Tracking Forums, Newsgroups, Maling Lists
Home Submit Tracker Forums
  Advanced Search


Web Forms :: Securing Images From Unauthorized Access?

I am working withStaff Images and Staff Dependants Images (photos) and I have to deal with such images among Adobe LiveCycle Forms,File System JPEG Format,Storing them in SQL Server, and finally, displaying them in regual web forms (ASPX).

In order to have the most reasonable and flexible desing, I did the following to:

1. Load the image from predefined location defined in web.config.

2. Convert the images to Memory Stream,

3. Convert the images to Base64 format,

4. Convert the image to XML Node.

In web.config, I defined the following:


I load the Staff Photo into Memory Stream as follows:


And I create the Base64 XML Node as follows:


As a matter of fact, all above is working 100% correctly while dealing with Adobe LiveCycle Form, for Loading and Saving Imgaes from/to PDF.

The above method will allow me to finally save images to SQL Server field type varbinary(max) and also into File System as regular image files. Also, I have full security and control over the images, becuase the above method will allow me to have full control for who is authorized to get/view the images. The end-user does not have direct access to where the images are stored.

How to use the above method to display the image on a regular ASPX Web Page using Image Server Control ? I do not want to use the src='path to image file', I want to be able to push the image content/binary to the IE without providing a link to the image file, how I can do this ?

My objective is to prevent the user from having direct access to the image files from the Browser.

View 5 Replies (Posted: Jan 23, 2011 07:12 AM)

Sponsored Links:

Related Forum Messages For ASP.NET category:
Security :: Securing Web Images So Only Pages Can Access Them?
I only want my web images to be visibleSimpliied, a digital media pagepulls htmlcontent from a database using SQL security and renders that HTML. That digital media page is secured in that only a returing Paypal transaction user with a matching transaction can access it. But today that HTML content makes references to images on my site, those images can be freely directly over the web.The backend is 2.0. Would it be possible for me to secure the web folder with my images to some generic user and impersonate access from my pages so that attempts to access images directly fails?f not, any way to solve all that html content on serverside somehow and turn it into something else I can secure?

Posted: Nov 09, 2010 09:06 AM

View 1 Replies!   View Related
Web Forms :: Request Failed With HTTP Status 401 - Unauthorized Access?
In a webform i'm having the following command:


When I try to run this everything is working fine. When some other people are trying to run this command they're getting this:

Event Type:Warning
Event Source:ASP.NET 2.0.50727.0
Event Category:Web Event
Event ID:1309

Posted: Oct 29, 2009 09:57 AM

View 3 Replies!   View Related
C# - Unauthorized Access When Downloading From FTP?
My code can be found here I am trying to download a file from an FTP server when I try to download it it says I do not have access I have been googling this all morning and have not had any luck. I went to the designated folder and added Everyone with full permissions hoping I was missing a user and that did not work. I tried giving full permissions to myself, Anonymous user, network service, and a few other users that I have found. I have tried using

<identity impersonate="true" /> and
<identity impersonate="true" userName="myfullusername" password="mypassword"/>

I am still not having any luck the full error I get is:

System.UnauthorizedAccessException: Access to the path 'C:UsersmynameDocuments' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath)

Posted: Aug 31 10 at 16:02

View 2 Replies!   View Related
Security :: Unauthorized: Access Is Denied Due To Invalid Credentials?

Unauthorized: Access is denied due to invalid credentials.

Posted: Sep 10, 2010 08:35 PM

View 3 Replies!   View Related
Access :: Saving Images And Loading Images From Access Database?
I need to finish one project but i'm not yet implemented the engine of the management the images from one project created with ASP.Net using VB.Net language. Already searching in the net various codes and until now i find one for this. Let's go, i have the

1 - Access database with the structure:
id - AutoNumber Primary Key
name - Title of Image
Image1 - BLOB
Image2 - BLOB

I need 2 forms, one to insert the image files in the access and another to show the images. How I make this using VB.Net in a ASP.Net web application?

Posted: Dec 04, 2009 04:02 PM

View 7 Replies!   View Related
Configuration :: Unauthorized Access Exception Copying Files From One Server To Another?
I have been struggling with anissue thatsounds like it should be quite common but I can't seem to get the thing working no matter how much I research it!

