Opening windows explorer via link - asp.net

I want to provide a means to open up Windows Explorer (or at least view the directory contents) via an internal webpage I've developed for our business. There are several machines which we share over the internal network. I've provided a text entry field for allow the user to enter the folder path they want to associate with a given row in a DB table and I can store that info off and create the file://///10.10.5.10/Recipes/Pie link to the Pie recipe folder on one of our shared machines.
The link renders correctly on the page and if I copy the link info and paste it into the address bar it will display a navigable page in FireFox or open Windows Explorer if using IE.
However, the link does nothing if you click on it directly on my page. I suspect this might have something to do with security and the brower, right? I've seen a SharePoint page in someone else's system that did work, but I'd guess that has to do with some differences between SharePoint and a webpage in a browser. The work-around of right-clicking the link and copy/pasting it into another tab will work and I might have to live with this, but I was wondering if anyone had any suggestions or ways to deal with this issue. Perhaps I'm just doing something wrong, but I'm pretty sure it's browser-security related.

It seems for me as a pure Internet Explorer setting issue.
First of all I would recommend you better use UNC or DNS names in the path to the server instead of the usage of IP addresses: use file://///myserver/Recipes/Pie or file://///myserver.mydomain.com/Recipes/Pie instead of file://///10.10.5.10/Recipes/Pie.
Second you should better include the file://///myserver, file://///myserver.mydomain.com or even file://///10.10.5.10/ to the "Local intranet" or at least to "Trusted sites" zone:
Then you should verify the setting of the Security Zone to which you map the url. Look at the "Miscellaneous" group for the "Display mixed contain":
If you would has "Prompt" setting you will see the warning:
at every attempt to open the link file://///myserver/Recipes/Pie
If you would has some problems I recommend you to reset the IE settings in "Advanced" tab:

Most likely it's a permission issue.
ASP.net runs under the ASP.net process account. Look for the ASPNET user and apply permissions to the folder for the user in question.

It definitely sounds like a security issue. Try one or both of the following:
Try using impersonation to impersonate a domain user with sufficient priveleges to access explorer on the client's machine
If this is a small intranet application, give the application full trust on the client
Here's a link to a class you can use for impersonation - see my answer:
Invoke or call C# console app from C# web service?

Related

ASP: Safety settings on this computer prohibit accessing a data source on another domain

when i am clicking on button to load a drop down, i have to access database of another server, then i am having the following error
Safety settings on this computer prohibit accessing a data source on another domain.
"../data.asp?SQL=SearchNumber%20'%25"+txtSearchDeptNumber.value+"%25'"
after much googling i found a solution - in IE adding this link to Trusted sites.
but it is not accepted because as client cant do this settings. So, i need some other solution than adding it to trusted sites.

How can I find a given window on the client computer and activate it from ASP.NET

Running a website from asp.net, I need to transfer control (focus) to a winforms application.
In case the application isn't running, I know I can use process.start() method.
But in case the application is running, I don't want to launch a new window.
I have the option to setup the winform application as unique instance, but what if it is a foreign application? I mean if I'm NOT the author and have no control over launching new instances...
How can I find a given window on the client computer and activate it from ASP.NET
Due to security reasons you cannot do it. Code inside browser doesn't have access to user system.
If the browser is Internet Explorer, you could host a .Hta page (or return a content type: application/hta ).
A .Hta page is fully trusted, and can access everything on your local machine through COM. So if can you do it with VBScript, you can do it in a .Hta page.
The user has to trust this "application" before it is downloaded. If this is an Internet application you will probably not get this trust. If this is an Intranet application, you can force the user to trust the page.
I suppose if this was a bit of functionality you really needed you could go down the ActiveX route. Having said that it would only work in IE and would require a separate plugin for firefox (or other brothers) to function.
Honestly though it sounds like overkill for what you are trying to achieve.

