asp.net对来自其他用户的静态请求安全图像？ [英] asp.net secure images against static requests from other users?

问题描述

我上，对于每个特定用户生成动态图像的现场工作。有时，这些图像包含非常敏感的数据的描绘。最近，我们已经开始看到属于不同用户的形式，为图片的请求

I work on a site that generates dynamic images for each specific user. Sometimes these images contain depictions of very sensitive data. Lately we have started to see requests for images that belong to a different user in the form of

HTTP：//myapp/images/someuid/image1.jpg

显然，有人想通了，如果他们创造了正确的URL，他们可以访问其他用户的图像。我们存储图像的文件系统，以帮助减少带宽。

obviously, someone figured out they could access another users images if they created the proper URL. we store the images to the file system to help reduce bandwidth.

• 我们如何保护这一点 - 某种HTTP处理程序的？

• how can we protect this - some sort of http handler?

有服务形象，趁-f缓存，而无需将其写入到文件系统，让IIS做肮脏的工作的一种方式？

is there a way of serving the image to take advantage o -f caching without having to write it to the file system and letting IIS do the dirty work?

推荐答案

使用一个.ashx的： -

Use an .ashx:-

TimeSpan maxAge = new TimeSpan(0, 15, 0); //!5 minute lifetiem.

context.Response.ContentType = "image/gif";
context.Response.Cache.SetCacheability(HttpCacheability.Private);
context.Response.Cache.SetExpires(DateTime.UtcNow.Add(maxAge));
context.Response.Cache.SetMaxAge(maxAge);
context.Response.Cache.SetLastModified(lastModified); // last modified date time of file
context.Response.WriteFile(filenameofGif);

您可以包括什么都$你需要确保正确的用户在访问中的图像c $ C检查。

You can include what ever code checks you need to ensure the correct users is accessing the image.

这篇关于asp.net对来自其他用户的静态请求安全图像？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！