When using the below code to try to open File Explorer to a folder path I get the errors SEC7134: Resource 'file://...' not allowed to load, and SCRIPT70: Permission denied.
However if I copy the exact path returned in the error and past it into the url it opens a new file explorer window without any issues. This was working at one time for me as expected, I'm wondering if there have been security changes or things that need to be updated on my side to open these files in File Explorer again.
Thanks,
function openFile(path) {
// Internet Explorer 6-11
var isIE = /*#cc_on!#*/false || !!document.documentMode;
// Edge 20+
var isEdge = !isIE && !!window.StyleMedia;
if (isIE || isEdge) {
window.location.href = path;
return false;
}
}
Yes, we could use the browser as file explorer to retrieve the files in our local environment. But, reading local files from the browser (using JavaScript) is not allowed. This will prevent websites reading files and stealing your information.
If you want to display the local file using JavaScript, you could use the upload control select the local file, then, read the file and display it.
Related
I have an application that allows the user to upload a file (saving it to in a folder located in the wwwroot of the ASPNETCORE application). From here they can make edits to it and then they can choose to export the file as a csv/ xml/ xlsx which downloads the file to the user's 'downloads' folder.
While debugging in Visual Studio this all works fine however when I publish and deploy the application to IIS I am getting the exception
Error saving file C:\windows\system32\config\systemprofile\Downloads(FILE NAME)
Could not find part of the path C:\windows\system32\config\systemprofile\Downloads(FILE NAME)
This is the current way I am getting the downloads folder:
FileInfo file = new FileInfo(Path.Combine(Environment.ExpandEnvironmentVariables(#"%USERPROFILE%\Downloads"), data.Filename + "." + data.FileType));
However I have also tried the solution that Hans Passant has answered to a similar question here. Both solutions worjk fine while debugging locally however as soon as I publish them, this one produces the exception:
Value cannot be null. Parameter name: path1
Which I presume is thrown at this point here when I try and save the file to the user's download folder.
using (var package = new ExcelPackage(file))
{
var workSheet = package.Workbook.Worksheets.Add("ExportSheet");
workSheet.Cells.LoadFromCollection(exports, true);
package.Save();
}
I don't really know how I would be able to reproduce these exceptions seeing as locally using Visual Studio it all works fine.
Has anyone else came across this issue while trying to download a file?
UPDATE: When the application is running on IIS, it seems to be using that as the user profile instead of the actually user, so when it tries to navigate to the Downloads folder, it cannot find it. How can I force it to use the user's profile?
LoadUserProfile is already set to True.
Web applications have no knowledge of the end-user's computer's filesystem!
So using Environment.GetFolderPath or Environment.ExpandEnvironmentVariables in server side code will only reveal the server-side user (i.e. the Windows Service Identity)'s profile directories which is completely separate and distinct from your web-application's actual browser-based users OS user profile.
As a simple thought-experiment: consider a user running a weird alien web-browser on an even more alien operating system (say, iBrowse for the Amiga!) - the concept of a Windows-shell "Downloads" directory just doesn't exist, and yet here they are, browsing your website. What do you expect your code would do in this situation?
To "download" a file to a user, your server-side web-application should serve the raw bytes of the generated file (e.g. using HttpResponse.TransmitFile) with the Content-Disposition: header to provide a hint to the user's browser that they should save the file rather than try to open it in the browser.
I have a file which is stored at a physical disk say var path = file://Servername/SampleFiles/abc.docx. Now when I am trying to add this into below code
File.SetAttributes(path, FileAttributes.ReadOnly);
With above line of code I am getting URI file format is not supported whereas if I am trying to add path like var path = //Servername/SampleFiles/abc.docx then above line is working fine but I am getting a prompt on Internet Explorer as Only Secure content is displayed
Please guide guide me to remove the IE prompt, I don't want users to disable it from IE, as it will be security issues.
I have a .aspx page in my project inside that there is one <a> link for download .txt files.
Am using Shell32.ShellClass and Shell32.Folder2 for showing Browse For Folder for ask user to Where do you want to save files instead it download on default Downloads folder.
Below is my C# code for showing DialogBox.
Shell32.ShellClass shell = new Shell32.ShellClass();
Shell32.Folder2 flder = (Shell32.Folder2)shell.BrowseForFolder(0, "Select destination folder", 0,"Desktop");
if (flder == null)
{
dlgResult = DialogResult.Cancel;
}
else
{
strPath = flder.Self.Path;
dlgResult = DialogResult.OK;
File.WriteAllText(strPath + "\\NewFile.txt", "file content abc tex...");
}
Problem: Above code working fine in Local but when I host website on IIS it's not working and not showing DialogBox.
Is there any specific Settings or Configurations in IIS for that ? or why it's not working when it host in IIS?
please give me suggestions.
Thanks.
Your C# code runs on the server, not in the web page. When you open a dialog box in this way, it runs in the context of the calling code. When running as part of IIS express (or any web server running as you), it opens in your Windows desktop because it is running as you. When running in IIS, it is running as a different account not attached to your desktop, so it will not show.
I am not aware of a way to invoke the "Save As" functionality to save a file to a different folder in JavaScript. The execCommand function may work but it varies from browser to browser. Some versions of Internet Explorer also limit what file types can be downloaded this way.
I have write some codes for upload file in ASP.NET MVC3 project. In stead of storing file in database, I have uploaded the files in file system and stored the paths in database.
