Is there a way to programmatically set the name of a file to be uploaded from a web page? I suspect that browser security restrictions make this impossible, but I'm hoping someone will prove me wrong.
I have a web application that needs to let the administrator upload HTML. The admin selects the HTML file, then the app uploads that file, plus figures out all the supporting files (images, stylesheet, etc) and uploads them too. There doesn't seem to be a way to programmatically upload the supporting files from a web page, since the user has to specify each file explicitly.
Currently I have a separate Windows app to do this, but it would be ideal to have this functionality integrated with the rest of the app. My back end is ASP.NET with C#.
There is no way to programatically grab files from a user's computer via the browser. This would be a security violation if a website could just grab things.
Yes you can (in modern browsers)...
You can get and set the value of HTMLInputElement.files.
See this answer.
No, you cannot do this without a client-side application or special plug-in.
Browser security doesn't allow the server to obtain information about the hard drive contents of the client.
You may be able to do this using some form of browser plug-in. This is more work for you (and there are potential security implications for this beyond those found when you just have users run your app). However, it may prevent a more integrated experience for your users. I'd hesitate to eliminate the application completely, though. Browser compatibility issues are common.
Related
supppose I use html5 local storage for my website.
1)can End user see my local storage values through browser using view source code etc?
2)How can we enter data for HTML5 local storage as domain level, i dont want to add my records manually when page loads everytime?
3where will HTML5 local storage content be saved?
I)in client side?
II)in server side(webserver)
anyhelp please?
Not through view source, but many Developer Tools support this. So yes, a user could very easy figure out what the contents of their browser's localStorage is. For example, in Chrome, open the Developer Tools, and on the Resources tab select "Local Storage"
I think what you are asking for is "How to I add local storage without writing the code in every page". You would typically then put that code in a common .js file - and reference it whenever you needed it. If you need it in every page, then depending on which platform you are using, they probably have some sort of "master". ASP.NET WebForms has Master Pages, ASP.NET MVC has ViewStart, etc.
Client side. It's local storage - as in it is local to the browser.
As the title says, how would I go about doing this? I want to check a value stored in a file.
This is impossible and has nothing to do with ASP .NET. The browser is responsible for rendering the page to the client, and browsers, for obvious reasons (security), don't have access to the user's file system. The only thing a browser can do, is read cookies (essentially text files) sent to the user from the same domain the website belongs to.
HTML5 has a new feature called local storage but you still won't be able to access ANY file on the user's computer.
Using Javascript with ASP.Net applications can work quite well, I've done it for a couple of sites I've done. If you just want to run some code on the client when a checkbox is ticked for instance, try this...
replace the myFunction() portion out with whatever client side code you want to write.
If you unfamiliar with Javascript as a language, check this out... http://www.w3schools.com/js/default.asp
You can do that using ActiveX control or SilverLight
Some are saying it's not possible, and that is true for the Internet. However, I have done this before on an Intranet system. The server knew the users computer name and could access a local configuration file, no ActiveX, no Silverlight.
Imagine you have a large number of video files stored on a server, and a Flex app which lets users play those videos they have access to. How can you best set this up? Wouldn't the Flex app just be sent the name of the video to play... in which case couldn't someone else write another flex app if they knew the file names? Can Flex play videos hosted on other sites? Is there some clever piece on the server I'm missing, which sits between the Flex video player and the files?
Ask users to log-in with a username and password - you can use OpenID if you want.
Update:
Set the crossdomain.xml of your server in such a way that only Flash movies from your domain can access content from there.
You can write a server-side script (in PHP or something else) that serves the file only if your user is allowed to see it (how to determine that you'll have to come up with yourself). This is a bit of a performance hit, although not so much if you use PHP's readfile().
Can Flex play videos hosted on other sites?
Your crossdomain.xml can control this. e.g. myvideoserver.com/crossdomain.xml would contain entries based on who you want to grant access to, like myflexserver.com. Then just ripping off your main flex application wouldn't give them access to your video files.
I'm creating an ASP.NET web application to schedule tasks on our server from a remote location using a .NET Wrapper for Scheduled Tasks. However, I'm stuck.
