Hii Everybody !!!
Can anyone tell me how to restrict
When user directly types the image address in addressbar , I donot allow to view this image ,Since user is directly accessing the image.

Since this image will be part of the asp/php code,with <img src=imglocation/imgname.jpg>

It's is perfectly ok that the page is properly displayed through the current hosted webpages (asp/php) page.

but when user types http://somfilename/foldername/imagename.jpg
he should not see the imagename.jpg,because he may or may not Registered Users!!
In general i want to prevent unauthorized Access to Images
Any help ,Guidelines are always Welcome
:)
Cheers


Cheers :)

vinod

__________________
Cheers :)

vinod

Hii Everybody
Again ,Since I am working in ASP ,so please give idea about that.

Offcourse it is possible with .Net and Php through(httphandler and .htaccess files).

my question is concerned with ASP+ IIS

Thanks Again

Cheers :)

vinod

Hi Vinod,

I don't know much about IIS or ASP but I believe you can control access through the IIS Metabase and IPSec?

Just what I've heard. Have you tried MSDN?

interrupt

There is no difference between ASP/IIS and PHP using htaccess. It cannot be done with traditional images in HTML. The browser needs the image to display it, once it is downloaded you cannot stop it being displayed.
You could have an asp page that returns the image using BinaryWrite. Before the image is returned you will need to check whether it is a direct request or from a web page. This maybe possible using cookies but I'm not sure. The only way I have seen that definitely works is via an ActiveX control or a Java applet that the user has to agree to let run before hand.


--

Joe (Microsoft MVP - XML)

I've used a couple of methods to initiate a logon requirement for arbitrary files.

One was custom 404 error pages. I remove the file from the virtual www-accessible file-system. Then when someone hits the document, it goes to the 404 error page. From there I parse the REQUEST_URI field, check authentication, do custom logging, retrieve the file and output it. All with a 200 response code, so as not to confuse the browser.

Another method I've used is building my own database-driven virtual file system, but this method does rely on a particular server enviornment, since I use PHP and Apache, it uses the Apache mod_rewrite module. I'm not sure what would be the ASP/IIs equivalent of this.

Here's a write-up I did on the mod_rewrite method though, which might help you start looking for a way to do it with .NET and IIs:
http://p2p.wrox.com/topic.asp?TOPIC_ID=31036

This latter method is very similar to the 404 method, except I am not relying on the 404 error script to do the work. Also, if you read my post there you'll see that the 404 method can be buggy. Essentially what happens is I can create "clean-URIs". That is to say instead of:
http://p2p.wrox.com/topic.asp?TOPIC_ID=31036

I can create:
http://p2p.wrox.com/topic/31036

When the latter URI comes in, I use Apache mod_rewrite to decide where to direct the request. In the Apache configuration I provide a few rules, such as "if the file requested doesn't exist in the normal file system as either a file or a directory, it goes to index.php". With that rule, Apache translates all non-existing file paths to go to index.php (without using a custom 404 document) . In index.php I can analyze the file path, query the database, authenticate, output the binary file, web page, or whatever's being requested. For better or worse what I've done is create a file system of my own.

I think that's the best method to control file access, personally, because it allows for so many more possibilities.


Regards,
Rich

--
[http://www.smilingsouls.net]
Mail_IMAP: A PHP/C-Client/PEAR solution for webmail
Author: Beginning CSS: Cascading Style Sheets For Web Design

Richard

How does that prevent the user opening a new browser window, with ctrl+n in IE for example, from the main page and just entering the image's url into the address bar?



--

Joe (Microsoft MVP - XML)

He said he wanted to restrict access to registered users, right?

The method I suggested prevents an unregistered user from accessing an image directly because he can preform authentication before allowing access to the file, using whatever authentication is in place for a members-only ASP or PHP web page.

Of course it wouldn't prevent a registered user who is authenticated and logged in from directly accessing the image.

Regards,
Rich

--
[http://www.smilingsouls.net]
Mail_IMAP: A PHP/C-Client/PEAR solution for webmail
Author: Beginning CSS: Cascading Style Sheets For Web Design

The best way that I've found is to create a folder below the viewable wwwroot (or whatever your HTML root directory is) for your images to go in. Your page will then serve up links to an ASP page with the ID number of the image you want to display (I also wrote a function to tell you the ID number of the image if you don't want to look it up each time). You would have two pages:

--gallery.asp--
For my example, I just wrote a script to display all of the images in my images folder. Pretty simple. In any case, it runs through and assigns temporary ID numbers to all the images at runtime, and creates an image link like so:

    <img src="getimage.asp?id=<%=imgID%>" height="<%=imgHeight%>" width="<%=imgWidth%>" border="0" alt="" />

The script will also determine the height and width of each image to make older browsers and HTML validators happy.

--getimage.asp--
Takes the ID number from gallery.asp and finds the corrosponding image and writes its data to the browser.

You can view the code for gallery.asp here, and the code for getimage.asp here.

I forgot one thing (this might have been obvious but I just wanted to make sure): you can include code in getimage.asp to authenticate the user and either serve up the image or serve up an alternate image saying something like "You are not authorized!! Go away." or w/e. If you have any questions feel free to email me.

Permission denied
i m getting some VB script error.