堆栈内存溢出
  简体   繁体   English

如何防止直接访问ASP.NET MVC中的图像?

[英]How to prevent direct access to images in ASP.NET MVC?

 原文  2013-04-01 15:13:11       c#/ asp.net-mvc/ asp.net-mvc-3

问题描述

I need the same thing as this guy here: 我需要与此人在这里相同的东西:

http://forums.asp.net/t/1507682.aspx http://forums.asp.net/t/1507682.aspx

The thing is that the answer he marked as correct doesn't work for me. 问题是他标记为正确的答案对我不起作用。 I am using ASP.NET MVC3 soon to be migrated to MVC4 and Windows Server 2012. I want to prevent direct access to some images because of security issues. 我正在使用ASP.NET MVC3,很快将其迁移到MVC4和Windows Server2012。由于安全问题,我想防止直接访问某些图像。 It's not Image Leeching protection I'm worried at this moment, I read several articles on how to do that. 这不是我现在担心的图像渗水保护,我阅读了几篇有关如何做到这一点的文章。

If the link is on my page like this 如果链接在我的页面上是这样的 

<img src="/Content/Images/img1.jpg" />

The image should be shown, but not if it is directly accessed: 应该显示该图像,但如果直接访问该图像则不显示: 

http://mywebsite.com/Content/Images/img1.jpg

Since we're talking about images and several people accessing it, a solution that considers performance issue would be my way to go. 既然我们在谈论图像并且有几个人在访问它,那么考虑性能问题的解决方案将是我的解决之道。

Any ideas on how to implement that? 关于如何实施的任何想法?

Thanks. 谢谢。

2 个解决方案

解决方案1
 3  2013-04-01 15:16:10

Write an Action method which reads the image from disk / db and render it. 编写一个Action方法,该方法从磁盘/ db中读取图像并进行渲染。 In that action method, you may check whether the user is authorized or not and return the appropriate image or a "not authorized" image. 在该操作方法中,您可以检查用户是否被授权,然后返回适当的图像或“未授权”图像。 

public class ProductController : Controller
{
  public ActionResult Photo(string id)
  {
   // TO DO:  get image using the unique id passed and render it
  }
}

You can use the path to this action method as your image path. 您可以使用此操作方法的路径作为图像路径。 

<img src="@Url.Action("Photo","Product")/someUniqueIDOfPhotoFromYourDB" />

This approach will have a slight performance impact compared to serving image directly from disk. 与直接从磁盘提供图像相比,此方法将对性能产生轻微影响。

解决方案2
 3 已采纳  2013-04-01 15:26:27

You probably want to think outside MVC and handle hotlinking in IIS itself . 您可能想在MVC之外思考并在IIS本身中处理热链接 IIS has the tools (the referer (sic) header) to figure out whether or not an image request appears to have come from inside your site or not. IIS具有工具(引用(sic)标头)来确定图像请求是否似乎来自您的网站内部。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何防止从asp.net mvc core中的url直接访问局部视图? - How to prevent partial view direct access from url in asp.net mvc core? 如何防止访问ASP.NET中的文件夹 - How to prevent access to a folder in ASP.NET 如果要在不直接访问数据库的DMZ中托管ASP.NET MVC Web应用程序,应如何设计其层(TCP端口1433被防火墙阻止)? - How to design tiers of ASP.NET MVC web application if it is to be hosted in DMZ with no direct access to database (tcp port 1433 blocked by firewall)? ASP.Net MVC防止通过RedirectToAction方法直接访问动作 - ASP.Net MVC Preventing direct access to action out of RedirectToAction method 如何防止多个ASP.NET MVC路由映射 - How To Prevent Multiple ASP.NET MVC Route Mappings ASP.NET MVC 5如何防止View显示为文本 - ASP.NET MVC 5 How to prevent View from displaying as text 在asp.net MVC中,如何防止对特定控制器的Web请求? - In asp.net MVC, How to prevent webrequest to a particular controller? 如何防止保存文件ASP.NET MVC 4应用程序 - How to prevent saving files asp.net mvc 4 application 如何防止ASP.net MVC应用程序进入域进行身份验证? - How to prevent ASP.net MVC application authenticating into domain? 如何在ASP.NET MVC中有效地提供图像 - How to efficiently serve images in ASP.NET MVC
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM