I facing a bit of trouble right now.. I have an image gallery for which I store images in a folder. Now if I want to access the images without any processing I must keep the folder there where I can directly access it like.. SomeFolder/imageset/image.jpeg but this can't not be protected thoroughly.. second if i keep the image folder in App_Data folder then I must use HttpHandler. this handler is creating a lot of mess because there has to be generated a lot of thumbs and other processing. Which makes the system to repond very slow.. What should I do to protect the user albums and make it snappy..
asked Jun 13, 2013 at 12:02
-
1one way would be to use config to restrict access and u can create roles and allow/restrict by it see here weblogs.asp.net/gurusarkar/archive/2008/09/29/…– ZakiCommented Jun 13, 2013 at 12:10
-
No it is the user album so I don't think I can create roles for each individual user..– Spirals WhirlsCommented Jun 13, 2013 at 12:15
Add a comment
|
2 Answers
This question comes up in mind most of the time, how to protect images.
Still there is no full proof technology in it, Facebook do some stuff around protecting images.
If you have confidential images either you can store in DB which will be accessible via permission to roles.
As well as if you need Folder only then authorize it to particular roles in Web.config.
(I am assuming the User-Role implementation is there)
answered Jun 13, 2013 at 12:11
-
Consider like facebook photo albums which belongs to a user.. If he wishes he lets other see it if he does not then it is not accessible by anyone.. roles is not making sense here.. Commented Jun 13, 2013 at 12:14
-
Ok, in that case, why don't you store this in DB? and manage user permission at DB level. Commented Jun 13, 2013 at 12:15
-
oh... I recently changed to folder I thought this is creating extra load for the DB as I was told too that DB is not for images in particular and I felt it too.. Commented Jun 13, 2013 at 12:17
-
hmm, it does put some extra load however with latest Sqlserver and right queries we can optimize load. Commented Jun 13, 2013 at 12:18
-
I have changed the design of photo album twice and now I am fully confused what should I do Commented Jun 13, 2013 at 12:19
Based on @Nipun's suggestion of using directory specific Web.config files to authorize access you could do the following.
Create a folder /Root/Images/Albums and add a web.config file with the following:
<system.web> <authentication mode="Forms"/> <authorization> <deny users="?"/> </authorization> </system.web>Each time you create a new user specific album, create a sub folder in the albums directory with the user's name ie. /Images/Albums/Stokedout/. And also dynamically create a web.config file which allows only that user to access it.
<system.web> <authentication mode="Forms"/> <authorization> <deny users="Stokedout"/> </authorization> </system.web>
If you do the above then no one else can see each others images. This is however a concept which I haven't tried.
answered Jun 13, 2013 at 12:33
-
hh...ok.. seems interesting to me . I must try this. but right now I think the App_Data folder will be the best choice and the httphandler concept. Commented Jun 13, 2013 at 12:36
-
That's cool. But it's worth a try if you are already using Membership services with Forms authentication. It would work for Windows auth too. The only issue would come about if the user was allowed to choose another username which you'd have to adjust the folder and config to. Commented Jun 13, 2013 at 12:45