Asp net core protect images


ASP.NET is a popular programming language used for web applications. One common requirement in web development is to images from unauthorized access. In this article, we will explore different approaches to protect images in ASP.NET Core.

Approach 1: Access to Images Folder

The simplest way to protect images is by restricting access to the folder where the images are stored. By default, ASP.NET Core allows access to static in the wwwroot folder. We can leverage this feature to store our images in a folder within the wwwroot directory.

To restrict access to the images folder, we can add the following code to the Startup.cs file:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    // Other configuration code

    app.UseStaticFiles(new StaticFileOptions
        FileProvider = new PhysicalFileProvider(
            Path.Combine(env.ContentRootPath, "Images")),
        RequestPath = "/Images"

    // Other configuration code

In the above code, we configure the app to serve static files from the “Images” folder. The RequestPath property specifies the URL path to access the images. By setting it to “/Images”, the images will be accessible at “”.

Approach 2: Implement Authentication and Authorization

If we need more fine-grained control over image access, we can implement authentication and authorization in our ASP.NET Core application. This allows us to restrict access to specific images based on user roles or permissions.

To implement authentication and authorization, we can use ASP.NET Core Identity. Here's an example of how we can protect images based on user roles:

[Authorize(Roles = "Admin")]
public IActionResult GetImage(string imageName)
    // Logic to retrieve and return the image

In the above code, we decorate the GetImage action method with the [Authorize(Roles = “Admin”)] attribute. This ensures that only users with the “Admin” role can access the image. If a user the required role tries to access the image, they will be redirected to the login page or access.

Approach 3: Generate Secure Image URLs

approach to protect images is by generating secure URLs that expire after a certain period of time. This prevents unauthorized users from accessing the images even if they have the URL.

We can achieve this by appending a token or a unique identifier to the image URL. The token can be generated based on the user's session or other authentication information. Here's an example:

public IActionResult GetSecureImageUrl(string imageName)
    // Logic to generate a secure token

    string imageUrl = $"{imageName}?token={secureToken}";

    return Redirect(imageUrl);

In the above code, we generate a secure token and append it to the image URL. The token can be validated on the server-side to ensure its authenticity and expiration. This approach adds an extra layer of security to protect the images.


Protecting images in ASP.NET Core is essential to prevent unauthorized access. We explored three different approaches to achieve this: restricting access to the images folder, implementing authentication and authorization, and generating secure image URLs. Depending on the of your application, you can the approach that best suits your needs.

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents