Is there a alternative for the Microsoft Azure C# API. I want to download files from blob urls but a microsoft azure storage account is not for free, so I cannot use it. So is there any other API or way to download blobs?
Example for Blob-Url: blob:https://flex.aniflex.org/afbf9776-76ea-47dc-9951-2fadafc3adff
Caution: I'm not the hoster of the file. So I don't want to download the file from my own storage account.
#kaskorian I guess you're referring to browsers file blobs...Blob URL/Object URL is a pseudo protocol to allow Blob and File objects to be used as URL source for things like images, download links for binary data and so forth.
Blob URLs can only be generated internally by the browser. URL.createObjectURL() will create a special reference to the Blob or File object which later can be released using URL.revokeObjectURL(). These URLs can only be used locally in the single instance of the browser and in the same session (ie. the life of the page/document).
For example, you can not hand an Image object raw byte-data as it would not know what to do with it. It requires for example images (which are binary data) to be loaded via URLs. This applies to anything that require an URL as source. Instead of uploading the binary data, then serve it back via an URL it is better to use an extra local step to be able to access the data directly without going via a server.
Related
I'm writing small client-side blazor app. To avoid using any DB (and creating whole API for it), as I have basically just a list of single class objects, I wanted to use json file.
I know I can read from file:
forecasts = await Http.GetFromJsonAsync<WeatherForecast[]>("sample-data/weather.json");
But when I modify this "forecasts" list and try to do something like this:
await Http.PostAsJsonAsync("sample-data/weather.json", forecasts);
or
await Http.PostAsJsonAsync<WeatherForecast[]>("sample-data/weather.json", forecasts);
It is not saving changes. I checked in browser and it is doing a POST with correct data, but receives 404 in return. Is it possible to save such a data after modification?
What you are trying to do is to change a file on server from a application that lives on the users browser. When the user visits you blazor site all of the files (except the ones that are set for lazy loading) are downloaded into the user browser. After the applications lives and runs in the users browser.
If you don't need any concurrency check and real database capabilities you should build some simple server that allows static file access or other option is to use simple blob access from AWS S3 or Azure Blob Storage.
You can look up here the difference between client and server side Blazor.
If you need to share persistent data between multiple clients you will need to implement a server or service that will allow this for you if you use client side Blazor.
I've built a feature to allow users to upload files from a mobile app. I have a RESTful .NET C# Web API endpoint which stores the files BYTE_ARRAY in a SQL Server table. No problem.
Now, when the user wants to view the file, my question is, what options to I have to send them the file?
The user will be on some page which shows some content. If they click this link, I will call some endpoint and I will get the record they are interested in from the table with the files. Now, keep in mind that they can upload any type of file (Word, PDF, Excel, etc.). When I initially store the BYTE_ARRAY I also capture its content type so it can be reconstructed.
Now, my question is
Do I reconstruct the file on the server (if so how) into its type (a PNG will reconstruct to a PNG based on its content type; a Word doc, into a Word doc based on its content-type, etc.). Then, I persist the file in some temp storage location. Then I send back to the app (UX) the new URL for the asset. Then the app (UX) will call back to that endpoint and get the file and do whatever it wants (i.e., https://my-website.com/somePath/fileName.fileExtension)
Do I respond to the app (UX) with the Stream somehow and also provide the content type, which accomplishes the above - in that a file is being sent over HTTP which the app (UX) can do something with?
I went with Google's Firebase! Problem solved!
Im trying to figure out how to retrieve images from a web service that is connected to azure thats has the images stored as blob.. i just want to be pointed in the right direction, sure if some one have a code example that will be really helpful aswell!
I have not tried any code yet just used google, youtube to find a good example... but no luck.. :/
I can store the images in a folder with the web service if that is easier?
Blobs are accessible using standard URLs. You may need a Shared Access Signature to access the file on a private blob.
I can point you in this direction:
https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-how-to-use-blobs/
https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/
Your service should do this (if I understand your need):
Create an output stream
Create in an input stream to a blob object and accessed using a SAS
Connect output stream with input stream
There are plenty of examples around for doing this...
