Launch file on local file server from web app - asp.net

Given an ASP.NET MVC intranet web app, how can I give users access to files located on a shared (mapped) drive? I don't want the browser to download a copy, I want to emulate the user navigating to the drive and opening the file.
I understand that there are security risks, and that this is not a simple task. I've considered webdav, and activex, and worst case scenario in-browser editing. BUT, I'd like to think there's a way to accomplish this.
Thoughts?
Thank you

Related

Working with IIS on DMZ

Scenario
I have an application that I have been developing for two years. I use the framework .NET to develop it in a language called Oxygene that comes from Pascal.
When I have something new in my code, I publish my application in File System method. I have a couple servers working on Amazon EC2, so I transfer this files to a folder in my IIS Server. In this IIS Server I already have a website that corresponds to my application, so I just replace the old files for the newest files.
I have another server that works as an SQL server.
Last detail is that in my application the user is able to attach files, import pictures, export PDF and Excel files. Attachments and pictures are stored in the same folder the application is located.
Issue
Here is my problem. I have got a new client that is kind of a big client. It seems like this company has a strong IT security, so the application must be located in their servers.
The big problem is that they required my application to be set in the following architecture:
I am used to only use an app server (works for external access) and a SQL server. They want the third server in DMZ net so they can let external access happen. The reason the application can't be placed in the DMZ is because there are the files I mentioned bellow that the user stores in the application. The database stores all the data, but not those files mentioned.
Solutions I have offered, but won't be accepted:
Publishing the application in a IIS server located in the DMZ: That won't be accepted since my application stores user attachments in the same folder the application is located. There are also images stored there.
Publishing the application in the app server, but also publishing a empty application in the DMZ server redirecting to the IIS server inside the LAN: That's the best solution I have come up.
Using a reverse proxy to protect the LAN Net: This is off the table, since reverse proxy is not safe at all.
I am kind of confused because I can't see a way to separate my application in two to make it work in that suggested architecture.
Can anybody give me a hint or ideas of how this would work?
-
You can't "redirect" to inside the LAN, a redirect is a client-side operation, so if the internal server isn't already exposed, you can't redirect someone to it.
A reverse proxy is likely your best bet. Why do you believe it is not safe? This is a tried-and-true solution, it allows you to leave additional ports/services open to internal requests (like a file server, which it sounds like you are trying to expose).
How are these files getting uploaded? Are you using FTP? SMB? HTTP? This solution will not expose those other protocols to the outside world (please don't expose SMB to the outside, it will result in tragedy). Do the external users need to upload these files?

Temporary file upload location in Asp.Net MVC web deploy

I use Visual Studio 2013's "Publish" and Web Deploy to publish my Asp.Net MVC 5 website. However when I update my website, it won't work during the upload. I'm looking for a way to minimize the downtime of the website during the update. The website is running in a VPS and I have full access to it. One solution that came to my mind is to configure the Web Deploy to first put the uploaded files to a temporary folder and once the upload is finished, it should then replace the new files. This would make the update a few seconds tops. I can do this manually but that's not an elegant way to update one's website.
PS: Maybe there are better ways to update the website but so far I like the web deploy. It's much faster than FTP for instance.
One of the most interesting things I've seen is to have two websites. Only one of them is running at a time. After finishing the upload, you disable the active one, and enable the one you uploaded too.
This works well if both are in the same Application Pool and even works with sessions if you want (how to: Configure SQL Server to Store ASP.NET Session State).
I've never done it this way, seems a little to complex for the minimal down time there actually is, but it's one way.
Here's the solution that we use on a high traffic website with 4 web servers.
1) Files are moved to the server into /site/version-xxx
2) IIS Web Application is re-pointed to the new version.
All this is automated and synchronized across the web servers. The end user doesn't notice any difference. (we don't rely on sessions to persist the user experience, if sessions is a must for you and you don't want to interrupt them, then you need to consider to store them on an external system that will not flush them when the websites are repointed).
This approach also allows us to rollback to any previous version.

