I am trying to save settings for our ASP.NET MVC 4 project in an xml file. In the MVC-part of the solution I made the following path: /Settings/Data/sitesettings.xml.
This xml file has some info about the site and also has the api keys and smtp and ftp info stored. When I run the application on localhost I can access and change the file using
private static string settingsXmlFile = HostingEnvironment.MapPath(".\\Settings\\Data\\sitesettings.xml");
When I deploy the website, it just keeps loading, when I navigate to /Settings/Data/sitesettings.xml I can see the contents of the xml file which is REALLY bad.
So there are a few downsides and I would like to know what the best option would be for saving settings in an xml file. I'd like a (static) class from which I can access and write to the file, and I certainly would like the file to not be publicly available via the link...
How do I fix the issue (site keeps loading when deployed) and how can I make it more secure? Or should I use another way of saving settings?
These extensions are denied by default by IIS, so users can't request them over HTTP. I'd suggest using .config. You can also use the Web.config's AppSettings section to store configuration values.
When I deploy the website, it just keeps loading
That's a different question.
Related
I have developed web application in mvc6. I am uploading pdf files and storing it in the UploadedFile folder. I am trying to restrict direct access through URL. for eg, i am able to open file using below url without login also.
http://192.168.0.118:50814/UploadedFile/1005_Visa_fhgfg_20160731.pdf
This is really dangerous. I disabled .pdf files in request filtering but i want to open those files inside the web application. I tried in many ways but could not resolved. Can anyone tell me what is the approach to fix this? If it is in controller level i would have been fixed. But here direct access is possible. Thanks in advance.
how can i get a list of folders from a website?
Namely I wrote a program that take a URL
And give a list of folders from the website.
I try
Directory.GetDirectories(myURL)
but it not work.
Generally, you will have to have the server run some code to get the list of directories. The client does not have access to the filesystem of the web server, and even using FTP or WebDAV the scope of what can be seen by the client will be limited.
The easiest way would be to create a folders.txt file in every directory on your web server with the name of all child directories. Then use your favorite HTTP API to download the file and parse its contents.
As for websites that are beyond your control: you can't. However you can check if you have access to a folder with a specific name. That should give you some ideas.
You can't directly access the file system on the web server (a .NET security feature). You can however do this when you're running locally (under localhost), but I understand that's not the point. If you're talking about submitting an URL that you don't own, then typically, no, that's not possible.
I am developing a web application in C#.net. I need to edit a file placed on the server in browser it self(Without downloading it on local machine) and when I save that file, the changes should be reflected in file. For this I want to use google API but I don't know how can I use this.
I want to do like below.
When I click on file name, it should open in browser.
When clicked on edit, it open in edit mode in browser using google doc.
When I save that file, the changes should be reflected in my file which is placed on company server.
How can I do all this thing with google doc API?
Install Google Drive on your server.
Edit the file in Google docs, let Google Drive sync it to the local hard drive.
It is not possible for HTTP protocol, because the basics system doesn;t support it. You can open the file but the file will be downloaded to your local machine in then it will open, you have to specify the MIME type in IIS.
You can use two ways to do a similar job done.
1 By Using FTP
2 Customized solution : Make a page put a text field and load the file (.cs) in it and with submit save it to the file back.
You can embed a google doc in Webpages. But the file would be accessed and saved on Google's servers and not your company server:
Wordpress allows you to do it. Potentially you can see if it possible to do it in a similar way:
http://en.support.wordpress.com/google-docs/
I am not sure if Google has an option of accessing docs from servers outside google's domain.
I have a ASP.Net website and in some cases it's generating .pdf-files and .csv files for users to download.
Now my question: What is the default directory for saving that files on the webserver? Is there any ASP.NET Folder like App_... or something like that?
What can you recommend?
If you don't want to reuse the files, stream the files directly without saving it to disk.
If you save it to disk you have to ask yourself if the content of the file is to be available to all users or if it's a bad idea that other users can access the files. If it's a bad idea, the folder you put the files in should be made unavailable to the users by setting access rights correspondingly. You can either do this by putting the folder outside of the web site directory or by setting security settings in the file system or on the web server.
You can basically put the files in any folder that is made writable for the user writing the file (typically the ASP.NET App Pool user). IIRC the App_data folder is writable by default for the ASP.NET user, so that could be a candidate.
You can create your proper folder for this need
Here list of specific Folder (But you don't need):
App_GlobalResources,
App_LocalResources,
App_Resources
App_Themes
App_WebReferences)
App_Code
App_Data
App_Browsers
Here MSDN link about project structure
Link : http://msdn.microsoft.com/en-us/library/ex526337%28v=vs.100%29.aspx
It's really up to you! I would recommend you put them in a sub folder of your solution so that they are self contained and you can easily control security without worrying about folders further down the tree.
Folder is anything you tell it to be. If you have low volume you could just stream the files from memory so they're not stored on the server.
It is also important that you consider whether you are going to have more than one web server, and have servers in a cluster. To be ready for such a case, it is better not to keep the files under the web application folder, and not to access them relatively to the application path, but keep the files in a separate folder that you could easily expose (there will still be security issues) as a network path.
I'm creating an application that is able to generate xml licenses.
The application is secured by forms authentication.
Now the problem is that if I create a physical xml file that file can be downloaded even with the security enabled.
How would you guys secure this license file?
You could put it in the App_Data folder.
Don't know about asp.net, generally though, I'd just create the file someplace in the filesystem which is not accessible through the web, and if needed, relay it through your application, previously checking authentication...