I have developed a nice Business Object named "StaffBasicInfo" based on CSLA .NET. This object retrieves the Staff HRMD Info in addition to a URL to the Staff Photo Image. The main reason to develop this BO is to implement fine control and authorization logic.
I developed a FormView with "ItemTemplate" which has Label Elements with all the correct binding to StaffBasicInfo Properties including the URL to the Image file. I did the bindings using CslaDataSourse object. I bound the URL of "Pic" image using function "GetStaffPhotoURL()"
So far, every thing works fine.
Please see sample of code below:
<asp:FormView ID="frmStaffBasicInfo" runat="server" DataSourceID="srcStaffBasicInfo" CssClass="frmStaffBasicInfo"> <ItemTemplate> <div runat="server" id="divStaffPhoto" class="divStaffPhoto"> <asp:Image ID="Pic" runat=server ToolTip="Picture" ImageUrl='<%# GetStaffPhotoURL( Eval("StaffID") ) %>' /> </div> <div style="display:inline; width:80% "> <table style=" font-size:10pt;"> <tr> <td style="width: 13px; background-color: #eff3fa;"> <asp:Label ID="Label25" runat="server" Text="Staff ID:" CssClass="lblClass" Width="72px"></asp:Label></td> <td style="width: 100px; height: 21px; background-color: #eff3fa;"> <asp:Label ID="txtStaffID" runat="server" cssclass="fldClass" Style="z-index: 100; left: 64px; top: 14px" Width="99px" Text='<%# Eval("StaffId") %>'></asp:Label></td> </tr>
..... </table> </div> <div id="MsgLiteralDiv" class="MsgLiteral"> <asp:Literal ID="MsgLiteral" runat="server" Text='<%# Eval("Msg") %>'></asp:Literal> </div> </ItemTemplate> </asp:FormView> <csla:CslaDataSource ID="srcStaffBasicInfo" runat="server" TypeAssemblyName="" TypeName="CSLAIDB.Library.StaffBasicInfo, CSLAIDB.Library" TypeSupportsPaging="False" TypeSupportsSorting="False"> </csla:CslaDataSource>
Friend Function GetStaffPhotoURL(ByVal prmStaffID As String) As String Dim theURL As String If Not File.Exists(Server.MapPath(".") & "\Images\StaffPhotos\" & prmStaffID & ".jpg") Then theURL = "~/Images/StaffPhotos/NotAvail3.gif" Else theURL = "~/Images/StaffPhotos/" & prmStaffID & ".jpg" End If Return theURL End Function
The Question:
How I can bind the image "Pic" to the binary representation of the image so that I will prevent the end users from knowing the URL of the image and to prevent unauthorized users to view the pictures of other staff ?
I want to place the Staff Photos in a Folder on the Server which is not under a Virtual Folder and cannot be accessed directly from the IE, and yet be able to display the staff photo of selected staff as per the logic defined in the Business Object.
Please help.
Tarek.
Copyright (c) Marimer LLC