. Net allows you to control image permissions and add watermarks to different accounts.

In this case, different users have different permissions to log on. If a free user downloads an image, a watermark is added to the image. If the user is a paid user, no watermark is added. In addition, the system automatically locks up to 30 minutes of logon attempts to prevent brute force password cracking.
 
1. The Users database table is defined as follows:
 
 
 
The data fields are described as follows:
 
"Id" is the primary key. In this instance, the case column ID is used to determine the user name. Therefore, the ID is recorded in the request Session. "username" is the user name and "password" is the password; "level" indicates the user level, "ErrorTimes" indicates the number of errors, and records the number of customer logins. "LastTimes" indicates the last logon time. When the number of user logins exceeds the limit, how long does it take to log on.
 
2. Add a dataset in VS Studio and set the following two methods:
 
(1) GetDataById (@ id): Get the id in the database
 
SELECT ErrorTimes, LastTimes, id, level, password, username FROM Users WHERE (id = @ id)
 
 
(2) GetDataByUserName (@ username): Get the username in the database
 
SELECT ErrorTimes, LastTimes, id, level, password, username FROM Users WHERE (username = @ username)
 
(3) incErrorTimesById (@ id): Obtain the database id, and set ErrorTimes to 1. The last logon time is the current date.
 
UPDATE [Users] SET ErrorTimes = ErrorTimes + 1, LastTimes = getdate () where id = @ id
 
(4) ResetErrorTimesById (@ id): sets the ErrorTimes of the current logon ID to 0.
 
UPDATE [Users] SET ErrorTimes = 0 where <a href = "mailto: id = @ id"> id = @ id </a>
 


 
3. Default. aspx is the homepage. The front-end HTML code is as follows:
 
<% @ Page Language = "C #" AutoEventWireup = "true" CodeBehind = "Default. aspx. cs" Inherits = "image permission control. _ Default" %>
 
<! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Transitional // EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
<Html xmlns = "http://www.w3.org/1999/xhtml">
<Head runat = "server">
<Title> </title>
</Head>
<Body>
<Form id = "form1" runat = "server">
<Asp: Label ID = "Label1" runat = "server" Text = "username:"> </asp: Label>
<Asp: TextBox ID = "UserName" runat = "server" Width = "176px"> </asp: TextBox>
<Div>

<Asp: Label ID = "Label2" runat = "server" Text = "Password:"> </asp: Label>
<Asp: TextBox ID = "PassWord" runat = "server" Height = "24px"
Style = "margin-left: 15px" TextMode = "Password" Width = "179px"> </asp: TextBox>
<Br/>
<Asp: Label ID = "ErrorMsg" runat = "server" Visible = "False"> </asp: Label>

</Div>
<Asp: Button ID = "LoginBtn" runat = "server" Text = "login" onclick = "LoginBtn_Click"/>
</Form>
</Body>
</Html>
 
 
4. Add the c # code for the logon button. The Default. aspx. cs code is as follows:
 
Using System;
Using System. Collections. Generic;
Using System. Linq;
Using System. Web;
Using System. Web. UI;
Using System. Web. UI. WebControls;
Using Image permission control. DataSetPicxsdTableAdapters;
 
Namespace image permission Control
{
Public partial class _ Default: System. Web. UI. Page
{
Protected void Page_Load (object sender, EventArgs e)
{
 
}
 
Protected void LoginBtn_Click (object sender, EventArgs e)
{
UsersTableAdapter adapter = new UsersTableAdapter ();
Var data = adapter. GetDataByUserName (UserName. Text );
If (data. Count <= 0)
{
ErrorMsg. Text = "the user name does not exist! ";
ErrorMsg. Visible = true;
}
Else
{
Var user = data. Single (); // return a unique piece of data
// If the last time and number of errors are not empty, run the following code:
If (! User. IsLastTimesNull ()&&! User. IsErrorTimesNull ())
{
 
Double span = (DateTime. Now-user. LastTimes). TotalMinutes; // calculate the interval between the current time and the last error time.
If (user. ErrorTimes> 3 & span <= 30)
{
ErrorMsg. Text = "too many password errors. Please try again in 30 minutes ";
ErrorMsg. Visible = true;
Return;
}
 
}
If (user. password = PassWord. Text)
{
 
Session ["Logon?"] = true;
Session ["Login user id"] = user. id; // store the current user id in the session
// If the logon succeeds, the error count of the current logon id is cleared.
Adapter. ResetErrorTimesById (user. id );
Response. Redirect ("DownloadList. aspx ");
 
}
Else
{
Adapter. incErrorTimesById (user. id); // when the password is incorrect, add 1
ErrorMsg. Text = "Incorrect password ";
ErrorMsg. Visible = true;
}
 
