We are writing log files to File.applicationDirectory and want to clean out old log files. The question is how do you delete files out of that directory? When I try and delete old log files out of this directory it gives a security exception. Is there anyway around this?
I know you are not supposed to write to File.applicationDirectory, but we are writting are logs there anyways. So please don't just say don't do that!
Thanks,
Ryan
Another trick, for security workaround
var fileLoc:File= File.applicationDirectory.resolvePath("some.log");
var file:File=new File(fileLoc.nativePath);
fileStream.open(file,FileMode.WRITE);
The second file object can alter the file withot any problem.
File.applicationDirectory is a read only directory.
http://livedocs.adobe.com/flex/3/langref/flash/filesystem/File.html
I found the answer shortly after posting. I was looking in FileTarget of how they write the log file into the application directory and found this gem:
var logFile:File = this._logDirectory.resolvePath(filename);
logFile = new File(logFile.nativePath); // Hack to get around SecurityError if log directory exists within the application directory
So you just specify the full native path and not a relative path from the application directory and you can do whatever you want. Interesting security model!
Related
In my asp.net web application, I read the xml file for obtaining a key. If file is not present I show a form to enter the key details and then create the file.
First problem: My app does not recognize the file even if its there.
Second problem: I am running application on the server. When writing, rather overwriting the file, browser shows the username, password prompt before writing the file. If I enter admin credentials it allows to create a file.
I have checked all possible combinations of permissions on the file / folders, but could not resolve the problem.
Any ideas, what I could be missing here?
You read the xml file but is it as a part of your solution? If yes, are you reading it through relative path i.e. are you using Server.MapPath to read it like Server.MapPath("~/Files.test.xml")? Once you use relative path, I don't think it will ask you credentials as it still is in your project directory.
It should work. I am also reading and writing files in my web application.
If it still does not work, please tell me the way you are reading file.
Thanks,
I have deployed my project to Azure. In my project I have "App_Data\Images" folder.
Now I'm trying to do the following:
String filename = GLOBAL_IMAGES_VALS.GET_FILE_PREFIX(imageType) + "-" + User.Identity.GetUserId<int>().ToString() + Path.GetExtension(image.FileName);
String origPath = Server.MapPath("~\\App_Data")+"\\Images\\" + filename;
But then upon trying:
image.SaveAs(origPath);
I get this error message:
Could not find a part of the path
'D:\home\site\wwwroot\App_Data\Images\logo-10003065.jpg'.
How can I save my file to "App_Data\Images\"?
The actual problem was that the sub-folder 'Images' did not exist. I can't remember why the publish process did not create this sub-folder, however I added it manually and then everything worked fine.
EDIT:
As others wrote here (#Spectarion). I'll put here the important remark that explain why the folder was not created:
Just for the future readers, folder won't be created if it's empty.
Folder is empty even if there are files that are not included in
project.
Just put some 'fake.txt' file into any folder you want to make sure that it will be created, and of course don't forget to add it to the project. Good luck.
Since you don't have any file in the particular folder, while publishing Web deploy ignores the empty folder.
Quick fix: Add any file to the folder before publishing will fix this issue.
if (!Directory.Exists(Server.MapPath("~/Images")))
{
Directory.CreateDirectory(Server.MapPath("~/Images"));
}
The directory might be missing in the folder. Create the directory and use it in file path
Maybe this :
System.Web.Hosting.HostingEnvironment.MapPath("~\\App_Data")+"\\Images\\" + filename )
Maybe the images folder doesn't exist and you need to create it first? Although I wouldn't recommend saving images in your app like this if it is designed for people uploading images. I would save them in Azure storage via blobs or the new Azure File storage. I would keep your app deployment files clean just related to your app and save any user generated content outside of it.
BTW, If you are using Azure Web Apps you can use the environment variable of "HOME" to always get the correct path (which should be D:\home)
string path = Environment.GetEnvironmentVariable("HOME") +
"\\site\\wwwroot\\App_Data\\images"
I assume your AppData folder is just under the wwwroot folder, which is usually the case.
Try this:
HttpContext.Current.Server.MapPath(Path.Combine("~/AppData/Images/", filename));
I just had this problem on VS15. I first followed the advice in this question in order to generate the error you've got. I'm guessing this follows in part dsb's answer, but dsb hasnt given any description of the actual process of fixing this.
I then went to https://<mywebsite>.scm.azurewebsites.net/DebugConsole to look through the directory and found that App_Data had not been published
Which was why the error was throwing. So, I then solved this by simply going to the solution explorer, right clicking App_Dataand selecting to "Publish App_Data".
