In my asp.net web application, I read the xml file for obtaining a key. If file is not present I show a form to enter the key details and then create the file.
First problem: My app does not recognize the file even if its there.
Second problem: I am running application on the server. When writing, rather overwriting the file, browser shows the username, password prompt before writing the file. If I enter admin credentials it allows to create a file.
I have checked all possible combinations of permissions on the file / folders, but could not resolve the problem.
Any ideas, what I could be missing here?
You read the xml file but is it as a part of your solution? If yes, are you reading it through relative path i.e. are you using Server.MapPath to read it like Server.MapPath("~/Files.test.xml")? Once you use relative path, I don't think it will ask you credentials as it still is in your project directory.
It should work. I am also reading and writing files in my web application.
If it still does not work, please tell me the way you are reading file.
Thanks,
Related
In a web form (aspx) I want to ask the user for the path of a file that needs to be used by one of our team.
At first it was a simple textbox but a lot of people send us wrong path (copy/paste seemed too hard for them).
So I tried to use an input file to be sure the path exists but noticed that the file is then send with the form. As the files can weight hundreds of Mb that was not acceptable.
Then I found a way with Jquery to use the input file to get the path of the file without sending it : it works fine on IE but Chrome translate the path in "fakepath". I understand that it is for security reasons.
So I am again looking for a solution, working on all browser, to get from the user the path of a file (with a specific extension) without him being able to write a wrong path.
I hope someone will have the brillant idea I am unable to find :-).
How about receiving only a few kilobytes of the file data from stream instead of the whole file to ensure the path points to a valid file.
I have a form in ASP.Net MVC, which allows you to upload a file. The file is saved to a location on the server. For example, if the domain is www.test-domain.com, and the local path is c:\websites\test-domain.com\, the image is stored in /uploads/File/image.jpg.
When I try to access this url http://www.test-domain.com/uploads/File/image.jpg, I get redirected to the forms loginUrl="XXXX" path in web.config. To test, I removed the web.config entirely, and accessed the file. This time round, I get a 401 - Unauthorized: Access is denied due to invalid credentials.
I then uploaded another file via FTP this time, to http://www.test-domain.com/uploads/File/image2.jpg. This one can be accessed without any problem. I even tried download image.jpg as saved via Asp.Net, delete the file on server and re-upload the same exact file by FTP and it worked again!
It seems by FTP is working, while via Asp.Net somehow there are some access / authorisation requirement. I do have authentication set in Asp.Net, but I removed the entire web.config file, and I still got an error.
Any ideas?
I've found out why this was happening, though it is totally unrelated to what I thought it was in the beginning. I am uploading an image and resizing it. I've looked further in the code, and for some reason I was creating an image in the temporary windows folder, and then moving it to the actual location using File.Move.
It seems that the security permissions created are different, than if I had to create the file directly in the final folder. I've updated the code to create the image directly in the actual folder, and this is working fine.
Reference: http://blogs.msdn.com/b/oldnewthing/archive/2006/08/24/717181.aspx
Assume I want to write to a new file created within the space of my webapp.
One way would be use getServletContext().getRealPath("/") and use that String to create a new file on the server. However, often I come across advice like not using getServletContext().getRealPath("/").
Can someone please let me know of another way to write a new file within my webapp?
Many thanks.
Have some configuration property containing the absolute path of a directory outside of the webapp and web server path, read this path from the configuration property, and write to this directory.
To serve files from this directory, write a servlet that takes the name or ID of this file as parameter, reads the file from the directory, and sends its content to the response.
This will
work even if the app is deployed as a war file and never unzipped to the file system
allow you to redeploy the next version of the app or server without deleting all the uploaded/created files
allow you to add whatever control you want on the uploaded/created files, instead of making them available to everyone
In short, treat these files as data, stored in a database which happens to be the file system instead of a SQL database.
I want to get complete file path using file upload control. I want to use them to get all the files from that directory.
Thanks.
You can't do this. If you could it would be a huge security hole and a risk to every user everywhere.
Can somebody tell me how to prevent exe file from being uploaded in a website , even if exe file is inside zip file( exe file in a new folder and new folder is then zipped and uploaded)?
Allow the users to upload the file (if is ZIP) and do a server-side check by unpacking the archive and evaluating its content.
Short answer: you can't.
Pedantic answer: Don't have users upload files.
Long answer:
What code is handling this uploaded file? What are you doing with it? This is where the security needs to happen. You can explicitly check the file extension in the post handler, but that only gets you so far, as you've already determined.
Some tips:
-Drop files in a secure location outside the web root.
-Don't give your ASP.NET process user more permissions than it needs
-Give them unique server-generated names and proper extensions.
-Do not call Shell.Execute on user-uploaded files. Duh.
What exactly are you trying to prevent here? Your question is difficult to answer as-is.