I built a WPF C# application that map drives to the local machine. However, I'm trying to make it on website. Is it possible to do it?
I'm doing it by open cmd with Process.Start command in c# in my application.
I read about exec() function in PHP, but is it can help to reach my target or I should try something else?
In short, no you can't do what you want from a web application.
A website runs on a remote server and (rightly) has no control over the machine of the end user who views it. All that happens is the user's browser makes a request to the remote website, and the website returns some HTML (essentially HTML is just text in an agreed format) to display inside the browser. JavaScript code can run to manipulate the structure of the page within the browser, and can send/receive more data from the server.
But for security reasons the JavaScript cannot do anything which changes the state of the end-user's machine. It is caged within the browser environment. It also cannot get much useful info about the user's machine, without the user's explicit, manual consent. Think about if it could - malicious websites (or, arguably worse) malicious code injected into legitimate-looking websites) could steal information from your machine, delete files, map unwanted drives (!), change passwords etc etc - without having to ask your permission. The web would be un-usable for all practical purposes.
Related
I'm developing a web application using MVC which is hosted in web server. Whenever a user accesses the application, it has to fetch the local app data folder from the clients machine.
Is there any possible way to achieve the above mentioned scenario?
I have tried using Environment.Specialfolder, but it is giving the path of web servers local data not the path of client's machine
C# :
string s = Environment.GetFolderPath(
Environment.SpecialFolder.LocalApplicationData);
Server-side code cannot just access files on client's machine. Instead, this functionality should be implemented with client-side scripts.
If you need to let your app persist some data or file on user's machine, and later read that data and send it to the server (or use it on the client), you have plenty of options in the modern browsers:
Cookies
localStorge
IndexedDB
fileSystem API, though it's not part of the standard, so be careful
Fetching an arbitrary file from user's machine is a totally different story, because it has security implications. Here your options are:
Put <input type="file"> on a page and let the user pick a file that will be uploaded to the server.
Use HTML Drag & Drop to let user drag a file onto your page
Develop an accompanying desktop application, which the users will have to install on their machines.
You may also explore the possibility of developing a browser extension, though this will give you very limited access to user's file system, AFAIK. Today the major standards are Web Extensions for mainstream browsers, and Browser Helper Objects for Internet Explorer.
I have a single solution with multiple C# ASP.NET Web Forms projects. I want a way to identify a given browser so that each website can identifier that same browser. I need to do this from the C# Code-Behind code (not with the client code, like JavaScript). I also cannot use the Session because it isn't shared across websites. I don't think cookies are either.
For example, if a user logs onto Website1 and then logs onto Website2 with the same browser on the same computer, I want to be able to identify that. But if a user logs onto Website1 with Chrome and then Website1 with FireFox (regardless of whether it's on the same computer or not), I want to detect that as well.
If it makes any difference, I am using Azure to publish my web projects. So all websites will have similar domains (eg website1.azurewebsites.net and website2.azurewebsites.net).
If you want to track someone using the same browser on the same computer then use a cookie. If the websites have different domains you'll need to be clever because modern browsers have a lot of protection against what they see as tracking cookies. One option is using a hidden interstitial page as described here.
Your second scenario, a user accessing same site with different browsers, I suggest storing the user agent string (one of the request headers) and adding this to a login audit so you can build up a collection of different user agents used by a given user. There are libraries available for parsing user agent strings and extracting name, version, engine etc.
Between these two techniques and a bit of business logic you should get what you need. If you would like me to clarify any of this, let me know and I'll provide more detail.
Preferred Language: C#
Description:
I would like to block a specific URL (ex: www.myurl.com/pages/page), from being opened through any web browser (or even a particular browser if that's easier).
*NOTE:
It needs to be a specific page on the website, not just the domain.
I want to write an application to be able to do this... not use browser extensions or an anti virus.
What I've researched/tried:
Unfortunately you cannot block specific pages with Windows Hosts file, as it only blocks domains (and I tried it myself).
Other than editing the hosts file, I've not found any other ways to go about this.
Detailed steps/explanations would be great.
I have a program that opens a web browser control and just displays a web page from our server. They can't navigate around or anything.
