Upload and show images in a web form application RRS feed

  • Question

  • User1310055179 posted


    I am using Ajax Control Toolkit AsyncFileUpload to upload images to a webform application. All the images are saved in a folder inside the application root folder.

    The uploaded images are then presented to the users inside the webform.

    I now want to prevent users who are not authorized to view these images using a direct link.

    I am also enabling file upload to the system, but since the file can only be uploaded and downloaded by the user, I am saving it inside App_Data folder which is of course not accessible to the users.

    Since I would like to show the images I am uploading, I cannot use the same method.

    What is the best practice to achieve that?


    Sunday, December 1, 2019 7:37 AM


All replies

  • User475983607 posted

    What is the best practice to achieve that?

    Store the image files outside of the hosted application and build a basic image handler to return the files.  The image handler provides a place to add security logic.

    Keep in mind, this is a very common solution with a lot of supporting code in the Internet.




    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, December 1, 2019 2:35 PM
  • User1310055179 posted

    I tried uploading the files to App_Data folder and then I added an image handler to display the image inside the webform.

    I tested it and it worked perfectly fine in my localhost. 

    Now, after IIS installation, I can't seem to access the file and the image is not displayed.

    What am I missing?

    This is my code:

    if (System.IO.File.Exists(Server.MapPath("~") + @"App_Data\" +pic.Replace("/""\\")))
                                bimage.ImageUrl = "ShowImage.ashx?fileName=" + pic.Replace("/""\\");
    using System;
    using System.Collections.Generic;
    using System.Drawing;
    using System.Linq;
    using System.Web;
    namespace Qsoft_DMS
        /// <summary>
        /// Summary description for ShowImage
        /// </summary>
        public class ShowImage : IHttpHandler
            public void ProcessRequest(HttpContext context)
                System.Web.HttpRequest request = System.Web.HttpContext.Current.Request;
                //HttpResponse r = context.Response;
                string fileName =  request.QueryString["fileName"];
                string filepath = System.Web.HttpContext.Current.Server.MapPath("~") + @"App_Data\\" +   fileName;
                //int W = Int32.Parse(context.Request.QueryString["w"]);
                //int H = Int32.Parse(context.Request.QueryString["h"]);
                Image img = Image.FromFile(filepath);
                Image _img = new Bitmap(img);
                Graphics g = Graphics.FromImage(_img);
                Point p = new Point(0);
                g.DrawImage(img, p);
                g.CompositingQuality = System.Drawing.Drawing2D.CompositingQuality.HighSpeed;
                System.IO.MemoryStream str = new System.IO.MemoryStream();
               // _img = _img.GetThumbnailImage(W, H, null, IntPtr.Zero);
                _img.Save(str, System.Drawing.Imaging.ImageFormat.Png);
                context.Response.ContentType = getContentType(System.Web.HttpContext.Current.Server.MapPath("~") + @"\" + fileName.Replace("/""\\"));;
            public bool IsReusable
                    return false;
            string getContentType(String path)
                switch (System.IO.Path.GetExtension(path))
                    case ".bmp"return "Image/bmp";
                    case ".gif"return "Image/gif";
                    case ".jpg"return "Image/jpeg";
                    case ".png"return "Image/png";
                return "";

    Sunday, December 8, 2019 8:19 AM
  • User1535942433 posted

    Hi qsoft_develo...,

    Since I am not able to know your specific problem, I guess if the publish settings Exclude is selected.

    Best regards,

    Yijing Sun

    Monday, December 9, 2019 10:16 AM
  • User1310055179 posted

    In case I like to allow the users to view in browser pdf/image files without downloading them, what is the best practice for that?

    My files are now stored in App_Data folder.

    Can someone please refer me to a handler code that handles that? 

    Tuesday, December 17, 2019 8:00 AM
  • User1310055179 posted

    I had a problem with the file path I created.

    It is now solved:

    Tuesday, December 17, 2019 8:05 AM