0

I'm currently building a ASP.NET MVC 3-WebApp that handles lots of images, lets say up to 100 per page. At the moment the WebApp itselfs serves the images. The reason is, I want to make sure that only authorized and logged on users can download the images. This approach suffers from performance, because on the one hand the Browsers loads the images sequentially, and on the other hand this scales not very well. Therefore I would like to introduce a external WCF-WebService from another host, that serves the images and only the images. This works very well, but at the moment I have no idea how to make the Download-Url secure.

In my page from lets say "www.imageviewer.com" I would like to have many image tags like so: [Image-Tag] Source="imageservice.imageviewer.com/Download/someID" [/Image-Tag]

I know I could send some encrypted security information within the Download Url, like UserID or other SecurityTokens and make some processing with that. But this would not prevent, that the User (or another User) can download the image in another Browser, without being logged on.

I would like to have a session-based solution. Only with a valid session after logging on to the WebApp the Browser should download the image from the WebService.

Any ideas how to solves this?

Steven Grigoleit
  • 21
  • 1
  • 3

1 Answers1

1

Are webservices the new regex?

Some people, when confronted with a problem, think "I know, I'll use a webservice". Now they have two problems.

Please describe in what way you think a webservice will make your images load faster? There will be more overhead (XML (un)packing, adding another layer of code), and since a webservice is not more or less an HTTP request than the thing your browser does when requesting an image you will still run into the browser's limit of connections.

A browser does not really sequentially load images, but rather does it at a rate of about two to eight at a time to the same domain.

Loading the images from different subdomains is a more common approach, and adding some lazy loading will speed it up even more. You can then still secure it, using information stored in your session, cookies or headers.

If you, on the other hand, just want an answer to your question and no friendly advice: you could simply secure your service with a Custom User Name and Password Validator, where you simply override the validator to validate against your known user credentials.

Community
  • 1
  • 1
CodeCaster
  • 147,647
  • 23
  • 218
  • 272
  • I have tested that downloading the images from another resource (no matter if it is a webservice or what ever) gives a "faster" user experience. The reason is, I think, that the Browser startes downloading images from a different ressource before the Browser finishes downloading+rendering+JS-processing of the current page. Maybe I am completely wrong. – Steven Grigoleit Feb 15 '12 at 09:18
  • If I am lazy loading the images from a different subdomain, how to share session information? The only think that comes into my mind is using Out-Of-Process or SqlServer Sessions. But i wanted to avoid doing that. – Steven Grigoleit Feb 15 '12 at 09:24
  • @StevenGrigoleit your first comment states "different resource", when that is another (sub)domain it will load faster because of the way browsers handle connections, of which I put a link in my answer. Furthermore you can serve subdomains from the same website in IIS, so they'll share all data like sessions and configurations (i.e. connection strings and whatnot). – CodeCaster Feb 15 '12 at 12:18