I want to display an image for a shopping cart item that is stored in my database. I got 90% to what I wanted by following this SO post.
My view has an image like this:
<img alt="@item.Name" src="@Url.Action("Get_Cart_Item_Image", "Cart", new { sku_code = item.Summary })">
My controller has a method like this:
public ActionResult Get_Cart_Item_Image(string sku_code)
{
using(var stream = new MemoryStream()) {
GetSKU(sku_code).Image.Save(stream, ImageFormat.Png);
return File(stream.ToArray(), "image/png");
}
}
This does what I want. It fetches the correct image from the database and displays properly in my view.
The problem is that I notice that the controller method is browsable, such that a user could (perhaps by accident) go to url Cart/Get_Cart_Item_Image?sku_code="SomethingValid" and end up looking at a page with nothing but an image.
From what I have read, adding [ChildActionOnly] to this controller action should make it unbrowsable, but doing so also makes the image not appear in the view, instead showing the missing image icon.
So my question is, what do I need to do to allow my views to get at images in my database without the controller methods being browsable by users? Is this even possible? Is what I'm doing best practice?
