469,889 Members | 1,352 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,889 developers. It's quick & easy.

Protect an Image File in ASP.NET Web Project?

Hi. I have an ASP.NET 2.0 web application which contains an Images directory
with all website images. How can I prevent other websites from creating img
tags with the source as my images? I want to prevent other websites from
serving my image.

For example - How can I prevent another website from doing this?
<img src="http://mywebsitename/images/image1.jpg"

Is this possible? Thanks
Nov 28 '07 #1
7 2165
Unless its a password protected site, you can only really just check your
logs to see if anyone is doing that and block them if they are. I

Regards

John Timney (MVP)
http://www.johntimney.com
http://www.johntimney.com/blog
"Mike" <Mi**@discussions.microsoft.comwrote in message
news:AC**********************************@microsof t.com...
Hi. I have an ASP.NET 2.0 web application which contains an Images
directory
with all website images. How can I prevent other websites from creating
img
tags with the source as my images? I want to prevent other websites from
serving my image.

For example - How can I prevent another website from doing this?
<img src="http://mywebsitename/images/image1.jpg"

Is this possible? Thanks

Nov 28 '07 #2
Place the files in a different directory and serve them up with an aspx
page. Have the aspx page
Check the Request.UrlReferrer prior to serving them up.

You could also use a 404 error handler so that they look like they are
still gifs, but because you are calling them from a directory different
then they are really in, the 404 handler will kick in and serve up the
file for you.
Dave Bush
http://blog.dmbcllc.com

-----Original Message-----
From: Mike [mailto:Mi**@discussions.microsoft.com]
Posted At: Wednesday, November 28, 2007 9:44 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Protect an Image File in ASP.NET Web Project?
Subject: Protect an Image File in ASP.NET Web Project?

Hi. I have an ASP.NET 2.0 web application which contains an Images
directory
with all website images. How can I prevent other websites from creating
img
tags with the source as my images? I want to prevent other websites from
serving my image.

For example - How can I prevent another website from doing this?
<img src="http://mywebsitename/images/image1.jpg"

Is this possible? Thanks

Nov 28 '07 #3
Dave - You mention serving them up on an aspx page. What exactly does that
mean or how would I do that? I understand how to check the
request.urlreferrer, I'm just unfamiliar w/serving an image on an aspx page.

Thanks.

"Dave Bush" wrote:
Place the files in a different directory and serve them up with an aspx
page. Have the aspx page
Check the Request.UrlReferrer prior to serving them up.

You could also use a 404 error handler so that they look like they are
still gifs, but because you are calling them from a directory different
then they are really in, the 404 handler will kick in and serve up the
file for you.
Dave Bush
http://blog.dmbcllc.com

-----Original Message-----
From: Mike [mailto:Mi**@discussions.microsoft.com]
Posted At: Wednesday, November 28, 2007 9:44 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Protect an Image File in ASP.NET Web Project?
Subject: Protect an Image File in ASP.NET Web Project?

Hi. I have an ASP.NET 2.0 web application which contains an Images
directory
with all website images. How can I prevent other websites from creating
img
tags with the source as my images? I want to prevent other websites from
serving my image.

For example - How can I prevent another website from doing this?
<img src="http://mywebsitename/images/image1.jpg"

Is this possible? Thanks

Nov 28 '07 #4
private void Page_Load(object sender, System.EventArgs e)
{
Response.ClearContent();
Response.ClearHeaders();
Response.ContentType = image mime type here;
Response.WriteFile(filename);
Response.End();
}

-----Original Message-----
From: Mike [mailto:Mi**@discussions.microsoft.com]
Posted At: Wednesday, November 28, 2007 10:35 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Protect an Image File in ASP.NET Web Project?
Subject: Re: Protect an Image File in ASP.NET Web Project?

Dave - You mention serving them up on an aspx page. What exactly does
that
mean or how would I do that? I understand how to check the
request.urlreferrer, I'm just unfamiliar w/serving an image on an aspx
page.

Thanks.

"Dave Bush" wrote:
Place the files in a different directory and serve them up with an aspx
page. Have the aspx page
Check the Request.UrlReferrer prior to serving them up.

You could also use a 404 error handler so that they look like they are
still gifs, but because you are calling them from a directory different
then they are really in, the 404 handler will kick in and serve up the
file for you.
Dave Bush
http://blog.dmbcllc.com

-----Original Message-----
From: Mike [mailto:Mi**@discussions.microsoft.com]
Posted At: Wednesday, November 28, 2007 9:44 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Protect an Image File in ASP.NET Web Project?
Subject: Protect an Image File in ASP.NET Web Project?