 
}
 
 
}
}
}
 
 
5. The DownLoadList. aspx front-end html code is as follows:
 
<% @ Page Language = "C #" AutoEventWireup = "true" CodeBehind = "DownloadList. aspx. cs" Inherits = "image permission control. DownloadList" %>
 
<! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Transitional // EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
<Html xmlns = "http://www.w3.org/1999/xhtml">
<Head runat = "server">
<Title> </title>
</Head>
<Body>
<Form id = "form1" runat = "server">
<Div>
<A href = "DownLoad. ashx? Filename=1.jpg "> image 1 </a> <br/>
<A href = "DownLoad. ashx? Filename=2.jpg "> Image 2 </a> <br/>
<A href = "DownLoad. ashx? Filename=3.jpg "> Image 3 </a> <br/>
</Div>
</Form>
</Body>
</Html>
 
 
 
The C # code in the background is as follows: the logon user is displayed.
 
Using System;
Using System. Collections. Generic;
Using System. Linq;
Using System. Web;
Using System. Web. UI;
Using System. Web. UI. WebControls;
Using Image permission control. DataSetPicxsdTableAdapters;
 
Namespace image permission Control
{
Public partial class DownloadList: System. Web. UI. Page
{
Protected void Page_Load (object sender, EventArgs e)
{
// Obtain the Login User id

Int UserId = (int) Context. Session ["Logon user ID"];
// Query the username of the current ID in the data table
UsersTableAdapter adapter = new UsersTableAdapter ();
Var data = adapter. GetDataById (UserId );
Var user = data. Single (); // return a unique data record
Response. Write ("Welcome Back-" + user. username );
Response. Write ("<a href = 'default. aspx '> logout </a> ");
}
}
}
 
 
6. Click DownLoad image on the DownLoadList. aspx page, and the data will be submitted to the general processing application DownLoad. ashx for processing. In this case, the user permission logon times will be determined.
 
Obtain the user's session from the browser and determine whether to log on.
 
Using System;
Using System. Collections. Generic;
Using System. Linq;
Using System. Web;
Using Image permission control. DataSetPicxsdTableAdapters;
Using System. Web. SessionState;
Using System. Drawing;
Using System. Drawing. Imaging;
 
 
Namespace image permission Control
{
/// <Summary>
/// $ Codebehindclassname $ abstract description
/// </Summary>

Public class DownLoad: IHttpHandler, IRequiresSessionState // Note: You need to implement this interface.
{
 
Public void ProcessRequest (HttpContext context)
{

String filename = context. Request ["filename"];
Context. Response. ContentType = "image/JPEG ";
String UrlFile = HttpUtility. UrlEncode (filename );
Context. Response. AddHeader ("Content-Disposition", string. Format ("attachment: filename = \" {0} \ "", UrlFile ));
If (context. Session ["Logon?"] = null)
{
Context. Response. Redirect ("redirectLogin.htm ");
 
}
Else
{
Int userId = (int) context. Session ["Login User id"]; // obtain the Login User id from the session
UsersTableAdapter adapter = new UsersTableAdapter ();
Var data = adapter. GetDataById (userId );
Var user = data. Single ();
If (user. level = 0) // normal user
{
// Add a watermark to a free user
Using (Bitmap bitmap = new Bitmap (context. Server. MapPath ("images/" + filename )))
{
Using (Graphics g = Graphics. FromImage (bitmap ))
{
G. DrawString ("free user use --" + user. username, new Font ("", 20), Brushes. Red );
}
Bitmap. Save (context. Response. OutputStream, ImageFormat. Jpeg );
}
}
Else // billable user
{
 
Context. Response. WriteFile ("images/" + filename); // Attack Vulnerability
}
 
}

}
 
Public bool IsReusable
{
Get
{
Return false;
}
}
}
}
 
 
7.if the login user does not have an issue, the system will turn to the redirectlogin.htm page. This page will go to the Default. aspx logon page after 3 seconds.
 
<! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Transitional // EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<Html xmlns = "http://www.w3.org/1999/xhtml">
<Head>
<Title> </title>
<Script type = "text/javascript">
Var lefttiems = 3;
SetInterval (function (){
If (lefttiems <0 ){
Window. location. href = 'default. aspx ';
}
Document. getElementById ("left"). innerText = lefttiems;
Lefttiems --;
 
},1000 );


</Script>
</Head>
<Body>
The page will jump to the logon page in 3 seconds. If the page does not jump, click <a href = "Default. aspx"> Click Log On </a> with the remaining
<Div id = "left"> 0 </div> seconds
</Body>
</Html>
 
 
Author ngy00988