ASP.NET MVC: how to prevent unauthenticated user to directly GET images?

Question

I have confidential images that I only want to show to authenticated users. On the razor view, which is only accessible to authenticated users, I have

How do I prevent an unauthenticated user to bypass my razor view and directly request this photo through a HTTP GET?

What have you tried? Where are the images stored? In the same relative path or some external service? — Mayank, Jul 04 '17 at 06:07

score 0 · Answer 1 · edited Jul 05 '17 at 14:02

0

Check this answer, it has multiple ways to do this.

Https://stackoverflow.com/questions/11726848/asp-net-mvc-4-intercept-all-incoming-requests

edited Jul 05 '17 at 14:02

Boney

2,072
3
18
23

answered Jul 04 '17 at 06:22

Amit Kumar Singh

4,393
2
9
22

score 0 · Accepted Answer · answered Jul 04 '17 at 06:30

You can use Attributes concept in mvc to accomplish your task. Use ActionFilterAttribute and override OnActionExecuting method. For implementation you can visit following links.

Asp.net mvc restrict specific users to access folder content

ASP.NET MVC 4 intercept all incoming requests

Thanks

score 0 · Answer 3 · answered Jul 04 '17 at 07:32

0

You need to develop an http handler that checks for image extensions. See this article for how to https://www.codeproject.com/Articles/39158/Protect-Files-and-Folders-Using-HttpHandlers-in-AS

answered Jul 04 '17 at 07:32

Houssam Hamdan

888
6
15

ASP.NET MVC: how to prevent unauthenticated user to directly GET images?

3 Answers3