使用HttpHandler隐藏图片真实地址，轻松实现防盗链

正着手准备做个图片共享网站，考虑到图片的防盗链，剥离出了BlogEngine的ImageHandler，并进行简单地修改。用来做隐藏图片的真实地址和防盗链。

原文地址：http://blog.moozi.net/archives/2008/10/12/use-httphandler-in-csharp-to-hide-the-true-address-of-the-picture/ 

 

    public class ImageHandler : IHttpHandler
    {
        public bool IsReusable
        {
            get { return false; }
        }
        public void ProcessRequest(HttpContext context)
        {
            if (!string.IsNullOrEmpty(context.Request.QueryString["picture"]))
            {
                string fileName = context.Request.QueryString["picture"];
                OnServing(fileName);
                try
                {
                    string folder = "App_Data/Picture/";
                    FileInfo fi = new FileInfo(context.Server.MapPath(folder) + fileName);

                    if (fi.Exists &&
                        fi.Directory.FullName.ToUpperInvariant().Contains(
                            Path.DirectorySeparatorChar + "PICTURE"))
                    {
                        //context.Response.Cache.SetCacheability(HttpCacheability.Public);
                        //context.Response.Cache.SetExpires(DateTime.Now.AddYears(1));

                        //if (Utils.SetConditionalGetHeaders(fi.CreationTimeUtc))
                        //    return;

                        int index = fileName.LastIndexOf(".") + 1;
                        string extension = fileName.Substring(index).ToUpperInvariant();

                        // Fix for IE not handling jpg image types
                        if (string.Compare(extension, "JPG") == 0)
                            context.Response.ContentType = "image/jpeg";
                        else
                            context.Response.ContentType = "image/" + extension;

                        context.Response.TransmitFile(fi.FullName);
                        OnServed(fileName);
                    }
                    else
                    {
                        OnBadRequest(fileName);
                        context.Response.ContentType = "image/gif";
                        context.Response.TransmitFile(context.Server.MapPath(folder) + "nophoto.gif");
                        //context.Response.Redirect(Utils.AbsoluteWebRoot + "error404.aspx");
                    }
                }
                catch (Exception ex)
                {
                    OnBadRequest(ex.Message);
                    //context.Response.Redirect(Utils.AbsoluteWebRoot + "error404.aspx");
                }
            }
        }

        /**//// <summary>
        /// Occurs before the requested image is served.
        /// </summary>
        public static event EventHandler<EventArgs> Serving;
        private static void OnServing(string file)
        {
            if (Serving != null)
            {
                Serving(file, EventArgs.Empty);
            }
        }

        /**//// <summary>
        /// Occurs when a file is served.
        /// </summary>
        public static event EventHandler<EventArgs> Served;
        private static void OnServed(string file)
        {
            if (Served != null)
            {
                Served(file, EventArgs.Empty);
            }
        }

        /**//// <summary>
        /// Occurs when the requested file does not exist.
        /// </summary>
        public static event EventHandler<EventArgs> BadRequest;
        private static void OnBadRequest(string file)
        {
            if (BadRequest != null)
            {
                BadRequest(file, EventArgs.Empty);
            }
        }
    }

备注：不太明白这里的private static void OnServing(string file)，private static void OnServed(string file)，private static void OnBadRequest(string file)这些方法以及事件的作用，还请网友们不吝赐教。

如果要实现防盗链，只需要加入对Request.UrlReferrer.Host的判断就OK了。

在Web.config中加入：

      <httpHandlers>
        <add verb="*" path="image.axd" type="MzMobile.Web.HttpHandlers.ImageHandler, MzMobile.Web" validate="false"/>
      </httpHandlers>

这样，在App_Data文件夹中创建"Picture"目录，并在目录下存放图片文件，这样就可以用image.axd?picture=PictureName (PictureName指你的图片名称)来访问图片了。

BlogEngine有太多值得学习的地方了，好东西啊！