Iam using an AJAX file uploader to upload files(up to 100MB) to the webserver and when the user clicks a button to completenavigate to the next page, I then attempt to move the files off the webserver onto a file server on Page_Load. Both servers are WinServer 2003. There just isn't enough space on the webserver to hold all the uploads once we go live with this solution so I have to get the files off the webserver.

Uploading the file and creating a new subdirectory on thewebserver(to hold the file) works no problem at all. When I do the file copy to our file server locally on VS2008, again, no problem. However, when I delopy to the live server and try the same thing, the upload happens ok, but the file copy does not. I get anUnauthorizedAccessException. I don't have access to the webserver myself (but can request it if absolutely necessary) and our file server sits within the same domain (Active Directory).

I do not want to use Impersonation at a high level (web.config), so I tried it programmatically for the purposes of the copy file but it did not work. I used one of our general clerical accounts to pass in the credentials and gave full permission to this account on the file server to create/modify files.

Stack Trace:


And the Copy code is:


Posted: Dec 21, 2010 10:26 AM

View 2 Replies!   View Related
Prevent Unauthorized Attempts To Access A Specific File Type?
This is really a couple of questions about preventing unauthorized attempts to access a specific file type. Here go the questions:How do I prevent users from directly requesting a type of file? Do I write an HTTP handler?After preventing a direct download, can my app still explicitly serve that file type? How?

Posted: Feb 17 10 at 1:53

View 1 Replies!   View Related
Configuration :: HTTP Error 401.1 - Unauthorized: Access Is Denied Due To Invalid Credentials.
Iam getting this error " HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.
Internet Information Services (IIS) " after the installation of Sp2. Before that the website was working fine..

Posted: Jul 28, 2008 09:31 AM

View 4 Replies!   View Related
Access :: Update Images Table In Microsoft Access DB Using File Uploader?
I have 4 file uploader in my form to upload 4 images in the DB for each article submitted. My issue when I want update/edit my article with some new pictures and I want delete or update the old pictures with the replacement with the new one.

How I can implement it? I am using ASP.NET based on VB.NOT .... NOT C#

Posted: Jan 06, 2011 01:03 PM

View 1 Replies!   View Related
Access :: How To Display Access Attachment Images
how to display image files which have been stored in Access 2007 as "attachments". The files are already in place as attachments to the database, and would be difficult to move in bulk to individual files. Tostore andcall themindividually by filenamewould have been my first choice, but they are already in place as attachments. At any rate, I have no problem connecting to and querying the for other fields, but have been unsuccessful in displaying these jpeg attachments.

Posted: Mar 20, 2010 06:49 PM

View 4 Replies!   View Related
Web Forms :: Securing A Textbox Field Without Https?
I am creating an onlinejob application using a wizard control.

When the user has completed the application, the finish button will fire javascript tore-render the data & print the application(the application data will not be saved to a database, email, xml, etc).

I want to ensure the users' personal info is safe while postbacks are being made (ie clicking the next button in the wizard steps).

Can someone give me a start as to what I need to be looking to do?

I've seen some things about viewstate encryption, but not sure if that's where I should begin, and/or if that's the only thing I need to do.

Or, If I were to disable viewstate all together would that be good enough?

Posted: Jan 22, 2010 01:44 AM

View 1 Replies!   View Related
MVC2 Application With Forms Authentication Is Blocking Access Even To Images - Styles And Scripts
I'm developing a MVC2 application and using Forms Authentication on it. The scripts, images and styles are all blocked to unlogged users and, consequently, the login page looks awful. It works well local, the problem is when I publish to the server. Does anyone has any idea WHY? The server IIS is version 7.5

<globalization culture="pt-BR" uiCulture="pt-BR" />
<httpRuntime requestValidationMode="2.0"/>
<customErrors mode="Off" />
<compilation debug="true" targetFramework="4.0">
<add assembly="System.Web.Abstractions, Version=, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Routing, Version=, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add assembly="System.Web.Mvc, Version=, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
<add namespace="Admin.Models" />
<authentication mode="Forms">
<forms name="AGAuth" loginUrl="~/Home/Login" timeout="120" />
<validation validateIntegratedModeConfiguration="false"/>
<modules runAllManagedModulesForAllRequests="true"/>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="" newVersion="" />
<add name="DBContainer" connectionString="metadata=res://*/Database.DB.csdl|res://*/Database.DB.ssdl|res://*/Database.DB.msl;provider=System.Data.SqlClient;provider connection string="Data,5158;Initial Catalog=thedatabase;Persist Security Info=True;User ID=theuser;Password=thepassword;MultipleActiveResultSets=True"" providerName="System.Data.EntityClient" />

Posted: Sep 15 10 at 22:41

View 9 Replies!   View Related
Security - Securing Forms Authentication Token On Client Side?
In my website, I am not using any authentication or authorization. I've created login page to capture the user credentials and check against database. If the user successfully authenticates, it's storing the user data in session and navigating to other pages. How thinking of implementing Forms Authentication, but my concern is how to secure the authentication token in client browser for security reasons. Does anyone have any ideas how to secure the authentication token?

