Upload and show images in a web form application

Question

User1310055179 posted

Hi,

I am using Ajax Control Toolkit AsyncFileUpload to upload images to a webform application. All the images are saved in a folder inside the application root folder.

The uploaded images are then presented to the users inside the webform.

I now want to prevent users who are not authorized to view these images using a direct link.

I am also enabling file upload to the system, but since the file can only be uploaded and downloaded by the user, I am saving it inside App_Data folder which is of course not accessible to the users.

Since I would like to show the images I am uploading, I cannot use the same method.

What is the best practice to achieve that?

Thanks

Answer 1

User475983607 posted

What is the best practice to achieve that?

Store the image files outside of the hosted application and build a basic image handler to return the files.  The image handler provides a place to add security logic.

Keep in mind, this is a very common solution with a lot of supporting code in the Internet.

https://www.dotnetperls.com/ashx

https://support.microsoft.com/en-us/help/307985/info-asp-net-http-modules-and-http-handlers-overview

https://www.c-sharpcorner.com/UploadFile/dacca2/working-with-image-in-httphandler/

Answer 2

User1310055179 posted

I tried uploading the files to App_Data folder and then I added an image handler to display the image inside the webform.

I tested it and it worked perfectly fine in my localhost. 

Now, after IIS installation, I can't seem to access the file and the image is not displayed.

What am I missing?

This is my code:

if (System.IO.File.Exists(Server.MapPath("~") + @"App_Data\" +pic.Replace("/", "\\")))
						{

                            bimage.ImageUrl = "ShowImage.ashx?fileName=" + pic.Replace("/", "\\");

						}

using System;
using System.Collections.Generic;
using System.Drawing;
using System.Linq;
using System.Web;
 
namespace Qsoft_DMS
{
    /// <summary>
    /// Summary description for ShowImage
    /// </summary>
    public class ShowImage : IHttpHandler
    {
 
        public void ProcessRequest(HttpContext context)
        {
            System.Web.HttpRequest request = System.Web.HttpContext.Current.Request;
            //HttpResponse r = context.Response;
            string fileName =  request.QueryString["fileName"];
            string filepath = System.Web.HttpContext.Current.Server.MapPath("~") + @"App_Data\\" +   fileName;
 
            //int W = Int32.Parse(context.Request.QueryString["w"]);
            //int H = Int32.Parse(context.Request.QueryString["h"]);
            Image img = Image.FromFile(filepath);
            Image _img = new Bitmap(img);
            Graphics g = Graphics.FromImage(_img);
            Point p = new Point(0);
            g.DrawImage(img, p);
            g.CompositingQuality = System.Drawing.Drawing2D.CompositingQuality.HighSpeed;
            g.Dispose();
            img.Dispose();
            System.IO.MemoryStream str = new System.IO.MemoryStream();
           // _img = _img.GetThumbnailImage(W, H, null, IntPtr.Zero);
            _img.Save(str, System.Drawing.Imaging.ImageFormat.Png);
            _img.Dispose();
            str.WriteTo(context.Response.OutputStream);
            str.Dispose();
            str.Close();
            context.Response.ContentType = getContentType(System.Web.HttpContext.Current.Server.MapPath("~") + @"\" + fileName.Replace("/", "\\"));;
            context.Response.End();
        }
 
        public bool IsReusable
        {
            get
            {
                return false;
            }
        }
 
        string getContentType(String path)
        {
            switch (System.IO.Path.GetExtension(path))
            {
                case ".bmp": return "Image/bmp";
                case ".gif": return "Image/gif";
                case ".jpg": return "Image/jpeg";
                case ".png": return "Image/png";
                default: break;
            }
            return "";
        }
    }
}

Answer 3

User1535942433 posted

Hi qsoft_develo...,

Since I am not able to know your specific problem, I guess if the publish settings Exclude is selected.

Best regards,

Yijing Sun

Answer 4

User1310055179 posted

In case I like to allow the users to view in browser pdf/image files without downloading them, what is the best practice for that?

My files are now stored in App_Data folder.

Can someone please refer me to a handler code that handles that? 

Answer 5

User1310055179 posted

I had a problem with the file path I created.

It is now solved: