You can prevent accessing those image by not posting their actual path on your server. Read here
This is how your < img > tag will look like :
<img src="data:image/png;base64,iVBORw0K....." id="pictureFrame"/>
This piece of code will do the job for the image in C#
private void encryptPhoto(string imagePath)
{
pictureFrame.Src = @"data:image/gif;base64," + EncodePhoto(Server.MapPath(imagePath));
}
private string EncodePhoto(string fileName)
{
return Convert.ToBase64String(File.ReadAllBytes(fileName));
}