IIS logging feature

I have ASP.NET pages deployed and I was told that it appears to be logging quite a bit on the server (Ex. post and get). I am sure this is a feature on the IIS not with the pages.
The site interacts with other systems and use by a lot of users.
My questions are:
1. What does this mean?
2. Can I turn off this feature on the server?
Thanks.
1) Logging is a feature which you use to configure how IIS logs requests on the Web server.
2) Yes you can Disable logging from IIS by selecting Logging icon and disable from context menu.
I think it's frustrating that logging is turned on in IIS by default. If you don't know it's there, it's just filling up your web server with useless information.
However, the information in the log file is not useless if you know it is there.
If you have access to the web server, there are a couple of places that the log files might be saved in:
C:\WINNT\system32\LogFiles
C:\WINDOWS\system32\LogFiles\W3SVC1\exyymmdd.log
You can view the file contents in Notepad.
To get the exact log file name in IIS, right-click on the website, go to the Web Site tab, click on the Properties button, and go to the bottom of the pane. The filename is there.
There are choices of what kinds of data get logged. You may not need a lot of it. For example, the default log items like Date, Time and Client IP Address might be useful. Not so much Bytes Sent, Time Taken or Referrer, unless you are troubleshooting.

Credentials prompt for an aspx page configured for anonymous authentication

From Flex we call a Upload.aspx page which is configured for anonymous authentication. Most of the time, it works like a charm, but once in a while, the browser does prompt a enter credentials popup...
The whole site is configured for Windows Authentication, but some pages and folders are set to use anonymous authentication. This is done using the location tag in web.config.
What could be the reason for this?
UPDATE:
Only happening in Internet Explorer... they should deport it.
If you use FireFox with FireBug, open up the Net panel, it will show you the request making the permissions request. If you cancel it, it will show an access denied in red, and that will easily help you hunt the issue down.
Maybe it's because a file (image, css, etc.) is being referenced that doesn't exist?
A couple of things I would check out:
Are there any images/other files that are added to your page using the FQDN? If so, are any of these pointing to an external site or staging site that might require credentials?
Is it possible that someone has removed permissions from the application pool credentials on the web server for some specific file or files the site is requesting?
Is the site load balanced or part of a farm? It could be that one or many servers are configured incorrectly, and the rest are ok. Then if by chance you hit the bad servers, you could get the prompt.

Classic ASP Error 405

I have several development sites on my wix XP laptop (all classic asp). Doe anyone know why i need to type localhost/site/default.asp (i keep getting a 405 error on iis 5.1) and not just localhost/site
You need to add "Default.asp" as a default document. From this page ...
With iis 4.0 and iis 5.0 the change is
performed as follows:
Start the Internet Service Manager (Start - Programs - Administrative
Tools - Internet Services Manager).
Expand the computer and select the web site.
Right click on it and select Properties.
Select the documents tab.
Check the Enable default document box and click Add to add a new default
name. The order of the search can be
changed by clicking the up and down
arrows.
Click Apply and then OK.
Per comment ... okay, check your script map settings, per this article.
Sounds like you need to configure your default document type in IIS to be default.asp.
First off we need to clear up the web site thing. You only have one web site, the default web site. (It is possible to munge the metabase on XP to create multiple web sites but IIS 5.1 will only serve one of them, the others will have to be stopped).
You have multiple applications which are virtual directories under a common default website.
Have you checked that Default.asp is in the list of default documents for the application not the website? In IIS manager open properties dialog on each applications virtual directory and check the config there.
If you have then you've got a strange one on your hands. At this point I would always advise checking permissions. Does the application allow anonymous access, if so does the anonymous user have access to the folder and files?
This might seem strange advice since accessing the default.asp directly works but in my experience when the configuration looks good and should work but isn't 90% of the time its the result of permissions not correctly set up.
A 405 http response status code means "Method Not Allowed". The Wikipedia article List of HTTP Status Codes has this definition for the error:
A request was made of a resource using
a request method not supported by that
resource; for example, using GET on
a form which requires data to be
presented via POST, or using PUT on a
read-only resource.
You can try the third XP PRO IIS Admin, which can add more than one site to the IIS 5.1, you can switch the site with no difficulty.

Resources