I've written an ASP.net web application. In the interest of following the advice in "The Pragmatic Programmer" to put application logic in configuration, I wrote a large XML file that describes various business rules.
When I test the application on my local development workstation, I copy the file to c:\xxxxx\myfile.xml and then write the code to read the file from this location.
What is the correct way to deploy this xml file as part of my web application so that it gets read from the directory in which the web application is deployed?
Update: The XML file in question is for server-side configuration and should never be available for download to the end-user.
If you're not embedding this as a resource, you should:
Create a directory under which this file will reside.
Create the file and set its Build Action to Content.
Create a web.config file in that directory which forbids access to the directory so you don't expose your business rules to the Internet.
Add a setting in your application's main web.config that gives the path to this file relative to the root of the application, i.e. "~/MySecureFolder/MyBusinessRules.Xml".
Have some code that calls HttpServerUtility.MapPath Method to convert the value from the setting in web.config to a virtual path.
I don't know if this is what you want - Click on the XML file, then open the Property Window and find the "Build Action" property. Set the value to "Embedded Resources"
I think what you need to do is:
Add the XML file to your web application project in Visual Studio
Right click on the file and select 'Properties...'
Set the Build Action to 'Content' and Copy to Output Directory to 'Do not copy'
this will ensure that your XML file is deployed along with the rest of your web app.
If you want to make available your XML file from http requests to your server, you should
place it in your web publication folder.
This ASP instruction should help you to find your publication path:
Request.ServerVariables("APPL_PHYSICAL_PATH")
Related
How can I add a static data file to my web project? It doesn't work in debug mode with IIS Express, and I don't have a web site to deploy to yet.
Details
I have a data file that I want to expose on my web site. I have added that file to my ASP.NET project. When I run the project and attempt to view the file, I get a 404. In other words, I debug the project and type the file url into the browser. That url looks like 'https://localhost:44378/Data/widgetConfigMap.json'.
Rationale:
I need the data file to feed a javascript method. That method has an input parameter for a url with data, i.e. my file. The API in question is Bing Maps. The method name is 'createFromConfig'.
Unsatisfactory Alternative
I can generate the file 'on-the-fly' (via a method in my controller), but that method is slow. Slow enough that it timed-out once.
What I have tried
I tried updating the file properties. Initially, the file Build Action was 'Content', I changed that to 'Page', then to 'Resource' → neither worked. The other property choices look wrong.
Summary
I feel like there should be some way to configure my project, or IIS Express to serve-up the data file, but I can't find it.
It sounds like you just add the json file to your project folder instead of importing the json item into your project.
You can access json file directly when you have imported either new json item or existing json file to your /Data folder under your application.
Besides, please ensure you have let your route ignore the URL so static file handler will handle this.
Of course, you can try to publish it to local IIS not IIS express. Then import the data file and it shouldn't be limited.
I have an application where I have an XML file which holds the connection string.
When hit the URL with the exact file name it opens the file in the browser that is natural.
Now I need to restrict this file browsing and I can not change that code to do any redirect or anything else.
What I have tried is using denyurlsequences in the security tag in the web.config but it restricts the application too to access the file and that makes the application stop working.
I am using .NET Framework 2.0
The ".xml" file extension is not supported by ASP.NET pipeline that is why you cannot add it to web.config and restrict it. What you can do is to copy the xml file in the "App_Data" folder of your application.
The purpose of this folder is to hide it files from browsers/users and also is build for this type of data.
To create "App_Data" folder if it already does not exist :
Right click on your project -> Add ASP.NET Folder -> App_Data
Or just add a folder and call it App_Data
I know its old question but this answer may be helpful for others.
I did below configurations on IIS 8.5 ( make sure Request Filtering is installed on IIS.)
Open IIS and click on your application virtual directory.
In features View, Click on Request Filtering and then go to Hidden Segments tab - this tab will contain list of hidden files or folders. (like web.config, APP_data folder etc...)
Add file or folder you want to hide from the browsing by click on add hidden segment and mention file/folder name you want to hide and test it.