The users are not allowed to know the credentials required to login, so after some googling on how to log into a server I found this:
http://user_name:password#URL
This is 'hard coded' into the web browsers code. -It works fine.
HOWEVER: Some smart ass managed to grab the credentials by using WireShark which tracks all the packets sent from your machine.
Is there a way I can encrypt this so the users cannot find out?
I've tried other things like using POST but with the way the page was setup, it was proving extremely difficult to get working. -(Its an SSRS Report Manager webpage)
I forgot to include a link to this question: How to encrypt/decrypt the url in C#
^I cannot use this answer as I myself am not allowed to change any of the server setup!
Sorry if this is an awful question, I've tried searching around for the past few days but can't find anything that works.
Perhaps you could work around your issue with a layer of indirection - for example, you could create a simple MVC website that doesn't require any authentication (or indeed, requires some authentication that you fully control) and it is this site that actually makes the request to the SSRS page.
That way you can have full control over how you send authentication, and you need never worry about someone ever getting access to the actual SSRS system. Now if your solution requires the webpage to be interactive then I'm not sure this will work for you, but if it's just a static report, it might be the way to go.
i.e. your flow from the app would be
User logs into your app (or use Windows credentials, etc)
User clicks to request the SSRS page
Your app makes an HTTP request to your MVC application
Your MVC application makes the "real" HTTP request to SSRS (eg via HttpClient, etc) and dumps the result back to the caller (for example,it could write the SSRS response via #HTML.Raw in an MVC View) The credentials for SSRS will therefore never be sent by your app, so you don't need to worry about that problem any more...
Just a thought.
Incidentally, you could take a look here for the various options that SSRS allows for authentication; you may find some method that suits (for e.g Custom authentication) - I know you mentioned you can't change anything on the server so I'm just including it for posterity.
Ok I know this is a probably a very basic question but I'm more of a winform person.
Question is simple.
If we Add System.IO to a Web Form . Can we then use a StreamWriter to write a log file to the end user Computer?
For example if page_Load use the following code:
StreamWriter sr=New StreamWriter("C:\abc.log)
sr.Write("ABC")
Then where this abc.log file is created? on webserver or on end user? If on websever then how can we write it on the end user machine?
I want to write a log file on the client machine. What are options? Is using a cookie an option?
No - that is not the way the web works...
You could present the Log as an download, that would be the cleanest solution.
As everyone in this thread has pointed out: this is simply not possible. Now depending on what you are trying to store you could leverage cookies to store some information on the users computer but this can be cumbersome and you are limited to 4K of information. That being said HTML5 offers the new JavaScript objects localStorage and sessionStorage which are basically a key/value dictionaries. localStorage would probably suit your needs best I think since it will persist information on the users PC after the browser is closed. For example:
function logSomeData(message) {
localStorage.logFile += message;
}
function showData() {
alert(localStorage.logFile);
}
If you run the logSomeData function in a browser, close the browser, then come back and run the showData() function the value you added to logFile will be persisted. This isn't a new concept, this is doing exactly what cookies do today except that localStorage is easier to work with (in my opinion) and it can store much more information (2MB to 10MB depending on the browser). It is worth pointing out that this is a new technology so older browsers like IE7 can't use localStorage.
Please let me know if you have any other questions!
As far my knowledge you can't write the client file using asp.net.
In your example you are writing the file where application is hosted.
Means the application server's c:\abc.log
All the code behind in asp.net runs on the server so the code you posted will write to the server machine.
Browsers don't allow interaction with the local machine file system for security reasons
You could use some other technology (e.g. an ActiveX control hosted in a web page)
why you want log file on client site ?
if you want to store some information on client site use cookies
If you're stuck to Internet Explorer 6, the only solution to be able to store client-side data, is to use userData Behavior. It well let you store up to 128kb.
I would recommend you to have a look at jStorage. Which is:
a cross-browser key-value store database to store data locally in the
browser - jStorage supports all major browsers, both in desktop (yes -
even Internet Explorer 6) and in mobile.
It's mainly based on HTML5 localstorage but it will switch to any available technology (like userData Behavior) when HTML5 is not supported.
You could download the text file of log to client machine if you flush the .txt file in the respose object i,e (response.write)