Response.WriteFile adding directory path where it shouldnt - asp.net

I have a web page that is displaying a PDF file with the following code:
Response.Clear();
strFilePath = Server.HtmlDecode(Request.QueryString["filename"]);
Response.ContentType = "application/pdf";
Response.WriteFile(strFilePath);
The filename got from Server.HtmlDecode() is "\FileServer\shared\faxqueue\fax.pdf"
However an exception is thrown for directory not found and it says that it cant find the file. It also says in the exception that it is looking for: "C:[Website Root Folder]\FileServer\shared\faxqueue\fax.pdf"
This means that it has appended the filename given to the folder where the website code is located.
How can I stop it from using the website root?
Thanks

That is true because you ask it to do so.
It is a bad idea to pass in the direct file name using the query parameters.
You can of course create a direct path to the file you are using instead of this relative path:
string absolutePath = Path.Combine(#"C:\yourRootFolder", strFilePath);
Response.WriteFile(absolutePath);
But as said, I warn you for the security risks! You have to grant the IIS application pool user access to the folder you specify here. Your files can be easily hijacked by passing in something like:
..\..\..\Windows\anysecurefile.txt

Related

Cannot call Request.PhysicalApplicationPath on VB.NET

I'm trying to request the path of my application to save new files on it, I know I should do something like this:
Dim mypath As String = Request.PhysicalApplicationPath
But for some reason I cannot even find the Request class.
I read it belongs to the System.Web namespace, I added it and still not working. Any ideas?
You can use Server.MapPath("~/logfiles") to get the path of the subdirectory logfiles in the directory where your web pages are.
Is this in an actual ASP.NET web page, or in a handler?
EDIT
Another way is to use Path.Combine(HttpRuntime.AppDomainAppPath, "logfiles")

ASP.NET - FileUplaod filename shows different path

I've put a FileUpload control onto my form. When client browses for a file and selects one I want to use that file as an attachment to my mail message. For this purpose I write:
Attachment attachment = new Attachment(fileUpload1.FileName);
mail.Attachments.Add(attachment);
I get an error that says:"Could not find file 'C:\Windows\SysWOW64\inetsrv\Water lilies.jpg'." The thing is the path to the file is different from the path in the client. How can I attach a file that is on the client's machine to a mail message?
Have a look at this http://imar.spaanjaars.com/412/sending-attachments-directly-from-a-fileupload-control
Server.MapPath should fix your problem.
Attachment attachment = new Attachment(Server.MapPath(fileUpload1.FileName));
The FileName property gives you just that - the name of the file, no path included. You're seeing inetsrv in the path because that's IIS' working directory. You will probably want to utilize the PostedFile property, which will handle saving for you:
http://msdn.microsoft.com/en-us/library/system.web.ui.webcontrols.fileupload.postedfile.aspx

DotNetZip library "Access to the path denied"

I am trying to create a zip file and save it using DotNetZip library in ASP.NET application.
But for some reason i get a
Access to the path is denied
error when i try to save it.
I changed the TempFileFolder to another folder and have given permissions to it. Still no luck.
Dim zipFile As New ZipFile()
zipFile.AddFile(filePath)
Dim tempFilePath As String = "Report.zip"
zipFile.TempFileFolder = "D:\Temp\"
zipFile.Save(tempFilePath);
I found a question but the answer did not help me.
From the above question, one answer mentioned:
Also, the tempFilePath in your example doesn't include a full path, could it be that it is trying to save the ZIP into a different folder from the one you are expecting (and have assigned permissions to)?
How to figure out to which folder it is trying to save even though I mentioned TempFileFolder as D:\temp\?
Any thoughts?
Since you said you 'gave permissions' I'm assuming that you provided the account(s) which run the ASP.NET and IIS processes file Read/Write permissions to the folder where you're trying to save this file.
The 'Temp File Folder' is just what its name describes: a temporary file folder. It's a holding place in case the library needs to do some file I/O. it's not a base file.
Modify the code to provide a fully qualified path name to save the file to:
Dim zipFile As New ZipFile()
zipFile.AddFile(filePath)
Dim tempFilePath As String = "D:\Temp\Report.zip"
zipFile.TempFileFolder = "D:\Temp\"
zipFile.Save(tempFilePath)
Check if the file is not Read Only

ASP .NET invalid path

I have a web page which prompts the user for an excel file using the fileupload control. What it then does is read the file into a datatable using an OleDbConnection and then runs other code with that data. When I test in Visual Studio, it works fine. For example, I can look up a file 'g:\myfiles\upldtest.xls', it finds the file, reads it and the code works. When I try to run it on our web server, I get an error when it tries to create an OleDBConnection saying It is trying to create an OleDbConnection and the path 'g:\myfiles\upldtest.xls' is invalid.
I tried to use ManagementObjectSearcher to convert the connection string path to UNC (\\MyDataServer\myfiles instead of g:\myfiles). When I test it, it shows the correct path but when I upload the page to the web server, I still get the path 'g:\myfiles\upldtest.xls' is invalid.
The code I use to determine the required file name is this
string tname = FileUpload1.PostedFile.FileName; //the file name and path
string gname = tname.Substring(tname.LastIndexOf("\\") + 1); //The path name
Any ideas what I am missing? My contract requires me to use VS2005 and .NET framework 2.0 so, I can't use anything newer. Thanks in advance for the assistance.
HttpPostedFile.FileName returns the fully qualified name of the file on the client machine.
You need to call SaveAs() to actually save the file on the server:
using System.IO;
string filename = Path.GetFileName(FileUpload1.PostedFile.FileName);
string filepath = Path.Combine(#"X:\Your\Own\Upload\Folder", filename);
FileUpload1.PostedFile.SaveAs(filepath);
// Now use `filepath` as your data source.
IIS might have already written the file in a temporary location to save memory, but since you can't (and shouldn't) access that location, it makes no difference.
You should also be aware of cross-browser issues. IE sends the whole path to the server on file upload, while Firefox/Chrome do not.

How to download a file from a UNC mapped share via IIS and ASP

I am writing an ASP application that will serve files to clients through the browser. The files are located on a file server that is available from the machine IIS is running on via a UNC path (\server\some\path).
I want to use something like the code below to serve the file. Serving files that are local to the machine IIS is running on is working well with this method, my trouble is being able to serve files from the UNC mapped share:
//Set the appropriate ContentType.
Response.ContentType = "Application/pdf";
//Get the physical path to the file.
string FilePath = MapPath("acrobat.pdf");
//Write the file directly to the HTTP content output stream.
Response.WriteFile(FilePath);
Response.End();
My question is how I can specify a UNC path for the file name. Also, to access the file share I need to connect with a specific username/password.
I would appreciate some pointers on how I can achieve this (either using the approach above or by other means).
I'm not an ASP guy so I might be completely wrong with these answers.
Regarding the path, I don't think you should be using MapPath, since that's to get a relative path and you already know the physical path so can't you just change that to:
string FilePath = #"\\Server\Directory\FileName.txt";
Regarding the account, I think you need to use impersonation, this link seems to discuss just this:
http://aspalliance.com/336_Upload_Files_Using_ASPNET_Impersonation_and_UNC_Share.all

Resources