In our application we have a master xml file stored in an application folder, to deny browsing this xml file I had added the folder name in hidden segments and it worked.
I currently have a local resource file in an ASP.NET MVC project. The goal of this file is to let a non-programmer edit the text on the webpage. The problem is that the resource file is an embedded resource and compiled on ASP.NET MVC Deployment. This means they would have visual studio to change site copy. This is non-optimal :)
Is there a way to make use of resource files in ASP.NET MVC that would result in a .resx file on the server for an admin-type person to be able to edit?
The other option is to put this in a database and have some front end to edit it, but I would really like to avoid this option as its overly complex for just a few text fields on a small site.
Thanks!
Once way of doing so, is to make sure the resources aren't compiled.
When you add a resource file (e.g. TextResource.resx) you can access the resources in a type safe manner.
For example:
ViewBag.Message = Resources.TextResource.MyMessage;
After you add a resource file (*.resx), select it in the solution explorer and view its properties. Clear the "Custom Tool" property. By default it contains the value "GlobalResourceProxyGenerator". Just delete this value.
This has a downside, however as you can no longer access the resources in a type-safe manner. You'll have to load them using the GetGlobalResourceObject and GetLocalResourceObject methods of the current HttpContext.
For example:
ViewBag.Message = this.HttpContext.GetGlobalResourceObject("TextResource",
"Hello", CultureInfo.CurrentUICulture);
This way you'll be able to manually alter the resource files (*.resx). You could then opt to build an application which can read and modify the contents of the resource files, which are just XML files.
For example:
http://www.codeproject.com/KB/cs/Editing_a_ResourceFile.aspx
I have an ASP.NET web site, let's call it MySite, and at the same level as the web site, a virtual folder - Data. And in that folder I have the xml file needed in an AdRotator control.
I put "http://localhost/Data/Ads.xml" in AdvertisementFile and I get this error:
'http://localhost/Data/Ads.xml' is not a valid virtual path.
Is there a way to get this working?
The xml file must be on the same website for security reasons, using the control out of the box.
You could write your own methods to read a file from an external server, with an HttpWebRequest for example, then create a server side XML file from that stream and use it with the AdControl.
There is also the AdCreated event to look at, too.
The server is IIS7.
Is there a way to disable web.config files in subfolders?
I am asking because, I have a folder on the web server that is for uploads. When someone uploads files, a new folder is created for the user's session and the files they upload go in the folder.
So the path to uploads would be like this:
~/uploads/3F2504E0-4F89-11D3-9A0C-0305E82C3301/somefile.txt
In the ~/uploads/ directory there is a web.config file that removes all http handlers except the static file handler and adds a wildcard mime type. So every file that a user uploads will only ever be served statically.
If a user uploads a web.config file, I want to disallow any of the settings in that file from being applied.
How can I do this?
EDIT
Could I just make the upload folder an application that is a member of an application pool configured to run in Classic mode instead of Integrated Pipeline mode? That way it wouldn't even care about a web.config file.
EDIT 2
Is there another type of webserver I could install for serving all files statically? I could just access the files through a different port. Is there some software that I can be sure wont run any scripts and is safe.
I simply wouldn't allow them to upload a file with that name. In fact, I normally wouldn't trust any filename that the user gave me... makes a great candidate for an injection-style attack.
Ok I have a different angle on this...
What if your uploads folder was not part of the website and instead part of the file system? This way ASP.NET is not processing requests to the folder and thus web.config wouldn't be loaded by the ASP.NET runtime.
You'd have to give your app pool's account read/write access to the file system where these files are stored, but I think it better fits what you're trying to accomplish.
Obviously it could be done in code.
If the folders always exist, you could pre-populate with a web.config with no (significant) content and an ACL to ensure it cannot be overwritten, but looking at the path it I suspect you create the upload folders dynamically which means this would not work.
I don't believe there is a way to tell IIS not to use a web.config (but I could be wrong). Personally, I would add a check to my save code and rename the file.
Why not just check the filename first to prevent the user from uploading a file named web.config? You're probably going to want to check for other things too before allowing the upload - files that are too big, etc.