[英]How to prevent direct access to images in ASP.NET MVC?
I need the same thing as this guy here: 我需要与此人在这里相同的东西:
http://forums.asp.net/t/1507682.aspx http://forums.asp.net/t/1507682.aspx
The thing is that the answer he marked as correct doesn't work for me. 问题是他标记为正确的答案对我不起作用。 I am using ASP.NET MVC3 soon to be migrated to MVC4 and Windows Server 2012. I want to prevent direct access to some images because of security issues.
我正在使用ASP.NET MVC3,很快将其迁移到MVC4和Windows Server2012。由于安全问题,我想防止直接访问某些图像。 It's not Image Leeching protection I'm worried at this moment, I read several articles on how to do that.
这不是我现在担心的图像渗水保护,我阅读了几篇有关如何做到这一点的文章。
If the link is on my page like this 如果链接在我的页面上是这样的
<img src="/Content/Images/img1.jpg" />
The image should be shown, but not if it is directly accessed: 应该显示该图像,但如果直接访问该图像则不显示:
http://mywebsite.com/Content/Images/img1.jpg
Since we're talking about images and several people accessing it, a solution that considers performance issue would be my way to go. 既然我们在谈论图像并且有几个人在访问它,那么考虑性能问题的解决方案将是我的解决之道。
Any ideas on how to implement that? 关于如何实施的任何想法?
Thanks. 谢谢。
Write an Action method which reads the image from disk / db and render it. 编写一个Action方法,该方法从磁盘/ db中读取图像并进行渲染。 In that action method, you may check whether the user is authorized or not and return the appropriate image or a "not authorized" image.
在该操作方法中,您可以检查用户是否被授权,然后返回适当的图像或“未授权”图像。
public class ProductController : Controller
{
public ActionResult Photo(string id)
{
// TO DO: get image using the unique id passed and render it
}
}
You can use the path to this action method as your image path. 您可以使用此操作方法的路径作为图像路径。
<img src="@Url.Action("Photo","Product")/someUniqueIDOfPhotoFromYourDB" />
This approach will have a slight performance impact compared to serving image directly from disk. 与直接从磁盘提供图像相比,此方法将对性能产生轻微影响。
You probably want to think outside MVC and handle hotlinking in IIS itself . 您可能想在MVC之外思考并在IIS本身中处理热链接 。 IIS has the tools (the referer (sic) header) to figure out whether or not an image request appears to have come from inside your site or not.
IIS具有工具(引用(sic)标头)来确定图像请求是否似乎来自您的网站内部。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.