aspx, response.write, image and link referencing - asp.net

I've spent a while trying to find out whether what I want is possible.
I have 3 websites on different domains. Two are in English, one in French. We have one page in english, one in french which are identical apart from the text. These pages and relevant images (we'll call common content) are stored on a separate domain (reasons beyond my control) and use response-writefile to insert the content into the two english pages.
Got all that working fine. However, the images in these common pages have a path relative to domain on which they are stored, which means when the pages are written into the main pages, the images dont show. I understand why and can get around it by putting in the full path of the image.
I would prefer not to go through every single page changing the image path, is there any way of the server knowing or being told that the image is relative to the common content and not the rendered page?
I wouldn't have thought so, but it would save my day if there was!
Further explanation:
Relative path of image:
abc.png
Path of common content file:
http://domain1.com/CommonContent/123.html
Code in final pages (domain2.com/english.html):
<% Response.WriteFile("/CommonContent/123.html"); %>
Rendered path of image (what I don't want):
http://domain2.com/abd.png
Ideal path of image in rendered page: ie, what I want to happen:
http://domain1.com/CommonContent/abd.png

what you can do is use WebClient class to get the page content
String URI = "http://domain1.com/CommonContent/123.html";
WebClient webClient = new WebClient();
Stream stream = webClient.OpenRead(URI);
String request = reader.ReadToEnd();
then you perform a string replace, here I'm not sure what can match, maybe something like this can match:
request.Replace("<src=", "<src=http://domain1.com/CommonContent/")
then you render this string to the browser.

You can make Application Settings having the path for each domain on each application, and then maybe add a function that will be in charge of writing the full path of the pictures. Also you can make an HTTP Module to address this issue as well as a Generic Handler that will receive all requests for images and load them from different domains/applications.
Good luck!

Related

What does ?t=some-number mean when used at the end of an image url

Here is the example image url I found on Steam.
https://steamcommunity-a.akamaihd.net/public/shared/images/header/globalheader_logo.png?t=962016
The image url gives the same result with or without the ?t=962016. What is it called? And what does it do?
?t=962016
This is a technique to disable browser caching, browser sees it as a new url, and fetches the resource again from web server. The resource can be image, css file, js file etc. This is the most common use case, but can be also used differently by the web server.
There is another use case also. I have done this one of my project.
I have a made all requests to *.jpg handle by a php script.
Eg: mysite.com/user/avatar.jpg?id=100
avatar.jpg is actually a php script which takes the query param (in this case the id 100) and returns the correspond user's avatar (user with id 100). Browser see this as an image. Another advantage is we can disable hot linking directly to this image, as the script can check if the request is originated from the same domain.
IMO there is 2 possibilities
- They put that parameter to avoid the image to be cached, the value of t is random in this case
- The image can be generated by a script, in this case the value of t is the id of the image.

Image disappear when url route

I am writing a web page to show image (image is dynamically generate by .Net charting) in a web. I have used the asp.net web forms URL routing to navigate to this page. Once I use the URL routing the image appear on the page. Anyway this is working fine for normal page browse.
More than likely your link to the image is using a relative path, and once you introduce routing you are working with a URL structure that appears to be deeper nested in the folder structure than it is.
When linking to the image for display I would recommend using root relative path something like /Images/MyFile.jpg rather than ../Images/MyFile.jpg, or similar.
This way if your route changes, and additional "folders" appear in the route, the link will still work.

How can i hide/secure image path?

How can I hide/secure image path in asp.net? I don't want the user see image path directly.
I have googled with my problem and found the following URL:
http://www.codeproject.com/KB/web-security/ImageObfuscation.aspx
On this page it suggests changing the image path like this:
<img ID='ImageControl'
src='ShowImage.axd?Path=<% EncryptString("C:\Images\img.ext", Page) %>'
But if user copy this image src and paste it into their browser with the domain name then it will show image.
There's absolutely no way to achieve this, so no need to waste your time and efforts. As long as the browser can show an image, the user can also directly fetch it.
It really depends on what you are trying to achieve.
If you're trying to stop people linking to your images from another site, then the best option would be to extend the handler you mentioned in your question to only return an image if the Request.Referrer is your own site.
This means that if they did then try and link to the image via your handler, they'd only see a broken image/no image, they wouldn't be able to request the image directly in their browsers, etc.
You should also probably include some sort of time stamp in the encrypted path, and reject requests that come from too long ago - this will again limit the validity of the links:
<img ID='ImageControl'
src='ShowImage.axd?Path=<% EncryptString("C:\Images\img.ext|" + DateTime.Now.ToString(), Page) %>'
Then in your handler:
Dim pathAndTimeEnc As String = ctx.Request.Params("Path")
Dim pathAndTime As String
Dim path As String
Dim timeStamp As DateTime
pathAndTime = Common.DecryptString(pathAndTimeEnc, ctx)
Dim parts = pathAndTime.Split("|"C)
path = parts(0)
timeStamp = DateTime.Parse(parts(1))
Dim fiveMin As TimeSpan = New TimeStamp(0, 5, 0)
If DateTime.Now.Subtract(timeStamp) < fiveMin Then
' Return image.
End If
If you're trying to stop people downloading your images then you're not really going to stop more than the most basic internet user - after all to display the image on your site, you'll need to send a copy of it to the client browser.
However, a couple of possible options to make it harder:
Ensure that the images expire immediately, this means the browser shouldn't keep them locally for that long - however it does mean that none of the images will be cached, and you'll end up with higher bandwidth useage for repeat viewers; if you are using the handler you can do this in code:
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now);
Use CSS to place a transparent 1x1px image over the top of the images on your site - this way if a user right-clicks on the image to save it, they will get the path to the transparent image rather than the one they are expecting (Flickr does/used to do this)
At the end of the day, if you put some content online, then it's very hard to stop the most dedicated "thief" from taking it and using it.
You could do some hack that symlinks the real image path to some (one time) temporary location which is sent to the client. Once the client has received the image, the symlink can be removed; although... what a hack!
How comes the image path is a secret?
You can do this, but it's going to be a lot of work, people are going to be able to get around it, and so there needs to be a really good reason for doing it and you need to recognize that it will never be a 100% solution. It will (at best) be a solution to prevent the non-technical from grabbing the images. (And even they can use Alt+PrintScreen.) And it will take time away from whatever you're doing that actually generates value.
But:
Basically, you can use one-time paths tied to an IP address. When the page is requested, log the IP address and generate custom image paths for that page basically in the form of "http://example.com/images/alsdkjflaskdf" (or "http://example.com/images/getimage?alsdkjflaskdf" if you can't do custom URL handlers) where the "alsdkjflaskdf" part is an encrypted/obfuscated, one-time-only path to the image that's only valid from that IP address, and only valid for a given time period. Once the time is up or it's been used, purge that generated path from your database (or whatever you're using to keep track).
The paths would be
Limited to the IP address
Time-limited
One-time-only
As you can see, it's a pain, and I could easily work around it with wget. Your time is almost certainly better spent elsewhere.
Store the path in a database or xml. Store some kind of unique id each path and rewrite the handler to query the path from the datasource. You can use like this:
< img ID='ImageControl' src='ShowImage.axd?ID=1 %>'
And the path reamain secret :)
Ok. Reread the original post. Try to store the session whitch page has been seen. And if there is no one or not the page that contain the picture You show a black screen. Yes the visitor can see if use the link after s/he saw the page, but until the session is alive. And the link won't work if s/he link to somewhere.

