asp.net image caching and wcf secutity issue

[Jimi2Cool]

So, I have an aspx page called image.aspx I want to use to render image bytes obtained through a WCF service by their id. In order to prevent some malicious code from using this url and just iterating through all the images to get them all (thus really boggong down the site) I first call the service on the page that renders the image url to get a fresh token which is an encrypted datetime stamp. And adds that to the query string. The resulting html would look like

<img src=”getimage.aspx?id=123&token=SomeEncryptedKey” />

When that page loads is sends both params to the service. The service then decryps the timestamp and checks to see if it’s older than a few minutes or so and if it’s old doesn’t send the image.

My issue is that I need to support client side image caching. In this current model, every time the page that the image will be put on reloads, the stamp for that image would be getting reset thus changing the url (at least the token part) which would make the browser assume it’s not in the cache.

My question is
Is there a way to make the client only look at part of the url to see if it’ss cached like treat the above url as getimage.aspx?id=123 which is the important part? I’m guessing no.

To follow up, anyone have any ideas how I can protect myself from these types of attacks without using this method? I’m out of ideas here

 

[tcstom]

Could you find a different method of passing the encrypted key to getimage.aspx, like maybe storing it in the session when the page containing the image loads...?