Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > Web Programming > JavaScript > Javascript How-To
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Javascript How-To Ask your "How do I do this with Javascript?" questions here.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Javascript How-To section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old June 15th, 2005, 08:51 AM
Friend of Wrox
 
Join Date: Oct 2004
Location: delhi, delhi, India.
Posts: 553
Thanks: 0
Thanked 1 Time in 1 Post
Send a message via MSN to vinod_yadav1919 Send a message via Yahoo to vinod_yadav1919
Default Image Access Restriction directly

Hii Everybody !!!
Can anyone tell me how to restrict
When user directly types the image address in addressbar , I donot allow to view this image ,Since user is directly accessing the image.

Since this image will be part of the asp/php code,with <img src=imglocation/imgname.jpg>

It's is perfectly ok that the page is properly displayed through the current hosted webpages (asp/php) page.

but when user types http://somfilename/foldername/imagename.jpg
he should not see the imagename.jpg,because he may or may not Registered Users!!
In general i want to prevent unauthorized Access to Images
Any help ,Guidelines are always Welcome
:)
Cheers


Cheers :)

vinod
__________________
Cheers :)

vinod
Reply With Quote
  #2 (permalink)  
Old June 15th, 2005, 09:24 AM
Friend of Wrox
 
Join Date: Oct 2004
Location: delhi, delhi, India.
Posts: 553
Thanks: 0
Thanked 1 Time in 1 Post
Send a message via MSN to vinod_yadav1919 Send a message via Yahoo to vinod_yadav1919
Default

Hii Everybody
Again ,Since I am working in ASP ,so please give idea about that.

Offcourse it is possible with .Net and Php through(httphandler and .htaccess files).

my question is concerned with ASP+ IIS

Thanks Again

Cheers :)

vinod
Reply With Quote
  #3 (permalink)  
Old June 15th, 2005, 09:41 AM
Friend of Wrox
 
Join Date: May 2004
Location: , , .
Posts: 212
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Vinod,

I don't know much about IIS or ASP but I believe you can control access through the IIS Metabase and IPSec?

Just what I've heard. Have you tried MSDN?

interrupt

Reply With Quote
  #4 (permalink)  
Old June 18th, 2005, 06:06 AM
joefawcett's Avatar
Wrox Author
Points: 9,763, Level: 42
Points: 9,763, Level: 42 Points: 9,763, Level: 42 Points: 9,763, Level: 42
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Exeter, , United Kingdom.
Posts: 3,074
Thanks: 1
Thanked 38 Times in 37 Posts
Default

There is no difference between ASP/IIS and PHP using htaccess. It cannot be done with traditional images in HTML. The browser needs the image to display it, once it is downloaded you cannot stop it being displayed.
You could have an asp page that returns the image using BinaryWrite. Before the image is returned you will need to check whether it is a direct request or from a web page. This maybe possible using cookies but I'm not sure. The only way I have seen that definitely works is via an ActiveX control or a Java applet that the user has to agree to let run before hand.


--

Joe (Microsoft MVP - XML)
Reply With Quote
  #5 (permalink)  
Old June 18th, 2005, 08:45 AM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 6 Times in 6 Posts
Default

I've used a couple of methods to initiate a logon requirement for arbitrary files.

One was custom 404 error pages. I remove the file from the virtual www-accessible file-system. Then when someone hits the document, it goes to the 404 error page. From there I parse the REQUEST_URI field, check authentication, do custom logging, retrieve the file and output it. All with a 200 response code, so as not to confuse the browser.

Another method I've used is building my own database-driven virtual file system, but this method does rely on a particular server enviornment, since I use PHP and Apache, it uses the Apache mod_rewrite module. I'm not sure what would be the ASP/IIs equivalent of this.