WebRequest retrieved site loads different then original

I am using WebRequest to retrieve a html page from the web and then displaying it using Response.Write.
The resulting page looks different from the original mostly in font and layout.
What could be the possible reasons and how to fix it?
Most probably, the HTML you retrieve contains relative URLs for loading images, stylesheets, scripts. These URLs are not correct for the page as you serve it from your site. You can fix this by converting all of the relative URLs into absolute URLs or by including a BASE tag in the head of the HTML, pointing to the URL of the original page.
Be advised though that deeplinking to images and other resources is considered bad practice. The source site may not like what you are doing.
The reason might be that the original html page contains relative (to the original site) paths to the stylesheet files so when you render the html in your site it cannot find the css.
Does the remote web site include CSS, JavaScript, or images?
If so, are any of the above resources referenced with relative links (i.e.: /javascript/script.js)?
If so, when the browser receives the HTML from your server, the relative links (which were originally relative to the source server) are now relative to your server.
You can fix this by either changing the HTML to use absolute links (i.e.: http://www.server.com/javascript/script.js). This is more complicated than it sounds: you'll need to catch <link href="..."/>, <a href="..."/>, <form action="..."/>, <script src="..."/>, <img src="..."/>, etc.
A more limited solution would be to place the actual resources onto your server in the same structure as they exist on the original server.
The remote site might look at the User-Agent and serve different content based on that.
Also, you should compare the HTML you can retrieve from the remote site, with the HTML you get by visiting the site in a browser. If they are not different, you are probably missing images and/or css and javascript, because of relative paths, as already suggested in another answer.

Export ASPX to HTML

We're building a CMS. The site will be built and managed by the users in aspx pages, but we would like to create a static site of HTML's.
The way we're doing it now is with code I found here that overloads the Render method in the Aspx Page and writes the HTML string to a file. This works fine for a single page, but the thing with our CMS is that we want to automatically create a few HTML pages for a site right from the start, even before the creator has edited anything in the system.
Does anyone know of any way to do this?
I seem to have found the solution for my problemby using the Server.Ecxcute method.
I found an article that demonstared the use of it:
TextWriter textWriter = new StringWriter();
Server.Execute("myOtherPage.aspx", textWriter);
Then I do a few maniulatons on the textWriter, and insert it into an html file. Et voila! It works!
Calling the Render method is still pretty simple. Just create an instance of your page, create a stub WebContext along with the WebRequest object, and call the Render method of the page. You are then free to do whatever you want with the results.
Alternatively, write a little curl or wget script to download and store whichever pages you want to make static.
You could use wget (a command line tool) to recursively query each page and save them to html files. It would update all necessary links in the resulting html to reference .html files instead of .aspx. This way, you can code all your site as if you were using server-generated pages (easier to test), and then convert it to static pages.
If you need static HTML for performance reasons only, my preference would be to use ASP.Net output caching.
I recommend you do this a very simple way and don't do it in code. It will allow your CMS code to do what the CMS code should do and will keep it as simple as possible.
Use a product such as HTTrack. It calls itself a "website copier". It crawls a site and creates html output. It is fast and free. You can just have it run at whatever frequency you think is best.
It decouples your HTML output needs from your CMS design and implementation. It reduces complexity and gives you some flexibility in how you output the HTML without introducing failure points in your CMS code.
#ckarras: I would rather not use an external tool, because I want the HTML pages to be created programmatically and not manually.
#jttraino: I don't have a time interval in which the site needs to be outputted- the uotput has to occur when a user creates a new site.
#Frank Krueger: I don't really understand how to create an instance of my page using WebContext and WebRequest.
I searched for "wget" in searchdotnet, and got to a post about a .net class called WebClient. It seems to do what I want if I use the DownloadString() method - gets a string from a specific url. The problem is that because our CMS needs to be logged in to, when the method tries to reach the page it's thrown to the login page, and therefore returns the login.aspx HTML...
Any thoughts as to how I can continue from here?

Resources