The codes for upload is as follows:-
if (file != null && file.ContentLength > 0)
{
if (path == null)
{
throw new ArgumentNullException("path cannot be null");
}
string pFileName = PrefixFName(file.FileName);
String relpath = String.Format("{0}/{1}", path, pFileName);
try
{
file.SaveAs(Server.MapPath(relpath));
return pFileName;
}
catch (HttpException e)
{
throw new ApplicationException("Cannot save uploaded file", e);
}
}
After saving the file I have used that image with image tag in several views. My codes works fine in local. But when I have hosted the site in windowsazure.com all things are working but the file upload.
How can I get rid of this situation? Please help.
One of the things you need to be aware of before trying to save the file is to ensure that the directory that you are wanting to save the file in exists. Here is a code snippet to ensure the target directory has been created on the target server.
var path= Server.MapPath("~/ImagesDirectory");
if (!System.IO.Directory.Exists(path))
{
System.IO.Directory.CreateDirectory(path);
}
You may want to wrap this is a try/catch to ensure your application has the NTFS privileges to write and create directories in that location. Also, ensure that your path variable is rendering out the path that you think it should be.
Also, if the directory exists in your VS project, but does not have any content in it, then the compiler will not create that directory. To ensure the directory is created when you upload a project, insert an empty text file, such as "_doNotDelete.txt" into that directory and set it's build action to content. This will ensure the directory will be created when you do a publish.
First you should not use web application's folder beside temporary operations. Since Azure means multi-computer environment, resource (image) won't be available for requester if you use more than one instance (machine)
Let's say you uploaded on instance A's local, instance B's local won't have that file and retrieving path from DB won't change anything for instance B. You would never know which instance will give the response to request. (well, you can but it is out of the scope here) But at the end you have to realize that your upload request may go to instance A and your display request may go to instance B which will not be able to retrieve.
Anyway, the best practice is use directly blobs, their whole purpose is this. You may find more details on http://www.windowsazure.com/en-us/documentation/articles/storage-dotnet-how-to-use-blobs-20/
But if you insist on using local path and have no problem losing files (yes it will happen) use Server.MapPath("~/App_Data/...")
Hi I seem to be having a problem when uploading images in asp.net.When I tryed to upload an Image I get this error:
Access to the path 'D:\Projects IDE\Visual Studio\MyWork\Websites\Forum\Images\avatar\userAvatars\aleczandru' is denied.
I have set application pools Identoty to NETWORKSERVICE ando also added the NETWORK SERVICE account to the Images folder with full permision but I still get the same error.
This is my code:
private void addImageToApp()
{
string path = "~/Images/avatar/userAvatars/" + User.Identity.Name;
createPath(path);
if( Directory.Exists(HostingEnvironment.MapPath(path)))
{
//try {
UploadImage.SaveAs(HostingEnvironment.MapPath(path));
// MultiViewIndex.ActiveViewIndex = 0;
//}catch(Exception ex)
//{
// AvatarDetails.Text = ex.Message;
//}
}
}
private void createPath(string path)
{
string activeDir = HostingEnvironment.MapPath("~/Images/avatar/userAvatars");
if( !Directory.Exists(Server.MapPath(path)) )
{
string newPath = Path.Combine(activeDir, User.Identity.Name);
Directory.CreateDirectory(newPath);
}
}
What else can I do to solve this problem?
EDIT
Hi at this point I have full permision control to the following USERS:
Authetificated Users
IUSR
SYSTEM
NETWORK SERVICE
IIS_WPG
Administrator
USers
Is it posible that I need to set any configuration to IIS in order for this to work?
EDIT
I have messed around with SQL-SERVER for the last couple of days in order to make this work so I might have missconfigured something form what I understand NETWORK SERVICE is stored in SQL-SERVER master.db database.I seem to be having two network service logins may this be the problem?I remember when I first checked it I had none now I have two:
EDIT
This is the print with the permisions I added to the folder:
EDIT : Complete error
StackTrace:
In method CreatePath you are creating folder 'D:\Projects IDE\Visual Studio\MyWork\Websites\Forum\Images\avatar\userAvatars\aleczandru'.
Then, you try to save the uploaded image with the filename 'D:\Projects IDE\Visual Studio\MyWork\Websites\Forum\Images\avatar\userAvatars\aleczandru'.
You can't have a folder and a file with the same name. If you try to do this, the OS will tell you access is denied.
I suppose you want to either create a filename inside folder aleczandru, or you meant to save the file as aleczandru.png or something in folder userAvatars.
Assuming your UploadImage is a FileUpload control, you can save the file to the user's folder using the original file name of the uploaded file.
UploadImage.SaveAs(HostingEnvironment.MapPath(
Path.Combine(path, UploadImage.FileName)));
Pls make sure you have full filename with file extention in you path.
Ok... I have done this before for a project to implement a PUT method for http. I dont clearly remember it.. but some hints... if I were in my office I could tell you correctly. here are the hints
You need to add IIS_IUSRS to have access to the folder in windows.
Go to IIS admin console click the deployed site node, and set the permission for the same folder/website requests coming in... I dont remember the which category was it.. that settings pane will allow you to add/modify permissions for POST, GET and other verbs for that matter... when you edit that, you should see options for Administrator, a particular user account, anonymous etc.
may be I will write back tomorrow... exactly how to do it :-)
Try to give the group called users the permission to modify this directory (under security)
You need to find out what user the asp.net upload page is running under. If you haven't changed it, and are not running under impersonation, it should default to the ASPNET user on the local machine. Whatever it turns out to be, give that user read/write permissions on the folder.