Protecting image files against direct access

Sep 3, 2007 at 2:26 PM
We are creating and running some 2.0 systems in low connectivity environment. We have 4 sites with 4 webservers and 4 sql servers. Sql Server database contents are replicated from the master database to the 3 slaves every night overnight. All applications use 2 connection strings – one to the local database and one to the master database (for the master site the 2 strings are obviously identical). In the applications, pages with passive activity use the passive string only, and pages with active activity use the active string.

All users are inside the corporate intranet and use windows logon and internet explorer. We use windows authentication, and use a database-table-controlled system to decide whether individual users have access to individual pages; refusal redirects the users to an AccessDenied.aspx page.

We have 6000 scan files, to which we need to control access very carefully – these are personal records. Types are pdf, jpg, bmp, tif, png. These files could be bulk converted to web-page-compatible image files – i.e. jpg, gif and/or png if required, and new files to be added could feasibly have that acceptability requirement. There are also 100 word.doc files and 50 excel.xls files which require viewing and require access control; these could maybe be converted to image files if required. Total size is 3 giga, with individual files as large as 34 mega; average size is 500k.

Normally in a good connectivity situation we would go for a database storage solution, but because of the low connectivity, we would prefer to use file system storage, with overnight robocopy.exe incremental copying and synchronization between sites.

Our problem is how to prevent direct access by users to the image files?

Potential solutions seem to be:

- break with the flow and revert to database storage – we would have to do some programmed intelligent replication in that case.
- use web.config file to prohibit direct access to these file suffixes – as per - and of course use an .aspx page to display the image in an image control.
- Store the images outside the viewable website directories and stream in as and when required, using a technique similar to
- Store the images inside the website but in a directory and subdirectories which are forbidden to all users except the local account (usually NT SERVICE) – then they are not directly viewable but can be pulled by into an aspx webpage to display the image in an image control. Web.config can be used to do this?
- There should also be additional possible solutions??

Sep 11, 2007 at 5:09 AM
I once used a method where the images (or files) were stored on a disk share that could not be accessed from the web.

Then had a page called GetFile.aspx?FileID=xxxxx

The getfile would retrieve the file from the disk based on it's file id (the db table held the filename, location, etc) and returned it to the browser.

Works for file/images etc, and it allows files stored on disk out of the database.