Posted: Jul 16 10 at 15:57

View 1 Replies!   View Related
Forms Data Controls :: Autosize Listview Images From Access Datasource To Fit To A Cell In Aspx?
I am working on setting up an aspx page using access datasource in web eepression. Access Datasource is having image source information from other resources feed. I am using listview to display all the images.
The problem I am facing is that all the images are displaying in different sizes. I tried to customize Layout template by specifying the td height and width but it's not working. Is there any way to autosize the pictures in listview once page is displayed.

<table runat="server">
<tr runat="server">


Posted: Jul 29, 2010 03:40 PM

View 3 Replies!   View Related
Access Images Outside The Web Path?
How can i display images that are saved outside the the WebSite folder.

Posted: Mar 29 at 3:50

View 2 Replies!   View Related
Security :: Restricting Access Of Images?
i have an image (say abc.gif) that i would like to allow the user to "view" only if he is logged in to my system. Currently i am checking whether he is logged on to my system using session variables.

Posted: Nov 11, 2010 07:09 AM

View 5 Replies!   View Related
C# - Access Images From External Storage In ASP
I have an ASP.NET site in a web server and the images are stored in NAS (some kind of lacie external storage), I tried UNC and other things but no success. how can I access images from external storage in ASP.NET Update: The images are reachable from the server but when I try to access in ASP.NET throws me error.

Posted: Jan 21 10 at 19:51

View 2 Replies!   View Related
Access To Dynamic Images On Server?
I'm developing a web application in which users uploads images and I'm keeping the location of the uploaded image path on server. For example:


In my page, I want to display this image but I couldn't. I've tried many things but couldn't find a way of doing it.. This directory isn't part of my project because it will be always updated.

Posted: Feb 7 at 19:10

View 2 Replies!   View Related
Security :: Can Not Access Images And Contents From Folder
At first I got an error that the user did not have permission to read the config file (web.config).
So I gave NETWORK SERVICE and IIS_IUSRS read on the website folders.

But nowvistors can not access images and other static content from the Content folder without logging in. Aspx and .ashx content works however static content is redirected to the login page.

Posted: Jun 18, 2010 11:05 AM

View 6 Replies!   View Related
Security :: Secure Images From Being Easily Access?
I have read that the best way to secure images from being access would be to place them into a database rather than into a file system or virtual directory. Is this correct? I am creating a site that needs to have the images the user upload be secure as possible. I initially programmed the images to be uploaded to a database then I reprogram the site to have them store in to a file system/virtual directory. I'm still up in the air in terms of which one to use. Again, security is my primary concern.

Posted: Feb 08, 2010 12:37 AM

View 4 Replies!   View Related
C# - Securing Controller Action In MVC?
In ASP.NET MVC 2, to secure controller action, i have created a class RequirePermission inherited from ActionFilterAttribute class. The controller action looks like


Now instead of making different attributes , I want to use RequirePermission attribute like
[RequirePermission(permissions=Permissions.CanView+","+Permissions.CanEdit)] so that i can use it for different scenerious. but the compiler throw the following error. An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type

Posted: Feb 2 10 at 11:11

View 1 Replies!   View Related
Iphone - Securing A WCF Web Service?
I have a website and I am accessing that web service from my iPhone app to get data.
The WCF web service produces data as JSON.I want to put some kind of authentication on the WCF. What you you guys recommend?