The user needs to be able to browse the file system on the server to retrieve a "file to run" for the new task that the user's creating in this application. I need to get the filepath/filename and pass it into the .NET wrapper.
I've tried using HTMLInputFile, but I haven't found a way to make that work for me.
Any help is appreciated.
Thanks
Update:
For this project, we've decided to simply list the executables in a dropdown box that would be available to users since they don't really need total access to the file system, just for security's sake.
HTMLInputFile is used to browse the client's file system and upload a file to the server. It isn't used to browse the server's file system.
You will need something quite different. You will need some server side code to display the server side folder structure to the user via the browser.
There is an example of a basic implementation of this here.
Update:
With that sample, the path that you replace "yourfolderHere" with needs to be a virtual path, rather than an absolute path. So for example "C:\Inetpub\wwwroot\uploads" won't work, but "uploads" will work.
I hope it goes without saying that there are serious security issues to think about when implementing something like this.
The HTMLInputFile will only work on the client-side machine.
You need to write a filesystem browser in ASPX/HTML that browses on the server-side.
Shouldn't be that hard to do.
You can't use the <input type="file" tag
This brings up a client-side dialog that browses the client machine.
As far as I am aware you need to create your own 'browser'.
eg You could use the My.Computer.Filesystem classes to retrieve a list of files in a folder and show those on the webpage. The user then selects the relevant file and posts a response back to the server.
You can use System.IO.Directory to get directories and files. These can be displayed in a number of ways. A simple browser / file selection should be possible in less than 50 lines of code.
Also be aware that you may need to grant extra permissions to the user that your web app runs as so the file system is accessible.
There are also various security implications around this, so don't grant access to everything unless you really need this.
Let's say we have a web site with a CF app that was written in-house.
Assume that:
Server 2003 IIS6 or 2008 IIS7 will be used
ColdFusion 8 will be used
Directory browsing is denied
SSL is required to connect
The account login process is secure (yeah I know that is a whole other
ball of wax but that concept is discussed ad nauseum on the web).
Say I have a file at https://domain.com/folder1/folder2/ with a name like picture92352.ext imagine it as a jpg or pdf or whatever. The entire path between the domain name and the file varies widely in naming structure, depth, etc. Files are not all lumped together in one folder.
The app restricts links by user such that a user would have to have access to that file to find it in the first place but as it stands now if a person knew the full URL to that file they could retrieve it without logging in to the app. It's the classic security by obscurity situation. A random person isn't likely to find a file they shouldn't get to but once someone is given access they know how to access it from another PC where their actions might not be traced back to them.
How do I restrict access to these files before someone logs in and still make them accessible to outside users after they log in? Is there a way to do it with permissions only or is the only answer to have code dynamically moving files around at the time of the request or is there some obvious step I'm not even thinking of?
Let me clarify this slightly. No matter how the file is presented on a page a user can use the browser IE, Firefox, etc to examine the URL the file comes from. If the image is a link there is always copy shortcut in the right click menu for IE and the same functionality in FF is called copy link location. If the image is displayed inline as part of the page an IE user can right click and choose properties to see the URL, in FF the same functionality is present to see properties but there is an even quicker more convenient option labeled copy image location. Once a user knows the URL to a file if the location or file name doesn't change they can use that URL without authenticating in the CF app.
If I change the NTFS/share permissions so that IUSR can't see the content then my CF app and IIS can't push it. What strategy do I use to provide the file in the CF app that doesn't leave this hole open?
You could write a CFM page that serves up the images. Then you just make sure they are authenticated inside the CFM.
<!-- something like this -->
http://localhost/GetFile.cfm?file=foobar.jpg
In GetFile.cfm, you would do something like:
<!-- the filename part is what the browser will pre-popualate the file name in the download dialog as -->
<CFHEADER name="Content-disposition" value="attachment;filename=picture92352.ext">
<CFCONTENT type="text/plain" file="\\fileserver\folder1\folder2\picture92352.ext">
Take a look at the various MIME types.
If you wanted to do something similar but keep a more natural URL, I think you would need to leverage the Java servlet underpinnings of ColdFusion to create a handler for any URL matching a certain pattern.