In case, i'm create function to process excel and in the end of process i want to save excel into my "Download" folder in my pc.. but i get a different folder path between my pc and my server.. when i running my application using my pc, i get path "C:/Users/MyPCUserName/Downloads" but when i running application on published file (iis server), i get path "C:\Users\SYSTEM\Downloads\85FE1000".. I don't know what's the wrong with my code / function..
This my Code :
Private Sub myMethod(ByVal pProjectNo As String, ByVal pOrderNo As String)
Dim dt As DataTable = ClsUploadBreakDownInquiryDB.GetFinalInspectionData(pProjectNo, pOrderNo)
if dt.Rows.Count > 0
'My Function Here
Dim user As String = System.Environment.UserName
exl_b2.SaveAs("C:\Users\" & user & "\Downloads\" & pProjectNo & "_" & Microsoft.VisualBasic.Format (Date.Now, "yyyyMMdd_HHmmss") & ".xlsx", Excel.XlFileFormat.xlOpenXMLWorkbook)
End If
End Sub
You can save a up-loaded file on your web server quite much any place you want.
However, if you talking about a client side user - and their browswer download lcoation? You have ZERO, but 100% ZERO control over that location.
In fact, the user might be using a iPhone, or Android - and not even a desktop comptuer.
You do not have ANY ability in ANY case to control the location of a user download of a file. Files on the local computer are 100% hands off. When they download, it will usually go to their downloads folder - but the user settings control that.
You can't grab, see, or set ANY file location on the client side computer. I mean, if you could do that, then when you come to my site to view a cat picture? My code would then rummage around on your computer - looking for files called passwords, or files called banking etc and steal them
So, server side code behind? Sure, you can in most cases save the file on the web server computer anywhere you like - it don't matter a whole lot.
However, if you talking about client side computer locations for the user and their browser hitting your web site? No, you have zero information, zero control over the users files, and even where they choose to save, or download such files - that is their computer - and browsers give protection for reasons of security.
This can sometimes be confusing when using Visual Studio during development, since your computer, your browser and your web site are all running on the ONE SAME computer, but in a typical deployment, that of course is not the case. So, code behind has zero knowledge about the users local file system.
As a result, you cannot grab, or set ANY kind of file location information on the client side computer.
So, saving to "users" with code behind is ONLY going to apply to the code behind web server "user", and has nothing to do with the client side user.
As a general rule, any and all folders you work with and use from code behind? In EVERY case that should be a sub folder of your root of your project.
Keep in mind:
Any markup code - urls - that is relative to your web site
Any code behind - plane jane windows path name.
So, if you add a folder to your project, it might be say folder UpLoadFiles.
So, then web based, mark up based will be like this:
https://localhost:44392/UpLoadFiles/doc.pdf
So, UpLoadFiles is simple a sub folder in your project.
However, in code behind, your code ALWAYS works with plane jane valid windows file names. So, to convert above to a plane jane file path in windows? You do this:
Dim strFile As String = Server.MapPath("~/UpLoadFiles/abc.txt")
Dim strText As String = File.ReadAllText(strFile)
At this point, now str file is a plane jane valid full good old fashioned windows file name.
So, code behind = always plane jane window path name
So, web markup and URL = always a relative path from your project root.
dim strTextFile = File.ReadAllText(strFile).
Related
I have an asp.net web api project using token based authentication. my app uploaded and retrieve images and I keep file path in table_myfiles along with the uploaded user ID.
I would like the user to access only the files he have uploaded, which I can identify from the table.
How to protect my resources to restrict access to only to the user based on table_myfile ? And not to anyone without logging in or direct link / path ?
I have been searching for any possible solution for a week now , I think I should implement a middleware to manage access. But I couldn’t find any resources on how to implement the same.
Currently my api shows all resources just by directly accessing the file path/link.
The simple apporach is to remove the vitural folder, or that folders from the web site folders. That way, no simple URL exists for any of the files.
So, for a user to get/see/use/download a file? You present say a listview or some kind of grid (or repeater) that displays and lists out the files.
Then, when they want to download or view a file?
You use response.write and stream the file down to the client side.
Remember, on the server, code behind uses 100% clean and correct windows file paths. For any web based URL, then that folder must be in a valid path of the web site. When they type in a valid URL, it eventually gets translated to that given folder in the site (or a external folder provided when you create a mapped "virtual" folder in IIS. However, if you don't provide that virtual folder, or the folder is NOT in the web site file/folder sets, then no valid URL's exist. However, that folder can be directly used and hit with code behind - any valid server path/folder name is allowed in code behind.
Because when streaming the file, you need path name, file name, AND ALSO the "mine" type. Thankfully, .net 4.5 or later has this ability.
so, from a database (table) I display the file names like this:
But, if you click on the preview image, that is a image button.
The code behind simply gets/grabs the file name from the database.
I then download (stream) the file to the browser side like this:
if (File.Exists(strInternalFullPath))
{
string strConType = MimeMapping.GetMimeMapping(strInternalFullPath);
binFile = File.ReadAllBytes(strInternalFullPath);
Response.ContentType = strConType;
Response.AppendHeader("Content-Disposition", "attachment; filename=" + Path.GetFileName(strWebUrl));
Response.BinaryWrite(binFile);
Response.End();
}
else
MyToast2(this, btnLink.ClientID.ToString, "File Not found", "We no longer have this file avaiable.");
so, this buttion behaves 100% like a link, but there are no existing URL's or path name that points to the files folder from a web based URL.
Remember:
Web based URLs - they auto map from the web site URL to a existing folder.