Posted: Mar 25 10 at 16:20

View 2 Replies!   View Related
How To Return Images From Database (Access) To RSS In Form Of Thumbnails
How can i return images from my database (Access) to RSS in form of thumbnails this is my RSS code:



Posted: Nov 15, 2010, 06:58

View 3 Replies!   View Related
Storing Images Into Access Database Along With Page Per Records?
i m developing website using with microsoft access 2003 i have product details along with the images now i want to add this images into database but how i add this pictures what code is use if there are 100 products with 100 images i want to show 10 records per page i need also code of that

Posted: Aug 12th, 2010, 05:29 PM

View 3 Replies!   View Related
Storing Images Into Access Database Along With Page Per Records
i m developing website using with microsoft access 2003 i have product details along with the images now i want to add this images into database but how i add this pictures what code is use if there are 100 products with 100 images i want to show 10 records per page i need also code of that

Posted: Aug 12, 2010, 14:56

View 17 Replies!   View Related
AJAX :: Return Images From Wcf Service And Access It On Clientside?
I am trying to accomplish gettting images from a WCF service via clientside and displaying it on client browser, but I am not sure how I can return imagesfrom a WCF service, i mean the format of the image which will be supported from client side ajax.

Can I return it as System.Drawing.Image? If so , how can I access it on clientside? Or do I have to return it in some other format.

Posted: May 19, 2008 02:30 PM

View 10 Replies!   View Related
VS 2008 Securing And Maintaining With Mostly Web Services?
I'm going to launch a page - that will persist for a really long time using - using ASP.Net.

Page will have very little controls - will using jQuery ajax calls to build up and fill in the DOM for maintaining data in the backend DB.

How do I maintain who I am with the web service?

I'm used to pages that mostly use membership / session vbl stuff to maintain state.

That's not going to fly with why I'm doing here.

And I guess that also starts into "how do I secure this web service"?

Posted: Mar 1st, 2011, 02:43 PM

View 7 Replies!   View Related
MVC :: Securing Action From JQuery Call?
How to secure an Action filtered with Authorize method from a jQuery call? I have this Authorize filter and it work's cause users are redirected if not logged-in. But after logging-out then accessing previous open pages that needs authorization, they weren't redirected at all. This jQuery is initialize when a button is clicked,
"/controllername/IsUserActive", {
}, function (data) {
if (data){
{ else {
$('#div_user_active').html('Not Active');

then calls this Action method.

<Authorize()> _
Function IsUserActive() As Boolean
Return True '<<---this keeps returning even users are already logged-out.
End Function

Overall, I wanted ajax(jQuery) to update/read a portion of the page but gets redirected if not authorized.

Posted: May 28, 2010 04:17 AM

View 1 Replies!   View Related
Securing The Admin Portion Of Website?
I have a subdirectory in my site that contains all the site administrative (content update) tools. I have set the directory in IIS to require username and password to login. However, the basic authentication transmits the password in plain (unencrypted) text. This is not a problem when doing site admin within our secure LAN. However, I want to be able to administer remotely as well, but do not want the password transmitted unencrypted. Is there a way to accomplish this security without having to purchase an SSL certificate, install it and so on? I remember before creating a local certificate, but then the user had to go through a bunch of rigamarole telling the browser to accept/load the certificate each time.

Posted: Apr 09, 2009 05:44 PM

View 5 Replies!   View Related
Securing Web Services To Be Consumed From Flash?
my team is building a game in flash to be embeded in a application.

When the game is over the player have the chance to type his name to save his score. This is done using web services called from flash. The webservice receives the name and score.

Since the webservice is publicly available how can I make it only callable from my flash given the following conditions:

The .swf is hosted by the same application There are two domains that can access the same application (I have run previously into cross domain issues). Using SSL is not an option. The webservice has to be consumed by the .swf file.

Posted: Oct 18 10 at 3:52

View 1 Replies!   View Related
Securing A SQL Server 2008R2 Database?
We will be developing an ASP.NET application. It will store data in an SQL Server 2008 R2 installation. Most of the data is sensitive, so security is a primary concern.We will be hosting this in a shared environment, and it is a design goal that the data should be unreadable in the case of theft.

I am thinking of the following set up:

Encrypt the whole database using TDE. Users are created in the SQL Server users table, and we authenticate against that when users log in through the web interface.The intention is that if someone gets to the database, they will not be able to use the data. And no connection string with user credentials will need to be stored in the web.config file. Do you see any disadvantages to this approach? And how easy will it be to authenticate against the SQL Server as described?

Posted: Nov 14 10 at 19:06

View 3 Replies!   View Related
Security :: Securing URL For Logged In Users?
I need something to secure my PDF files link ...

i have a page like http......../folder/userName.pdf

i need to to encrypt the file name ( i put it"login userName" ) ...

how do i let logged in users download their pdf files without knowing the URL above , for security reasons only ...