I have been looking at exporting data from a company SharePoint site using C# written in VS Express 2013. First, a caveat - I'm new to web based APIs (Soap or REST) and SharePoint, so apologies if my question is prosaically easy to answer/ badly worded. Pretty much all of my previous work has been with files local to the machine or on a similarly local company network that can be accessed in the same way.
My aim - download a list from one site, do stuff to it on the client machine and then re-upload it to a different SharePoint site.
I have tried using the Soap API (Client object model) but I am encountering a variety of access and permissions issues. So I switched to the REST API, and have now managed to get the list data into XML within my browser. But I don't really want it in my browser - I want to access it programmatically, and write selected data from the list into a local file (using System.IO.Path.GetTempPath() to find the temporary folder), without browser windows popping up (except to allow the user to log in to establish an authorized context with the server). There has to be some trivially easy way of saving the XML data to my temporary file without needing a browser open, but I haven't been able to find it.
My REST query is like the following:
https://sk.someSharePointSite/sites/subsection/_vti_bin/ListData.svc/AList
I would suggest you should use Sharepoint client object model for downloading/uploading files to sharepoint.
If there is anything specific you can't do with CSOM then use REST API.
You can check the code details here:
http://msdn.microsoft.com/en-us/library/ee956524%28office.14%29.aspx
I am having a web form available to public, which has file upload capability. Now files are either saved on web server or sent out as attachment in an email. We are having restriction on size i.e 15MB and extensions of file being uploaded. Our SMTP server is on same web server. I have concern about security, as anyone can upload malicious files and can have impact on our production web server.
What are the risks I will be having by such file upload control available to public? Is there anyway someone can execute malicious script on web server by uploading malicious file.
I did some research and found out following points
If I sent out a file as an attachment in an email, this file will be stored for temporary period in Temporary ASP .Net folders, and once email is sent this will get deleted.
You can rename a file before saving them on file system.
You can save file on different location as your website
You can have some sort of real time virus check. I am not sure how you can do that. I was reading about some command line virus scan. But not sure if I really need that.
These are just few points, but I would like to know about any blind spots in file upload.
To answer your question about possible security vulnerabilities, yes you can definately create vulnerabilities in your application and for your users even if you don't save the file to the disk. But there are a few lines of defense you can take to validate.
The first is to obviously restrict the types of files that can be uploaded, you can do this with a white list and a check of the extension but don't stop there. You should also verify by looking at the contents of the file to ensure that it complies with the expected format. This can be critical as a bad guy can inject file headers into the file uploaded and use your system as a zombie for passing around his malware.
Second you should run a virus scan against the uploaded file, you can do this by using a command line to execute a local virus scanner. This is an easy thing to do with many virus scans including Trend Micro, and unless you're looking at a massive amount of file uploads then it should not be a huge tax on your server.
Ensure that you never pass paths as user submitted data (via GET or POST to download) as that can expose you to a path traversal attack. If your user needs to download the file from the browser you can create a database of where the records are stored and then create a controller or page that will fetch it based on the database record and the users access to that record, rather than provide a path which a user can control and use to get files from your server.
Ensure that the directory you will save to is not readable by the web server, this way they don't upload a malware script and then execute it from their browser via an HTTP
Ensure that you validate all user input against some anti-XSS library (Microsoft provides one http://www.microsoft.com/en-us/download/details.aspx?id=28589)
Hope that helps!
The best way is to upload them to /App_Data folder or to store them in a database as binary objects. App_Data is not readable through the web server, so this will protect you against execute and script access. An alternative to storing them in binary is to Base 64 encode them and store them in text (again either in the file system App_Data or database).
Create a proxy page to check the user has permissions to view/download the file and if so send a stream of the file to the HTTP response. This way users do not have direct access and cannot execute anything they shouldn't. You can also attach files using the SMTP classes from a stream reference.
If storing in the file system you could implement your own naming convention so that a request for the actual file is mapped to the stored version.
Virus scanning can be useful, but think of this as protecting other users that may have access to download the file rather than protecting your server.