Creating a standalone windows application from an ASP.NET website

I am developing an ASP.NET website. The users can open up the web page and work with data when they are online. But I want to make them able to work when they are offline and submit their changes later when they are online again. The offline application must be very simple to run and I don't want to develop a separate windows application for this purpose.
So I want to build an executable that when starts, first starts up a local IIS and then opens the startup page of my website (which is locally available) in the user's browser.
And of course it would be great if this executable can be installed on the user's system along with my website files, IIS and SQL Server Express all in one package.
OK I re-read your question and see that you will have local IIS and local Database installed on all client systems.
So then the solution is very simple.
The Applicaiton (main form)
Create a windows forms application.
Put a WebBrowser control and a StatusStrip control on the form.
Add two string resources named say LocalStartUrl and OnlineStartUrl, which holds the addresses of your local and online website home/startup pages.
On Form_Load, check for online internet connectivity and accordingly launch either LocalStartUrl or OnlineStartUrl in the webbrowser control. You can show messagebox and use the StatusBar to inform the user of the same.
The sync module:
The database sync module runs in the timer/separate thread and synchronizes your local database with online database in the background. It sends any unsaved changes to the server and downloads any missing data from the server to local database. You would need to control the speed of this module so that user doesn't face difficulty browsing other websites or using the application smoothly etc. It should be slow and steady and send/request only small chunks of data at a time.
When in offline mode, it just periodically checks for online connectivity at regular intervals. As soon as an internet connectivity can be found, the user is informed. If they permit, it switches over to online mode. Otherwise the user continues to work offline until the application is closed and launched again.
In online mode, the sync module syncs data to & from the online database. This doesn't affect the user because they are not connected to this database. Instead they are connected to the online website and database.
It will take efforts to streamline this approach, but ultimately it is achievable easily.
This won't be just a single task. It would be a series of task working together in sync.
Your windows application does the following:
Write the offline changes to a disk file/database etc.
Periodically check the online availability of your website/ftp site.
Whenever the website is found to be available, and there are some cached changes, submit the file to the website/ftp site.
Your server does the following:
Whenever a file is recieved, check for its validity and integrity. If found correct, put it in a specific folder.
A service on your server watches the folder and as soon as any file is found there, processes the file(s)
The service moves the file to another folder (backup) after processing.

Accessing User Application from Web Application

I have a dll i created that gets the excel object on users computer(if excel is installed) and has a handful of availalbe functions. I made a reverence to the dll in a Web Application. When I test this using the local host it works. If I deploy this on a Web Server will it still work or will it try to find the excel application on the server?
Without seeing your code I can only offer a guess, and my guess is that it will search the server and not the users computer.
You can probably use ActiveX to call Excel from the users computer, but that would only work in IE. I'm not sure who your audience is, but I needed similar functionality for the company I used to work for. For that I made a program that was installed to all users computers and then we used a custom http protocol that would open up programs on the client machine through a hyperlink. Doing it this way is cross browser compatible.

How to access local file system from Flex web application?

I'm trying to access local file system from Flex web application.
I know it is pretty difficult, but I think there must be a way. Is there a way that Flex app can use AIR components or maybe web application can call some AIR module in order to choose files and upload?
There is no direct way that a web based Flex/Flash application can access AIR based APIs. They aren't built into the Flash Player, but are rather extensions built into the AIR runtime. You can't access them directly because they aren't there.
If you have an AIR app installed on the user's local machine you can, in theory, use that app as a proxy with localConnection. That way the AIR app can access the file system directly, triggered by the browser based app. I'm not sure how user interaction would work, though.
If you have server software installed on the client machine, you can trigger file processing commands from Flex using RmoteObject/HTTPService/WebService commands. This wouldn't give the user any interaction ability and is not usually practical unless you have strong control over your client machines.
Either approach would present an app installation nightmare; which almost defeats the purpose of a browser based app in the first place.
You can use FileReference's methods to ask user to select files to open (load into flash, upload into server) or save (from server or bytes from flash).

Resources