I have one website created in IIS and the root web-share has some sub-folders for stroring html files.
However, user is able to access the html files if they know the file Path for example : www.test.com\html\Page1.html
Is there any way to disable direct access for this ?
Please note that this application is hosted on IIS 7.5 and is .net application
If you really don't want end users to access them, having them under the wwwroot folder is a risk.
Move the whole structure of folder and files that you want to "hide" out of the root of your website.
You might be able to use the location tag in the web config to restrict access to certain users or roles.
https://support.microsoft.com/en-gb/help/316871/how-to-control-authorization-permissions-in-an-asp.net-application
Related
This relates to my previous post.
https://stackoverflow.com/questions/45937117/c-sharp-unbale-to-access-
downloads-folder?noredirect=1#comment78832001_45937117
What I want is to access "Downloads" folder from an ASP.Net web application.
string pathUser =
Environment.GetFolderPath(Environment.SpecialFolder.UserProfile);
string pathDownload = Path.Combine(pathUser, "Downloads");
string commentImagePath =pathDownload +"\\test.png";
Then I realized that the above code works in a Desktop application.
That is the UserProfile is available in that "Environment", but not in the web application's environment.
I have some download happening, and the content will be downloaded to the "Downloads" folder.
That is why I need the "Downloads" folder . I need to access that content.
Please help me with this.
Think that the Downloads folder is different for each user in the system , so you'll get c:\users\usera\downloads and c:\users\userb\downloads. So when you mean Downloads, you actually mean a different physical path.
At the same time, your ASP .NET application, if hosted in IIS will impersonate a specific user, so make sure that user has enough privileges to the path of interest. Also consider that the Downloads folder might be a folder that Windows will protect by default from being accessed across accounts.
I think you'd be better off saving files to a specific folder relative to your root of the website. Otherwise try to map specific folders from your drive as a Virtual Directory in IIS so the site would see it as relative to root, whilst in reality it lives somewhere else.
I have 4 independent ASP websites deployed in IIS server.
I access my website images using relativePath so i have root/path_to_files (something like that).
My problem is i want to access website1 images folder from website2 and so on, web3 access web4 (you get the picture).
I tried absolutePAth but security reasons (not safe) blocked me.
I`m reading the name and path of the repositories from a file.
What can I do, without remaking all or create a central repository(and upload all files there).
EDIT 1: using url is locked but i can unlock.
I can use url to get/list folders and images and use them ? Like resolve a url in a relativePATH to other website?!
Central repository the site is allready in production it will have big impact time/benfit to do that.
Have you considered symbolic links? You can make a shared image folder. Then each folder can see that "image" folder as its own.
how can i get a list of folders from a website?
Namely I wrote a program that take a URL
And give a list of folders from the website.
I try
Directory.GetDirectories(myURL)
but it not work.
Generally, you will have to have the server run some code to get the list of directories. The client does not have access to the filesystem of the web server, and even using FTP or WebDAV the scope of what can be seen by the client will be limited.
The easiest way would be to create a folders.txt file in every directory on your web server with the name of all child directories. Then use your favorite HTTP API to download the file and parse its contents.
As for websites that are beyond your control: you can't. However you can check if you have access to a folder with a specific name. That should give you some ideas.
You can't directly access the file system on the web server (a .NET security feature). You can however do this when you're running locally (under localhost), but I understand that's not the point. If you're talking about submitting an URL that you don't own, then typically, no, that's not possible.
I have a ASP.Net website and in some cases it's generating .pdf-files and .csv files for users to download.
Now my question: What is the default directory for saving that files on the webserver? Is there any ASP.NET Folder like App_... or something like that?
What can you recommend?
If you don't want to reuse the files, stream the files directly without saving it to disk.
If you save it to disk you have to ask yourself if the content of the file is to be available to all users or if it's a bad idea that other users can access the files. If it's a bad idea, the folder you put the files in should be made unavailable to the users by setting access rights correspondingly. You can either do this by putting the folder outside of the web site directory or by setting security settings in the file system or on the web server.
You can basically put the files in any folder that is made writable for the user writing the file (typically the ASP.NET App Pool user). IIRC the App_data folder is writable by default for the ASP.NET user, so that could be a candidate.
You can create your proper folder for this need
Here list of specific Folder (But you don't need):
App_GlobalResources,
App_LocalResources,
App_Resources
App_Themes
App_WebReferences)
App_Code
App_Data
App_Browsers
Here MSDN link about project structure
Link : http://msdn.microsoft.com/en-us/library/ex526337%28v=vs.100%29.aspx
It's really up to you! I would recommend you put them in a sub folder of your solution so that they are self contained and you can easily control security without worrying about folders further down the tree.
Folder is anything you tell it to be. If you have low volume you could just stream the files from memory so they're not stored on the server.
It is also important that you consider whether you are going to have more than one web server, and have servers in a cluster. To be ready for such a case, it is better not to keep the files under the web application folder, and not to access them relatively to the application path, but keep the files in a separate folder that you could easily expose (there will still be security issues) as a network path.
In a WebMatrix web site, where User Profiles are dynamically generated from the Database, where and how should I store user uploaded content?
I don't want this content to be publicly viewable unless the user has chosen make their profile, and uploaded content Publicly viewable.
But I can't just shove it all in a separate directory, since all you need to do is guess the location where such content is stored, and then browse the list of files in that dir. So, should I place it outside my \root directory (I don't think this is possible in some Shared hosting environments), or should I somehow insert this content into a database? (I'm trying to avoid this option as best as I can).
For content like Images and Videos, I was thinking that I should use a trusted Storage provider / image host type service where I would have API access used to store and retrieve these files, and then just store a link to the file uploaded to the file storage host in my database?
You could either
Store the extra files along the other user details in the database. (you probably want to discuss this with the db admins before implementing your storage like this)
Put the files on a fileshare your ASP.NET application has access to but that is not accessible from the web.
Turn of directory browsing and put the files there. "everyone" can't browse all files but it does mean that anyone that has a direct link can download that file without being logged in.
I would go with option 2: Put the files in a directory not directly accessible from the web and channel all downloads through your web app so that you control who can download what.