Hi. I have an ASP.NET 2.0 web application which contains an Images
directory
with all website images. How can I prevent other websites from creating
img
tags with the source as my images? I want to prevent other websites from
serving my image.

For example - How can I prevent another website from doing this?
<img src="http://mywebsitename/images/image1.jpg"

Is this possible? Thanks

Nov 28 '07 #5
this adds little protection, as image properties will give the url.
checking the urlreferrer will prevent legitimate users, as many
browser/proxies strip this for security.

you best bet is using a 1 time token on the url.

myimage.aspx?id=<access token>

the accesstoken is a key to the actual image to return. the key should
only be good for 1 use (or limited time use).

again this will only stop casual use, a good hacker could beat this.

-- bruce (sqlwork.com)

Dave Bush wrote:
private void Page_Load(object sender, System.EventArgs e)
{
Response.ClearContent();
Response.ClearHeaders();
Response.ContentType = image mime type here;
Response.WriteFile(filename);
Response.End();
}

-----Original Message-----
From: Mike [mailto:Mi**@discussions.microsoft.com]
Posted At: Wednesday, November 28, 2007 10:35 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Protect an Image File in ASP.NET Web Project?
Subject: Re: Protect an Image File in ASP.NET Web Project?

Dave - You mention serving them up on an aspx page. What exactly does
that
mean or how would I do that? I understand how to check the
request.urlreferrer, I'm just unfamiliar w/serving an image on an aspx
page.

Thanks.

"Dave Bush" wrote:
>Place the files in a different directory and serve them up with an aspx
page. Have the aspx page
Check the Request.UrlReferrer prior to serving them up.

You could also use a 404 error handler so that they look like they are
still gifs, but because you are calling them from a directory different
then they are really in, the 404 handler will kick in and serve up the
file for you.
Dave Bush
http://blog.dmbcllc.com

-----Original Message-----
From: Mike [mailto:Mi**@discussions.microsoft.com]
Posted At: Wednesday, November 28, 2007 9:44 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Protect an Image File in ASP.NET Web Project?
Subject: Protect an Image File in ASP.NET Web Project?

Hi. I have an ASP.NET 2.0 web application which contains an Images
directory
with all website images. How can I prevent other websites from creating
img
tags with the source as my images? I want to prevent other websites from
serving my image.

For example - How can I prevent another website from doing this?
<img src="http://mywebsitename/images/image1.jpg"

Is this possible? Thanks

Nov 28 '07 #6
Bruce is right. But, you need to decide how important protecting those
images is.

You might be able to get away with checking for a session variable that
the calling page created.

Any method you use COULD be hacked. But, they'd have to have some idea
what you were doing first.

Are the images really THAT important? Could you put a visible water mark
on them instead?

-----Original Message-----
From: bruce barker [mailto:no****@nospam.com]
Posted At: Wednesday, November 28, 2007 11:59 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Protect an Image File in ASP.NET Web Project?
Subject: Re: Protect an Image File in ASP.NET Web Project?

this adds little protection, as image properties will give the url.
checking the urlreferrer will prevent legitimate users, as many
browser/proxies strip this for security.

you best bet is using a 1 time token on the url.

myimage.aspx?id=<access token>

the accesstoken is a key to the actual image to return. the key should
only be good for 1 use (or limited time use).

again this will only stop casual use, a good hacker could beat this.

-- bruce (sqlwork.com)

Dave Bush wrote:
private void Page_Load(object sender, System.EventArgs e)
{
Response.ClearContent();
Response.ClearHeaders();
Response.ContentType = image mime type here;
Response.WriteFile(filename);
Response.End();
}

-----Original Message-----
From: Mike [mailto:Mi**@discussions.microsoft.com]
Posted At: Wednesday, November 28, 2007 10:35 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Protect an Image File in ASP.NET Web Project?
Subject: Re: Protect an Image File in ASP.NET Web Project?

Dave - You mention serving them up on an aspx page. What exactly does
that
mean or how would I do that? I understand how to check the
request.urlreferrer, I'm just unfamiliar w/serving an image on an aspx
page.

Thanks.

"Dave Bush" wrote:
>Place the files in a different directory and serve them up with an aspx
page. Have the aspx page
Check the Request.UrlReferrer prior to serving them up.

