c# - Obfuscate HTTP Handler designed to return image -


i'm trying retrieve image http handler.

an issue i'm having trying make application can access image, i've tried editing anonymous iis authentication allow application pool identity still lets users through.

here's example:

  1. aspx page makes call handler (picservice.ashx?id=1) passing in id via query string
  2. http handler sends image
  3. the image source services/picservice.ashx?id=1

this works fine. if user wanted go , visit picservice.ashx , type in old id, return image correlates id. i'm working sensitive information isn't acceptable.

i've had @ http forbidden handlers i'm not sure whether i'm going down right route.

i've tried returning image in aspx page can't due image control needing url.

how can return image database , have source of image secure?

should doing different way? or on right track (http forbidden)?

a technique have used in past have page (step 1) create guid, , register cache item keyed guid has actual image url in object. page constructs url handler, using guid , passes handler

the handler (step 2) knows go cache actual value , return content.

this way expose temporary "magic" value. obfuscation , not substitute proper security.

as example (from memory, syntax may off bit)

in aspx or caller

    string keyvalue = guid.newguid().tostring();     int yourimageid = 5;      cache.add(keyvalue, yourimageid) //expire in 5 or 10 seconds     string url = "handler.ashx?imgid=" + httputility.urlencode(keyvalue);     response.redirect(url, false);

in handler (i use ashx mostly, choose whatever suits need)

 string key = httputility.urldecode(context.request.querystring.get("imgid"));   int yourimageid = (int) context.cache.get(key);   //get image db , return content

again, because used guid doesn't mean have to, if trying obfuscate identity, choose not correlate identity.


Comments

Post a Comment

Popular posts from this blog

blackberry 10 - how to add multiple markers on the google map just by url? -

i have android application, want convert blackberry 10 , google map needed in app,but blackberry 10 not support googlemap , blackberry developer web site supply way replace it.the sample below: @override public void oncreate(bundle savedinstancestate) { super.oncreate(savedinstancestate); setcontentview(r.layout.main); webview webview = (webview) findviewbyid(r.id.mywebview); webview.getsettings().setjavascriptenabled(true); webview.loadurl("http://maps.google.com/?ll=36.97, -122&lci=bike&z=13&t=p"); } i cannot understand it,i not know how add multiple markers on googlemap via url? can me? this worked me map shown in webview.
Read more

php - guestbook returning database data to flash -

i've been struggling problem long , unable make work, hope can me it. first, know php files correct , mysql database works fine. in flash, able submit comment database comments not display. did many tests such making returned_database flash separately , worked fine - can see old comments. long combine submitting 1 , returning 1 together, flash doesn't show comments more. put lower version flash effects on frame thinking doesn't collaborate returning flash, submitting flash works fine. since pretty complex problem hard me copy actionscript code because on different frames in flash. if has ideas fixing maybe can send file you?
Read more

delphi - Dynamic file type icon -

i want register file type in windows , make program delphi draw icon of file according contents (something custom icon format). how can this? thanks nortd , user539484 comments, searched internet "shell icon handler delphi" , found sample here , , shell+ components has component this.
Read more