Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > More: Deny direct access to jpg, swf... files, without authentication

Reply
Thread Tools

More: Deny direct access to jpg, swf... files, without authentication

 
 
Matt
Guest
Posts: n/a
 
      04-27-2005
Hello,
I raised a question a few msg back, but it wasn't complete:

I'm working on a portal where the main page is
desktopdefault.aspx and all content (jpg, css, swf files) is stored in
www.domain.com/content/flash/example.swf
or
www.domain.com/content/images/example.jpg
and injected in the desktopdefault.aspx page.
It means that in the desktopdefault.aspx page, located in the website
root, I find references to ./content/flash/example.swf (or jpg...)

How can I prevent users doing
www.domain.com/content/images/example.jpg
and getting the image (or the html file, or whatever inside the
content directory?)
It doesn't matter if the user is authenticated or not, I just want the
user to see the content through the desktopdefault.aspx page.

Is not a matter of authentication, because the whole site may be
public, but I don't want users to access directly the content stored
in /content.
I can change associations on the webserver to have asp.net deal with
all those filetypes, but how can I detect if the browser is accessing
the example.jpg through the www.domain.com/content/images/example.jpg
path or through an image tag ./content/images/example.jpg inside
desktopdefault.aspx?

Thanks!
 
Reply With Quote
 
 
 
 
David Young
Guest
Posts: n/a
 
      04-28-2005
Couple of things you could try:

1) store your images in a database. That way they have to use your page to
get at them.
2) Don't link directly to the image, but rather, link to a aspx file that
serves up the images.
<img src=imageGetter.aspx?imageid=myimage.jpg">

There's probably other ways to do it as well.

"Matt" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello,
> I raised a question a few msg back, but it wasn't complete:
>
> I'm working on a portal where the main page is
> desktopdefault.aspx and all content (jpg, css, swf files) is stored in
> www.domain.com/content/flash/example.swf
> or
> www.domain.com/content/images/example.jpg
> and injected in the desktopdefault.aspx page.
> It means that in the desktopdefault.aspx page, located in the website
> root, I find references to ./content/flash/example.swf (or jpg...)
>
> How can I prevent users doing
> www.domain.com/content/images/example.jpg
> and getting the image (or the html file, or whatever inside the
> content directory?)
> It doesn't matter if the user is authenticated or not, I just want the
> user to see the content through the desktopdefault.aspx page.
>
> Is not a matter of authentication, because the whole site may be
> public, but I don't want users to access directly the content stored
> in /content.
> I can change associations on the webserver to have asp.net deal with
> all those filetypes, but how can I detect if the browser is accessing
> the example.jpg through the www.domain.com/content/images/example.jpg
> path or through an image tag ./content/images/example.jpg inside
> desktopdefault.aspx?
>
> Thanks!



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
newbie: allow deny vs deny allow Jeff ASP .Net 2 09-19-2006 02:12 AM
Deny Telnet access to the switche ns Cisco 3 04-15-2005 06:09 AM
authentication: deny users=* problem Dan ASP .Net 4 11-15-2004 03:55 PM
Deny access to an entire CIDR block just1coder@yahoo.ca Cisco 4 10-18-2004 10:50 PM
access-list deny view Matt Cisco 3 07-07-2004 12:18 AM



Advertisments