有什么办法可以防止他人拼url地址来访问到服务器上的图片吗
有什么办法可以防止别人拼url地址来访问到服务器上的图片吗?
有个个人资料的页面
这个是页面中放照片的span的代码
现在的问题是,那个“2092639”是一个id号,登录的用户,可以拼接url地址,直接查看其他用户的照片。
怎么才能做到直接在浏览器上敲http://XXX.XXX.XXX.XXX/public//zp/new/2092639.jpg种url看他不到照片?
------解决方案--------------------
图片改成有一个ashx输出
<configSections>
<section name="rewriter"
requirePermission="false"
type="Intelligencia.UrlRewriter.Configuration.RewriterConfigurationSectionHandler, Intelligencia.UrlRewriter" />
</configSections>
<rewriter>
<rewrite url="~/(p_img\d{3}/.+?)_(\d{1,3})x(\d{1,3})\.(jpg
------解决方案--------------------
jpeg
------解决方案--------------------
png
------解决方案--------------------
gif
------解决方案--------------------
bmp)$"
to="~/ResponseImg.ashx?FilePath=$1&Width=$2&Height=$3&Hex=$4"/>
</rewriter>
public class ResponseImg : IHttpHandler
{
static readonly DateTime Refresh;
static readonly DateTime Now;
static ResponseImg()
{
Now = DateTime.Now;
Refresh = Now.AddMonths(1);
}
public void ProcessRequest(HttpContext context)
{
if (!string.IsNullOrEmpty(context.Request.Headers["If-Modified-Since"]))
{
DateTime IfModifiedSince = DateTime.Parse(context.Request.Headers["If-Modified-Since"]);
if (IfModifiedSince > Now)
{
context.Response.StatusCode = 304;
return;
}
}
//你可以在这里获取图片的ID,然后判断是否属于用户的,是才输出,不是输入默认图片
//string folder = context.Request.QueryString["Folder"];
string filepath = context.Request.QueryString["FilePath"];
int width = int.Parse(context.Request.QueryString["Width"]);
int height = int.Parse(context.Request.QueryString["Height"]);
string hex = context.Request.QueryString["Hex"];
string path = context.Server.MapPath(string.Format("/QshopImg/{0}", filepath));
byte[] bytes = ImageHelper.Reset(path, width, height);
//System.Drawing.Image img = ImageHelper.Reset(bytes, width, height);
context.Response.Headers["Last-Modified"] = Refresh.ToString();
//context.Response.Cache.SetExpires(DateTime.Now.Add(Refresh));
//context.Response.Cache.SetMaxAge(refresh);
context.Response.Cache.SetCacheability(HttpCacheability.Public);
context.Response.CacheControl = HttpCacheability.Public.ToString();
context.Response.Cache.SetValidUntilExpires(true);
//context.Response.StatusCode = 304;
//img.Save(context.Response.OutputStream, ImageHelper.GetImageFormat(path));
有个个人资料的页面
<span class="img">
<img id="Content_UserBaseInfo1_Img" src="http://XXX.XXX.XXX.XXX/public//zp/new/2092639.jpg" style="width:134px;" />
</span>
这个是页面中放照片的span的代码
现在的问题是,那个“2092639”是一个id号,登录的用户,可以拼接url地址,直接查看其他用户的照片。
怎么才能做到直接在浏览器上敲http://XXX.XXX.XXX.XXX/public//zp/new/2092639.jpg种url看他不到照片?
------解决方案--------------------
图片改成有一个ashx输出
<configSections>
<section name="rewriter"
requirePermission="false"
type="Intelligencia.UrlRewriter.Configuration.RewriterConfigurationSectionHandler, Intelligencia.UrlRewriter" />
</configSections>
<rewriter>
<rewrite url="~/(p_img\d{3}/.+?)_(\d{1,3})x(\d{1,3})\.(jpg
------解决方案--------------------
jpeg
------解决方案--------------------
png
------解决方案--------------------
gif
------解决方案--------------------
bmp)$"
to="~/ResponseImg.ashx?FilePath=$1&Width=$2&Height=$3&Hex=$4"/>
</rewriter>
public class ResponseImg : IHttpHandler
{
static readonly DateTime Refresh;
static readonly DateTime Now;
static ResponseImg()
{
Now = DateTime.Now;
Refresh = Now.AddMonths(1);
}
public void ProcessRequest(HttpContext context)
{
if (!string.IsNullOrEmpty(context.Request.Headers["If-Modified-Since"]))
{
DateTime IfModifiedSince = DateTime.Parse(context.Request.Headers["If-Modified-Since"]);
if (IfModifiedSince > Now)
{
context.Response.StatusCode = 304;
return;
}
}
//你可以在这里获取图片的ID,然后判断是否属于用户的,是才输出,不是输入默认图片
//string folder = context.Request.QueryString["Folder"];
string filepath = context.Request.QueryString["FilePath"];
int width = int.Parse(context.Request.QueryString["Width"]);
int height = int.Parse(context.Request.QueryString["Height"]);
string hex = context.Request.QueryString["Hex"];
string path = context.Server.MapPath(string.Format("/QshopImg/{0}", filepath));
byte[] bytes = ImageHelper.Reset(path, width, height);
//System.Drawing.Image img = ImageHelper.Reset(bytes, width, height);
context.Response.Headers["Last-Modified"] = Refresh.ToString();
//context.Response.Cache.SetExpires(DateTime.Now.Add(Refresh));
//context.Response.Cache.SetMaxAge(refresh);
context.Response.Cache.SetCacheability(HttpCacheability.Public);
context.Response.CacheControl = HttpCacheability.Public.ToString();
context.Response.Cache.SetValidUntilExpires(true);
//context.Response.StatusCode = 304;
//img.Save(context.Response.OutputStream, ImageHelper.GetImageFormat(path));