locked
Restricting access of images RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1758009546 posted

    Hi all, i have an image (say abc.gif) that i would like to allow the user to "view" only if he is logged in to my system. Currently i am checking whether he is logged on to my system using session variables.

    Thursday, November 11, 2010 3:09 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    User713056278 posted

    Hi,

    btw is it a good idea to put copies of web.config in other folders if i would say, like to only restrict access of a single folder.
     

    I would like to suggest you that please check the link below for the information about setting authorization rules for a particular page or folder in web.config.

    http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx

    Hope it can provide some solutions for you. 

    or is there a better solution?

    According to your description:

    i would like to allow the user to "view" only if he is logged in to my system. Currently i am checking whether he is logged on to my system using session variables.

    For my experience ,you can use Application_BeginRequest method in global.asax to check whether the URL of page is typed by user and make a judgment that if the extension value of  page's url  is .GIF .

    Then if the user is not login, let user know the image file is not allowed to access to.

    In this way ,you can avoid user who is not login trying to type the URL and access the image file.

    Please check the link below for the similar thread and sample,hope it can help you.

    http://forums.asp.net/p/1617959/4152296.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, November 14, 2010 9:20 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User377791177 posted

    you can use formsauthentication with <deny users="?"/> to block unauthenticated users. with this setting users won't be able to download anything (image,script,pages etc..) from your application.

    Thursday, November 11, 2010 3:25 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1340885213 posted

    If you add a Login.aspx page in your Application and try this in your web.config, then your user would always have to Login to see anything in your App.

    <system.web>
<authentication mode="Forms" />
<authorization>
<deny users="?" />
</authorization>
</system.web>

    But always it is advisable to keep a Register link in the same page to give your users an opportunity to register.

    Thursday, November 11, 2010 6:01 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1758009546 posted


    heys thanks for the help. btw is it a good idea to put copies of web.config in other folders if i would say, like to only restrict access of a single folder. or is there a better solution?

    Thursday, November 11, 2010 9:02 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User713056278 posted

    Hi,

    btw is it a good idea to put copies of web.config in other folders if i would say, like to only restrict access of a single folder.
     

    I would like to suggest you that please check the link below for the information about setting authorization rules for a particular page or folder in web.config.

    http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx

    Hope it can provide some solutions for you. 

    or is there a better solution?

    According to your description:

    i would like to allow the user to "view" only if he is logged in to my system. Currently i am checking whether he is logged on to my system using session variables.

    For my experience ,you can use Application_BeginRequest method in global.asax to check whether the URL of page is typed by user and make a judgment that if the extension value of  page's url  is .GIF .

    Then if the user is not login, let user know the image file is not allowed to access to.

    In this way ,you can avoid user who is not login trying to type the URL and access the image file.

    Please check the link below for the similar thread and sample,hope it can help you.

    http://forums.asp.net/p/1617959/4152296.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, November 14, 2010 9:20 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1758009546 posted

    hey thanks for the help

    Wednesday, November 17, 2010 10:08 PM