Here's a write-up I did on the mod_rewrite method though, which might help you start looking for a way to do it with .NET and IIs:
http://p2p.wrox.com/topic.asp?TOPIC_ID=31036

This latter method is very similar to the 404 method, except I am not relying on the 404 error script to do the work. Also, if you read my post there you'll see that the 404 method can be buggy. Essentially what happens is I can create "clean-URIs". That is to say instead of:
http://p2p.wrox.com/topic.asp?TOPIC_ID=31036

I can create:
http://p2p.wrox.com/topic/31036

When the latter URI comes in, I use Apache mod_rewrite to decide where to direct the request. In the Apache configuration I provide a few rules, such as "if the file requested doesn't exist in the normal file system as either a file or a directory, it goes to index.php". With that rule, Apache translates all non-existing file paths to go to index.php (without using a custom 404 document) . In index.php I can analyze the file path, query the database, authenticate, output the binary file, web page, or whatever's being requested. For better or worse what I've done is create a file system of my own.

I think that's the best method to control file access, personally, because it allows for so many more possibilities.


Regards,
Rich

--
[http://www.smilingsouls.net]
Mail_IMAP: A PHP/C-Client/PEAR solution for webmail
Author: Beginning CSS: Cascading Style Sheets For Web Design
Reply With Quote
  #6 (permalink)  
Old June 19th, 2005, 04:53 AM
joefawcett's Avatar
Wrox Author
Points: 9,763, Level: 42
Points: 9,763, Level: 42 Points: 9,763, Level: 42 Points: 9,763, Level: 42
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Exeter, , United Kingdom.
Posts: 3,074
Thanks: 1
Thanked 38 Times in 37 Posts
Default

Richard

How does that prevent the user opening a new browser window, with ctrl+n in IE for example, from the main page and just entering the image's url into the address bar?



--

Joe (Microsoft MVP - XML)
Reply With Quote
  #7 (permalink)  
Old June 19th, 2005, 08:41 AM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 6 Times in 6 Posts
Default

He said he wanted to restrict access to registered users, right?

The method I suggested prevents an unregistered user from accessing an image directly because he can preform authentication before allowing access to the file, using whatever authentication is in place for a members-only ASP or PHP web page.

Of course it wouldn't prevent a registered user who is authenticated and logged in from directly accessing the image.

Regards,
Rich

--
[http://www.smilingsouls.net]
Mail_IMAP: A PHP/C-Client/PEAR solution for webmail
Author: Beginning CSS: Cascading Style Sheets For Web Design
Reply With Quote
  #8 (permalink)  
Old July 1st, 2005, 04:14 PM
Registered User
 
Join Date: Jul 2005
Location: , Wisconsin, USA.
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The best way that I've found is to create a folder below the viewable wwwroot (or whatever your HTML root directory is) for your images to go in. Your page will then serve up links to an ASP page with the ID number of the image you want to display (I also wrote a function to tell you the ID number of the image if you don't want to look it up each time). You would have two pages:

--gallery.asp--
For my example, I just wrote a script to display all of the images in my images folder. Pretty simple. In any case, it runs through and assigns temporary ID numbers to all the images at runtime, and creates an image link like so:

    <img src="getimage.asp?id=<%=imgID%>" height="<%=imgHeight%>" width="<%=imgWidth%>" border="0" alt="" />

The script will also determine the height and width of each image to make older browsers and HTML validators happy.

--getimage.asp--
Takes the ID number from gallery.asp and finds the corrosponding image and writes its data to the browser.

You can view the code for gallery.asp here, and the code for getimage.asp here.
Reply With Quote
  #9 (permalink)  
Old July 1st, 2005, 04:17 PM
Registered User
 
Join Date: Jul 2005
Location: , Wisconsin, USA.
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I forgot one thing (this might have been obvious but I just wanted to make sure): you can include code in getimage.asp to authenticate the user and either serve up the image or serve up an alternate image saying something like "You are not authorized!! Go away." or w/e. If you have any questions feel free to email me.
Reply With Quote
  #10 (permalink)  
Old November 2nd, 2011, 06:33 AM
Registered User
Points: 3, Level: 1
Points: 3, Level: 1 Points: 3, Level: 1 Points: 3, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Nov 2011
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default VB script error

Permission denied
i m getting some VB script error.
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Restriction to certain applications PankajGarg10 General .NET 0 April 13th, 2007 01:08 AM
Capturing web camera image directly harini19 Java Basics 0 February 23rd, 2006 08:01 AM
xsd:restriction zas XML 0 November 1st, 2005 10:43 PM



All times are GMT -4. The time now is 01:14 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.