You could check the http_refererer servervariable to see where the request
came from, and if it's invalid, show an alternative image (i.e. access
forbidden). I've implemented something similar in the past with limited
success. The http_referer seemed to intermittently stop working for me,
causing the "access forbidden" image to show even when the image was being
viewed in the correct page. However, this may have had something to do with
my company's firewall settings...
Regards,
Mun
--
Munsifali Rashid
http://www.munsplace.com/
"Amil" <an*******@discussions.microsoft.com> wrote in message
news:8A**********************************@microsof t.com...
I have a .aspx page that creates proprietary images (return type is
image). Normally, calls to this .aspx page come from our own pages. I
don't want someone to just type the URL for the .aspx image page (with
modified query parameters)...I only want the .aspx page to work if it was
called (embedded) from our own page.
How can this be done? Can it be done without session variables? Is there
an HTTP header or server variable that can be checked?