web.config to deny anonymous users and I have enabled Forms authentication in IIS.
Here's my problem:
While the ASPX page perfectly requires me to log in, the HTML page does not. It just yields error 401.2.
So my question is:
What did I do wrong? What is necessary to have HTML files (or images) secured using Forms authentication?
View 13 Replies
Nov 11, 2010
i have an image (say abc.gif) that i would like to allow the user to "view" only if he is logged in to my system. Currently i am checking whether he is logged on to my system using session variables.
View 5 Replies
Jun 18, 2010
At first I got an error that the user did not have permission to read the config file (web.config).
So I gave NETWORK SERVICE and IIS_IUSRS read on the website folders.
But now vistors can not access images and other static content from the Content folder without logging in. Aspx and .ashx content works however static content is redirected to the login page.
View 6 Replies
Feb 8, 2010
I have read that the best way to secure images from being access would be to place them into a database rather than into a file system or virtual directory. Is this correct? I am creating a site that needs to have the images the user upload be secure as possible. I initially programmed the images to be uploaded to a database then I reprogram the site to have them store in to a file system/virtual directory. I'm still up in the air in terms of which one to use. Again, security is my primary concern.
View 4 Replies
Nov 16, 2010
I'm using user membership and roles. Below is my web.config for subfolder restriction.
[Code]....
The way I have above, no one can access this folder, mySub, except Administrators, Editors, and Members. However, here's what I want. I want to allow all and any user to the default.aspx page of this mySub folder and denied any other pages if they're not Administrators, Editors, and Members. One last thing, also denied access to addWord.aspx if they're not Administrators and Editors. I know I can list all the pages and give them various permission but I do not want to list all the pages. What's the best and easist way to accomplish this?
View 2 Replies
Dec 28, 2010
I have certain pages in my application that are designed to be accessed only by redirect from other pages, and not directly(i.e they must get a query string from other page, otherwise there is an exception).
So I want to prevent users from accessing them by typing the URL, but I want them to be available by redirect.
View 1 Replies
Mar 17, 2010
I have a security issue in my web application where user can enter malicious data/can change the page path directory. To avoid these i want to restrict the user by accessing/typing in the URL.
View 5 Replies
Oct 3, 2010
I have a website developed in ASP.NET created by someone else, sitting on another server... until now... a simple(ish) setup with login to update content. The site was zipped up and I was told it would be a simple case of uploading all the files onto the new server. I've managed to upload the site and it works fine... but I can't access the editing pages as it will no longer accept the username and password when I go to login. The host server is running ASP.NET v4 and IIS v7. Hosting is with [URL] so I'm also getting used to their way of doing things.
View 1 Replies
Oct 26, 2010
I need something to secure my PDF files link ...
i have a page like http......../folder/userName.pdf
i need to to encrypt the file name ( i put it "login userName" ) ...
how do i let logged in users download their pdf files without knowing the URL above , for security reasons only ...
View 4 Replies
Jan 6, 2011
My client has s website hosted under IIS 6. This website has a subsite as a virtual directory that we need to ensure is only accessed via HTTPS.
We have enabled HTTPS access to the sub-site, but because the root site is configured to use HTTP, this is being inherited by the sub-site and you can access it unsecured. How can we prevent this?
The only potential option I've found so far is this implementation of IHttpModule. Is there nothing in the web.config I can set, as you can the security on a WCF binding?
View 4 Replies
Mar 22, 2010
In my web application i have 8 screens such as page1.aspx, page2.aspx, page3.aspx........Page8.aspx. I have created user Settings Web Form where the admin Creates username and password for users with access only for particular pages. I have used check boxes to select their accessibility while creating user setting. How can i limit the access of the users only to certain tabs.(All these pages are in the tabs).
View 5 Replies
May 27, 2010
I am taking dataset value in an xml file in asp.net webpage. But when I convetr and create a file of its it i saved as a plain text. to which user can easily open and change anything. But I want to limit user to change XML fie.