However, my website was a short-term academic effort for a project - I think there is probably a lot to be said for considering Matt Watsons answer above about whether or not allowing users to upload to the deployment area is a good idea
So I have my the path to my website code as follows:
C:/folder1/folder2/folder3/my published website code from VS2012 - on my website I get an attachment and I want to save it to the following path C:/folder4
when I try the following code: file.SaveAs(Server.MapPath("../../folder4/") + filename); it says that I am going past the root. Can someone explain to me what is going on and if and how I can solve this issue?
Server.MapPath() is used to get the path in relation to the server root. Since your trying to save it outside the server virtual directory, you could probably just hardcode the file.
file.SaveAs(#"C:/folder4/" + filename);
It might not work depending on your IIS worker pool permissions.
file.SaveAs(Server.MapPath("folder4/") + filename);
Because I cannot see your folders structure I would reccomend setting a breakpoint after Server.MapPath() to see the full URI Path to determin your next steps since it says you are past root you may have one to many "../" before your string.
As per the documentation for HttpServerUtility.MapPath:
you cannot specify a path outside of the Web application
which is exactly what you are trying to do. If you interpret "the root" to be the root folder of your application, that is even what the error message is telling you.
Either
use an absolute path or
store your data beneath the application folder
use MapPath("~/") to get the current directory and build a relative path from that (in essence, you just move the "../.." outside the call to MapPath)
I would probably recommend going with 2. as it will give less headaches wrt. permissions and multiple sites hosted on the same server.
Server.MapPath(...) tries to return a physical ("real") directory for the virtual or relative path you give it. And since a virtual directory can't be located "over" the root in that sense, what you're trying to do makes no sense. You can go from domain.com/somefolder to domain.com/, but you can't really go any farther back.
You could instead use Environment.CurrentDirectoryas the starting point to find your folder, and apart from that just use SaveAs(..) as you're already doing.
This should be pretty simple but it's not working.
I have a file underneath the root of my project. I want to call it like this.
GetWorkbook("tplBud806_wRevenue.xls")
I publish the project out to the server and try to run it and the server says it can't find it.
Could not find file 'c:\windows\system32\inetsrv\tplBud806_wRevenue.xls'.
That's not the path it should be taking. It should be under E:\IIServer\rootwww\reports\tplBud806_wRevenue.xls.
I thought relative paths were supposed to start from the path that the project was running in. I've also tried.
GetWorkbook("/tplBud806_wRevenue.xls")
GetWorkbook("\tplBud806_wRevenue.xls")
GetWorkbook("~/tplBud806_wRevenue.xls")
GetWorkbook("~\tplBud806_wRevenue.xls")
Is there some setting I'm missing? It's got to be something simple...
GetWorkBook(Server.MapPath("tplBud806_wRevenue.xls"));
GetWorkbook is not an ASP.NET function, and it likely defaults to the folder that the process calling it was started from. The process in this case is an IIS process and probably started in that folder.
Server.MapPath?
Your application is running in an AppDomain loaded by the w3wp.exe located in the directory in your error. Which means that trying to look for any file will start in that directory. You should use Page.MapPath, as mentioned by others. It tells the application to start looking in the folder your aspx is in.
GetWorkBook(Server.MapPath("~/tplBud806_wRevenue.xls")); If the .XLS file is at the root of your project.
You can use also use ~ in conjuction with ResolveURL() to access an URL in your site. So ~ will be replaced by the root URL of your project
Example:
ResolveURL("~\tplBud806_wRevenue.xls")
will be transformed to
http://myproject.url/website/tplBud806_wRevenue.xls
If you need disk access, like in your example, use Server.MapPath
Look at this SO post to learn more about Server.MapPath
Can somebody tell me how to prevent exe file from being uploaded in a website , even if exe file is inside zip file( exe file in a new folder and new folder is then zipped and uploaded)?
Allow the users to upload the file (if is ZIP) and do a server-side check by unpacking the archive and evaluating its content.
Short answer: you can't.
Pedantic answer: Don't have users upload files.
Long answer:
What code is handling this uploaded file? What are you doing with it? This is where the security needs to happen. You can explicitly check the file extension in the post handler, but that only gets you so far, as you've already determined.
Some tips:
-Drop files in a secure location outside the web root.
-Don't give your ASP.NET process user more permissions than it needs
-Give them unique server-generated names and proper extensions.
-Do not call Shell.Execute on user-uploaded files. Duh.
What exactly are you trying to prevent here? Your question is difficult to answer as-is.