1. Home
  2. Forums Index
  3. Server Side / Microsoft IIS Web Server and ASP.NET 5:19 am Apr 28, 2026

Forum Moderators: open

Message Too Old, No Replies

hiding JPEGs

...need to control access

         

RossWal

11:42 pm on Jan 27, 2003 (gmt 0)

10+ Year Member



I have scanned images of private documents that I need to make available on my .NET website. I have an authentication system in place, so I can restrict access to my asp/aspx pages, but it is not integrated with NTFS, so I can't lock down the images that way. So what to do to prevent users from pulling up the images directly? Any thoughts most welcome.

Thanks!

wardbekker

9:18 am on Jan 28, 2003 (gmt 0)

10+ Year Member



Rosswal,

Place the image files outside of the public dir. Then create an asp.net page that returns the image data bases on a filename specified in the querystring ( getImage.aspx?filename=pizza.jpg )

GetImage can read the original image file (give the asp_net process read access to them) and check the security

RossWal

5:06 pm on Jan 28, 2003 (gmt 0)

10+ Year Member



Gotcha!

Xoc

6:27 am on Feb 5, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Another thing you can do is add mappings for .jpg to use the ASP.NET dll. Then it will use the ASP.NET security to see if it can get to the jpeg. This will slightly slow down the access to the jpeg, but it will work. You can change the mapping in the IIS manager.
  1. Right click on the web site and select properties.
  2. Go to the Home Directory tab
  3. Click the Configuration button
  4. Select the .aspx file listing in the listbox and press Edit
  5. Select the path in the Executable textbox and press Ctrl+C
  6. Press Cancel
  7. Press the Add button
  8. Paste the path using Ctrl+V
  9. Add the file extension .jpg
  10. Select the Limit To option
  11. Put the verbs GET,HEAD,POST,DEBUG into the textbox
  12. Press OK
  13. Repeat adding for .jpeg, .gif, .png, etc.

This will cause the ASP.NET ISAPI filter to be run every time a request for a .jpg or other graphic file is requested.

Xoc

6:29 am on Feb 5, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Another thing you can do is add mappings for .jpg to use the ASP.NET dll. Then it will use the ASP.NET security to see if it can get to the jpeg. This will slightly slow down the access to the jpeg, but it will work. You can change the mapping in the IIS manager.
  1. Right click on the web site and select properties.
  2. Go to the Home Directory tab
  3. Click the Configuration button
  4. Select the .aspx file listing in the listbox and press Edit
  5. Select the path in the Executable textbox and press Ctrl+C
  6. Press Cancel
  7. Press the Add button
  8. Paste the path using Ctrl+V
  9. Add the file extension .jpg
  10. Select the Limit To option
  11. Put the verbs GET,HEAD,POST,DEBUG into the textbox
  12. Press OK
  13. Repeat adding for .jpeg, .gif, .png, etc.

This will cause the ASP.NET ISAPI filter to be run every time a request for a .jpg or other graphic file is requested. You can then put restrictions into the web.config file to keep users out of those files.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Microsoft IIS Web Server and ASP.NET 5:19 am Apr 28, 2026