asp.net对来自其他用户的静态请求安全图像? [英] asp.net secure images against static requests from other users?
问题描述
我上,对于每个特定用户生成动态图像的现场工作。有时,这些图像包含非常敏感的数据的描绘。最近,我们已经开始看到属于不同用户的形式,为图片的请求
I work on a site that generates dynamic images for each specific user. Sometimes these images contain depictions of very sensitive data. Lately we have started to see requests for images that belong to a different user in the form of
HTTP://myapp/images/someuid/image1.jpg
显然,有人想通了,如果他们创造了正确的URL,他们可以访问其他用户的图像。我们存储图像的文件系统,以帮助减少带宽。
obviously, someone figured out they could access another users images if they created the proper URL. we store the images to the file system to help reduce bandwidth.
-
我们如何保护这一点 - 某种HTTP处理程序的?
how can we protect this - some sort of http handler?
有服务形象,趁-f缓存,而无需将其写入到文件系统,让IIS做肮脏的工作的一种方式?
is there a way of serving the image to take advantage o -f caching without having to write it to the file system and letting IIS do the dirty work?
推荐答案
使用一个.ashx的: -
Use an .ashx:-
TimeSpan maxAge = new TimeSpan(0, 15, 0); //!5 minute lifetiem.
context.Response.ContentType = "image/gif";
context.Response.Cache.SetCacheability(HttpCacheability.Private);
context.Response.Cache.SetExpires(DateTime.UtcNow.Add(maxAge));
context.Response.Cache.SetMaxAge(maxAge);
context.Response.Cache.SetLastModified(lastModified); // last modified date time of file
context.Response.WriteFile(filenameofGif);
您可以包括什么都$你需要确保正确的用户在访问中的图像c $ C检查。
You can include what ever code checks you need to ensure the correct users is accessing the image.
这篇关于asp.net对来自其他用户的静态请求安全图像?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!