CODEWITHSUNDEEP
asp.netasp.net-membership
Leon
Leon

Reputation: 65

ASP.NET membership and images

I hope you can give me some advice about membership and images.

Which is the best way to secure images so that only the authorised users can retrieve them?

The scenario:

I own a website on which users can enter and publish their wishlist(s). The owner of the wishlist has a username/password, and family&friends have a username/password (family&friends all share exactly 1 username/password)

Now I want to give the owner the opportunity to upload an image which will be used as a background image for the wishlist. This may be a personal image, so I want only the concerning owner and family&friends to be able to see that image. I don't want other users (and people not logged in) to be able to see this image, even if they try to hack it.

To be more specific, if I decide to store jpg-files in a folder, everyone can easily retrieve it like https://pbs.twimg.com/media/B4VBJc6CEAAFSKf.jpg I can put it in a folder which only logged in users can access, but then all logged in users can access it, and I only want to grant the owner and the family-and-friends-user. Can I secure the image file?

So, my question is: Which is the best way to secure images so that only the authorised users can retrieve them?

I use: ASP.NET, SQL Server, ASP standard membership

Upvotes: 0

Views: 80

Answers (1)

Win
Win

Reputation: 62260

Only the concerning owner and family&friends to be able to see that image. I don't want other users (and people not logged in) to be able to see this image.

I assume you are using ASP.Net Web Form. If so, you want to look at a generic image handler.

To be more specific, if I decide to store jpg-files in a folder, everyone can easily retrieve it

You should not store images in publicly available folder. In other words, it should be restricted to public access. For example, App_Data folder.

User can only access those images via Image Handler.

Inside the Image Handle, check whether user is authorized. If not authorized, return 404.

If authorized, you can use either BinaryWrite or TransmitFile (if image is stored in file system).

Upvotes: 0

Related Questions