You can use server.MapPath("some url to file") to "translate" this to a internal file name.
Code based files:
In your .net code (code behind) ANY file name is a standard plane, jane file name that points to a file on the server.
so, once we have that file name from the database, you can steam the file as if the user clicked on a link. But you never have to expose the actual file name, or file path. And no such valid URL's exist on the web site, since you do NOT have that files folder in the web site folder hierarchy - but placed that folder outside of the web site.
As long as that folder is outside of the web folders, and as long as you don't setup a virtual folder that points to that folder outside the web folders?
Then code behind can STILL get/grab/see/use any file on the server. that code uses a full valid windows file name, - but the web site will have no mapping to such a folder - hence no valid URL's will exist or can be typed in.
There are so many similar questions around the web, but none of them have helped me with this.
I have an asp.net application on a company intranet server. It is used to access a database on another file server, which also contains a number of images relevant to each record in the database.
I am a developer, but not a network person. I know a little bit about IIS, and using the IIS Manager, I created a virtual directory inside the asp.net application folder that maps to the UNC address on the other server where the images are. Using IIS Manager, I can explore the virtual directory and see all the files there. The problem is getting them to show up in my asp.net application.
I've tried setting permissions on the folder for Network Service, IUSR_aspnetserver, and my own credentials; I've tried various permutations of the path string, with / or // or \ or \, etc. I've tried impersonation, but I don't know if I am doing it right. I've placed a "debug" label on the page that tells me the path of the image while the app is running, and it is correct. Nothing seems to work.
Obviously there's something I am missing, but my network comprehension is around zero, my IIS experience is hardly any better, and I can't seem to get our staff of IT "experts" to help. And before you jump to any conclusions, I have a great personality.
Any ideas would be appreciated.
Thanks!
EDIT for #MohsinMehmood:
(I hope this is not too convoluted)
The page has a mapped drive in IIS to UNC share \\OtherServer\AppName\Images to a folder named ReceiptImages.
The web.config file has this entry:
<appSettings>
<add key="ImageFilePath" value="ReceiptImages/"/>
</appSettings>
And in the PageLoad event I have
ViewState("ImagesPath") = ConfigurationManager.AppSettings("ImageFilePath")
To create a global path string.
Then in code (VB) it's:
Dim btnReceiptThumbnailButton As New ImageButton
With btnReceiptThumbnailButton
.ID = "btn" & LineItem
.CssClass = "thumbnails"
.ImageAlign = ImageAlign.AbsMiddle
.Visible = True
.BackColor = Drawing.Color.White
.BorderColor = Drawing.Color.Black
.BorderWidth = 1
.ImageUrl = ViewState("ImagesPath") & LineItem
.CommandName = "GetReceiptImage"
.CommandArgument = LineItem
End With
I don't know if it was important enough to mention that the image is being placed in a button control to make it a thumbnail.
I have a requirement to create a directory on my applications server which is secure to all, but the application itself.
I have read this article
System.IO.Directory.CreateDirectory with permissions for only this current user?
Converting to VB, the code it suggests is:
Dim ds As New DirectorySecurity()
Dim sid As New SecurityIdentifier(WellKnownSidType.CreatorOwnerSid, Nothing)
Dim ace As New FileSystemAccessRule(sid,
FileSystemRights.FullControl,
AccessControlType.Allow)
ds.AddAccessRule(ace)
Directory.CreateDirectory(Dir, ds)
But when I follow that code instruction there, I cannot add files to the directory I have created.
I am guessing I should change the value of WellKnownSidType but I do not know what to!
To recap - what I need is a directory which my application can read and write to, but a user cannot access from a web browser to download any content.
Any help much appreciated!
my code generates a word document from some data and opens it directly.
when i start it local it works. but when i put the code in the server and try to generate it there it doesnt work.
the file should generate in the clients not on the server. is this possible?
this is how i create the word file:
Dim oApp As Word.Application
Dim oDoc As Word.Document
oApp = CreateObject("Word.Application")
oDoc = oApp.Documents.Add
afte i create the file i can open it with this command:
oApp.Visible = True
Your code is running under IIS on the server. When you run the code locally, it appears to work because your machine is the server and so, when Word opens, you see the window appear. Your code is still running on the "server," though!
You can't open a document directly on a client like this, and nor will the MSWord interop classes you've used affect a client machine. What you could do instead is create the document on the server, and then offer it as a download to your client. Their browser would then offer to the user the typical example of "Open/Save/Cancel" and handle the file as per any other download.
If you can guarantee the presence of a plugin on the client's browser, such that the document can be made to appear in-browser, this would also be an option - the mechanism for serving the file up would be broadly the same, though.
I have a classic asp application which retrieves the current application name and sets an Application variable containing that name. This name is important (I wont go into why) and is essentially the friendly name in IIS.
The problem is, the implementation used to get this name is flawed, it a) assumes the home directory contains the string wwwroot, and b) assumes the folder name is the same as the application name. I can no longer guarantee these conditions.
I would have thought the application name is know at run-time but I can't seem to find it in either Session or Application variables (at application start up entry point in global.asa). Any ideas?
You may want to try something like this:
Dim obj
Dim inst
inst = Request.ServerVariables("INSTANCE_ID")
Set obj = GetObject("IIS://localhost/W3SVC/" + inst)
Response.Write obj.ServerComment
If by friendly name you are referring to the IIS description, you might get some mileage out of the findweb.vbs file in the AdminScripts Folder of IIS (normally c:\Inetpub\AdminScripts) Some of the other scripts in that folder might be able to get you further too.
Try this aswell. It shows how to enumerate the IIS Websites through ADIS