View 10 Replies
Apr 27, 2010
i have never encrypted any dlls. How to protect and secure compiled code, that cann't be extracted with the help of software like .net reflectors
View 1 Replies
Jun 17, 2010
Because of the way the server is set up I'm using, I don't think I can use Integrated Security=SSPI in my SQLConnection string. However, I'm a bit wary of giving the database username and password in the connection string in a aspx.cs file. Is there any way of making it more secure?
View 3 Replies
May 21, 2010
I want to grant access to some ressources located on server only for specified web pages, how could I do this?
For example I have an image www.mysite.com/images/image.jpg and something like <img src="www.mysite.com/images/image.jpg" /> should only work on site asp.net.
Is it possible with web.config or maybe with some C# code?
View 4 Replies
Sep 16, 2010
I have secured some files on my webserver by putting them into the App_Data folder in the root (I do not have the option to secure folders using the ASAPI filter)The user gets access to these files by requesting them through a handler, fx. by requesting ~/Handler.ashx?file=App_Data/MySubFolder/MyFile.jpgNow, I want to make all the content in a specific folder called "Members" (a single subdirectory of the App_Data folder) available only by passing a specific password. That is by requesting ~/Handler.ashx?file=App_Data/MySubFolder/MyFile.jpg&password=xxxxIn my Handler.ashx I have written some logic seeking if InStr(context.Request.QueryString("file"), "Members") = 0 before sending the file.If inStr <> 0 a password is required.Is this a good way to secure a folder in and its content? Is there a way of getting access anyway, like using some kind of "sub-directory" line in the path (the same way as you can request parent directory by using "../../Myfile.jpg)? I know there will be a problem if someone fx. legitimately tries to access the file App_Data/Members.jpg
View 15 Replies
Apr 9, 2010
Using VS 2010 RC, VB, and Forms authentication to allow access to the site, depending on the login rights of a user, I want to turn on and off access to certain pages. I can turn on and off buttons to access the pages, but a user can type the page into the url, and it will still go to them.
View 5 Replies
May 24, 2010
In one of my website I need to prevent direct access to non .aspx pages in a protected folder. Authentication works fine if I am going to [URL] but in one case my users are uploading html pages in that folder and if somebody cut and paste [URL]the page can be seen without the authentication process to be activated.
View 6 Replies
Jul 16, 2010
In my website, I am not using any authentication or authorization. I've created login page to capture the user credentials and check against database. If the user successfully authenticates, it's storing the user data in session and navigating to other pages. How thinking of implementing Forms Authentication, but my concern is how to secure the authentication token in client browser for security reasons. Does anyone have any ideas how to secure the authentication token?
View 1 Replies
Jan 6, 2011
I have 4 file uploader in my form to upload 4 images in the DB for each article submitted. My issue when I want update/edit my article with some new pictures and I want delete or update the old pictures with the replacement with the new one.
How I can implement it? I am using ASP.NET based on VB.NOT .... NOT C#
View 1 Replies
Mar 20, 2010
how to display image files which have been stored in Access 2007 as "attachments". The files are already in place as attachments to the database, and would be difficult to move in bulk to individual files. To store and call them individually by filename would have been my first choice, but they are already in place as attachments. At any rate, I have no problem connecting to and querying the database in asp.net for other fields, but have been unsuccessful in displaying these jpeg attachments.
View 4 Replies
Dec 7, 2010
1.store them in the file system of web server and put the url in the table?
2.store them as type "image"?
3.store them as varbinary(max) BLOB?
4.store them as filestream data?
View 2 Replies
Feb 1, 2010
I'm using a masterpage on my website and the images appear correctly on all pages except the secure pages. The login page is formatted correctly, its just the page that is held in the secure folder. Both the header and footer images are either not appearing or are formatted incorrectly.
Code from the masterpage is below:
[Code]....
View 3 Replies