Posted: Oct 26, 2010 06:40 AM

View 4 Replies!   View Related
Securing Single Sign-on To Web Application?
I need to create a single sign-on structure and my question is: is SSL a must?

The application will have a link to my web application. When the user clicks that link, their local username will be passed to my web app at which point a look-up in a mapping file is done. If that local username exists in the map, then the user is logged in. If not, then the user will be prompted to enter their network username and password, and when authenticated, an entry in the map will be created.

How do I ensure that user is who they say they are and not Joe Blow from off the street sending in an HTTP POST request with that username?

Do I have to use SSL (and if so, what does that entail)? Would adding a salt and encrypting the username be sufficient? Maybe locking it down so the source IP has to be within a controlled range?

My web app runs on IIS 6/7 and uses the ASP.NET MVC framework, if that is important.

Posted: Sep 10 10 at 16:04

View 3 Replies!   View Related
Configuration :: Securing Code And Database?
I am trying to deploy a project for customers and i 'd like tobe sure thatcodewill be secured and cannot be hacked or seen, i know we can dothatthrough the precompiled features but i don't konw how secure it is , andis there any other ways for this?also about the databasecan i protect itso as no one can open it see the tables or edit .... etc ?

Posted: Jul 04, 2010 03:47 PM

View 1 Replies!   View Related
Security :: Securing An IIS Virtual Directory With SSL?
My client has s website hosted under IIS 6. This website has a subsite as a virtual directory that we need to ensure is only accessed via HTTPS.

We have enabled HTTPS access to the sub-site, but because the root site is configured to use HTTP, this is being inherited by the sub-site and you can access it unsecured. How can we prevent this?

The only potential option I've found so far is this implementation of IHttpModule. Is there nothing in the web.config I can set, as you can the security on a WCF binding?

Posted: Jan 06, 2011 02:35 PM

View 4 Replies!   View Related
Security :: Securing Non-aspx Files With IIS 7?
I've seen a lot of tutorials about getting IIS 7 to process non-aspx files and it makes it seem very simple, but I can't seem to get IIS 7 to force non-aspx files (pdf, rtf, etc) to cause authentication. I'm using IIS 7 on Vista. It seems simple enough--my defaultapppool is set to Integrated Pipeline and has my site associated with it. I added the following to my web.config <system.webServer>The folder where the pdf files are stored requires authentication per my web.config (using forms authentication). However, if I go directly to the link, it lets me download it, even if I'm not authenticated. Using the built in web server in Visual Studio,it works and redirects me to a login page as expected and will only let me download the pdf if I'm authenticated. I read in that other people were having a similar problem with trying to get it to work in IIS 7, but no solutions were presented.What is required in my IIS 7 install to get this going? I have URL Authorization checked and pretty much all the other security times when I set up IIS 7. Any thoughts on what I'm missing?

Posted: Jun 13, 2009 03:07 AM

View 4 Replies!   View Related
Web Forms :: ReportViewer With Different Server Domains/ The Request Failed With HTTP Status 401- Unauthorized
I created aMicrosoft.Reporting.WinForms.ReportViewer with a window application. It worked fine when I was in net A with domain A. My application is now moved to net B with domain B. However when I login to my computer I still loginnetA withdomain A, userID and password for A.I then use a A/B switch to switch to net B to run my applicationrunning ReportViewer (no login directly to B). But when I run ReportViewer I got errors like below.

The request failed with HTTP status 401: Unauthorized.



Posted: Dec 10, 2010 05:26 PM

View 2 Replies!   View Related
Restrict Access / View Images Of Other User Uploaded Using CK Editor?
I am using CK Editor, in my application every user have his separate email templates. I want to store images to user specific and user should not view other user uploaded images when browse to Server to upload images

Posted: Jul 17 10 at 4:27

View 1 Replies!   View Related
VS 2010 Securing WebService Inside Web Site?
I have an existing website that I am adding a webservice (asmx) file too so that I can make client call backs to a certain function.I found this article on securing webmethods in an API [URL] a...ntication.aspx But is there a way to set the security up for the API itself instead of each individual webmethod? Kinda like have a page load method that gets called regardless of what API you are using and checks if you have a valid session.

Posted: Mar 17th, 2011, 08:39 AM

View 1 Replies!   View Related
Copyright 2005-08, All rights reserved