I have a situation where I have to make a centralized image website. I want to secure those images from direct access. I want to send response with a watermark over it depending on request parameter. What is the best approach for it.
So far I have created a content website and directly accessing image.
Should I create handler from response.
But if I use handler will it be slow (response).
Kindly suggest me the best approach.
An image handler is the way to go, you will be able to check the http header referer and only serve image when appropriate.
There is an article on the code project that has all the parts you need:
http://www.codeproject.com/Articles/126421/Image-Handling-In-ASP-NET
You'll have to ignore certain sections and expand on others, but there is basically everything you need in the article.
This might help you: http://www.naveenbhat.in/2012/06/directory-security-on-webservice-with.html
Here, I created the handler for html and pdf types. You can implement the logic in same way for image.
Related
Is there a way to make a web app handle separate sessions for different browser windows/tabs other than having session id inside the URL?
In general form, what are the ways of storing session-id other than cookies and URL parameter?
I think you can try do it by using hidden fields in forms, but you have to create hidden form and make all links act as submit button (with some short JavaScript code setting proper value in fields responsible for target), but IMHO it is not the best solution, because all the requests will be using POST method and get all disadvantages of it.
And as question about other methods here is short list.
In short, no. You don't get any tab information from the client; a new browser window is just another client. The only way to differentiate clients is via cookies or parameters. Maybe you could create a tab-named cookie based on the javascript window object ID or something, but I kind of doubt it.
HTML5 (advert click-through, sorry) has some per-tab local storage options, but that probably won't help you right now.
Not sure if you searched before posting, but I found another question like yours - unanswered, but some good advice in the suggestions.
I have been searching around for a way to simply request webpages with HTML5. Specifically, I want to do an HTTP(S) request to a different site. It sounds like this is not possible at first due to obvious security reasons, but I have been told this is possible (maybe with WebSockets?).
I don't want to use iframes, unless there is a way to make it so the external site being requested does not know that it is being requested through an iframe.
I've been having a really difficult time finding this information. All I want to do is load a webpage, and display it.
Does anyone have some code they could share, or some suggestions?
Thanks.
Sounds like you are trying to to circumvent Same Origin Policy. Don't do that :)
If it is just the request you want (and nothing else), there are a number of ways to do it, namely with new Image in JavaScript or iframe. The site will know it is in an iframe by checking top.location.href != window.location.href.
funneling all your requests through a proxy might be a solution - the client addresses only the proxy and the actual url to retrieve would be a query string parameter.
best regards, carsten
In the Firebug Net panel, you can get a list of all HTTP requests made for the current page.
http://getfirebug.com/wiki/index.php/Net_Panel
Is there a way copy this list as text, so that I can paste it somewhere else for my own records? I’m doing some optimisation work, and it’d be really handy to save the requests made for pages before I optimise, so that I can check what effect my optimisation has.
Alternatively, are there any other tools that would give me the same file information (i.e. URL of file requested, size of file — I don’t need the timeline stuff that Firebug’s Net panel does) as Firebug, in text format?
FireBug NetExport extension is what you're looking for.
HttpFox provides a list of HTTP requests made by a web page, and lets you copy the list out as text.
It doesn’t provide the nice breakdowns that Firebug does (e.g. CSS, images, etc.), but the data is there.
LiveHTTPHeaders will also do this, try the generator tab for a concise list of the requests.
In my asp.net 2005 app, I would like conceal the app structure from the user. Currently, the end user can learn intimate details of my web app as they navigate and watch the url change. I don't want the end user to know about my application structure. I would like the browser url to not change if possible. Please advise.
thanks
E.A.
URL rewriting is the only one that can provide any kind of real concealment.
Just moving the requests to AJAX or to frames, means anyone (well, more advanced users) can still see those requests being fired, just not in the address bar.
Simplest solution is to use frames - a single frame that holds your application and is 100% * 100%. The URL will not change though the underlying URL can still be seen via "View Frame info", however only advanced users will even figure that out.
In your pages, make sure that they are contained inside the holding frame.
A couple of possibilities.
1) use AJAX to power everything. This will mean that the user never leaves the home page
2) use postbacks to power everything. In this, you'd have all those pages be user controls which you progrmattically hide or show.
3) URL rewriting (especially if this is asp.net 3.0 or later)
My site uses url parameters to dynamically load ascx files into a single main aspx. So if I get 'page_id=123' on the query string, I load the corresponding ascx. The url changes, but only the query string - the domain part remains the same.
If you want the url to remain precisely the same at all times, then frames (per Oded) or ajax (per Stephen) are probably the only ways to do it.
Short answer: use URL encryption
A simple & straight article: http://devcity.net/PrintArticle.aspx?ArticleID=47
and another article: https://web.archive.org/web/20210610035204/http://aspnet.4guysfromrolla.com/articles/083105-1.aspx
HTH
I want to make a site where there user can basically navigate the web from within an iframe. The catch is that I'd like to be able to have more control over what is rendered within the iframe. Specifically,
I'd like to be able to filter out images or text, disable forms etc.
I'd also like to be able to gather feedback such as what links the users clicked on.
Question 1:
Is this even possible using a standard back-end scripting language (like php), with html and javascript on the frontend?
Question 2:
Would I first need to grab the source of the site before it is rendered, then do whatever manipulation is necessary, and finally re-render it somehow?
Question 3:
Could somebody please explain the programming flow that would occur here (assuming its possible)?
I think you would probably want to grab the source of the of site (with server-side code) before rendering it. You might run into cross-site scripting issues if you try to use JavaScript. Your iframe would load a page like render.php and pass the address of the page to render os a querystring parameter. Then use regular expressions to find elements in the HTML that render.php downloads from the address. Rewrite the HTML as necessary and then write it all out to the iframe.
Rewrite links so that that the user is taken to a page you control and redirected onto a target site if you want to track where people are going. Example: a link in the page needs to go to google.com. You would send them to tracker.php?target=http://google.com. You control tracker.php and can log each load of this page and then redirect the user to the target site.
Update:
Another possible solution is to use Apache or other server to proxy the target website. There are modules like mod_proxy for this. There may also be modules that let you parse the HTML or you could roll your own.
I should point out that even the best solutions offered to your question will be somewhat brittle if you do not have full control over the target site. You will want to have lots of error handling or alerting.
You can have a look at this. It uses iFrame really well, and maybe even use the library it has.