You could also use a 404 error handler so that they look like they are
still gifs, but because you are calling them from a directory different
then they are really in, the 404 handler will kick in and serve up the
file for you.
Dave Bush
http://blog.dmbcllc.com

-----Original Message-----
From: Mike [mailto:Mi**@discussions.microsoft.com]
Posted At: Wednesday, November 28, 2007 9:44 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Protect an Image File in ASP.NET Web Project?
Subject: Protect an Image File in ASP.NET Web Project?

Hi. I have an ASP.NET 2.0 web application which contains an Images
directory
with all website images. How can I prevent other websites from
creating
img
tags with the source as my images? I want to prevent other websites
from
serving my image.

For example - How can I prevent another website from doing this?
<img src="http://mywebsitename/images/image1.jpg"

Is this possible? Thanks

Nov 28 '07 #7
The images are not THAT important, and I think that one of the methods
recommended here should suffice to accomplish this task.

Right now I think I have a pretty good understanding what you all have
proposed, so I'll get started reviewing them.

Thanks all!

"Dave Bush" wrote:
Bruce is right. But, you need to decide how important protecting those
images is.

You might be able to get away with checking for a session variable that
the calling page created.

Any method you use COULD be hacked. But, they'd have to have some idea
what you were doing first.

Are the images really THAT important? Could you put a visible water mark
on them instead?

-----Original Message-----
From: bruce barker [mailto:no****@nospam.com]
Posted At: Wednesday, November 28, 2007 11:59 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Protect an Image File in ASP.NET Web Project?
Subject: Re: Protect an Image File in ASP.NET Web Project?

this adds little protection, as image properties will give the url.
checking the urlreferrer will prevent legitimate users, as many
browser/proxies strip this for security.

you best bet is using a 1 time token on the url.

myimage.aspx?id=<access token>

the accesstoken is a key to the actual image to return. the key should
only be good for 1 use (or limited time use).

again this will only stop casual use, a good hacker could beat this.

-- bruce (sqlwork.com)

Dave Bush wrote:
private void Page_Load(object sender, System.EventArgs e)
{
Response.ClearContent();
Response.ClearHeaders();
Response.ContentType = image mime type here;
Response.WriteFile(filename);
Response.End();
}

-----Original Message-----
From: Mike [mailto:Mi**@discussions.microsoft.com]
Posted At: Wednesday, November 28, 2007 10:35 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Protect an Image File in ASP.NET Web Project?
Subject: Re: Protect an Image File in ASP.NET Web Project?

Dave - You mention serving them up on an aspx page. What exactly does
that
mean or how would I do that? I understand how to check the
request.urlreferrer, I'm just unfamiliar w/serving an image on an aspx
page.

Thanks.

"Dave Bush" wrote:
Place the files in a different directory and serve them up with an aspx
page. Have the aspx page
Check the Request.UrlReferrer prior to serving them up.

You could also use a 404 error handler so that they look like they are
still gifs, but because you are calling them from a directory different
then they are really in, the 404 handler will kick in and serve up the
file for you.
Dave Bush
http://blog.dmbcllc.com

-----Original Message-----
From: Mike [mailto:Mi**@discussions.microsoft.com]
Posted At: Wednesday, November 28, 2007 9:44 AM
Posted To: microsoft.public.dotnet.framework.aspnet
Conversation: Protect an Image File in ASP.NET Web Project?
Subject: Protect an Image File in ASP.NET Web Project?

Hi. I have an ASP.NET 2.0 web application which contains an Images
directory
with all website images. How can I prevent other websites from
creating
img
tags with the source as my images? I want to prevent other websites
from
serving my image.

For example - How can I prevent another website from doing this?
<img src="http://mywebsitename/images/image1.jpg"

Is this possible? Thanks


Nov 28 '07 #8

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

6 posts views Thread by fgarciarico | last post: by
4 posts views Thread by David LACASSAGNE | last post: by
4 posts views Thread by Steve Peterson | last post: by
7 posts views Thread by Jean Christophe Avard | last post: by
5 posts views Thread by aiki727 via DotNetMonster.com | last post: by
8 posts views Thread by Bill | last post: by
5 posts views Thread by Garry Jones | last post: by
4 posts views Thread by tshad | last post: by
1 post views Thread by Waqarahmed | last post: by
reply views Thread by Salome Sato | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.