I suggest adding a second factor of confirmation, hardcoded.
- Give each picture a PicID and map with the corresponding UserID.
- Make the PicID is the data conveyed through URL QueryStrig, not UserID.
- User must login legally (by username and password). So UserID is becomes known to the app. This shall prevent anonymous guests.
- In Page_Load event handler:
a- Read the PicID from the QueryString.
b- Call from the DataBase (Select Query) the corresponding UserID for such PicID.
c- Now, compare between the Logged-In UserID with the DataBase provided UserID relevant to the picture. If they match, then it's the correct person (Show the Pic) ... if doesn't match then (don't show the pic).
