I need to provide a way for corporate users to view/download an excel file that's located on a network share. I'm sure that IIS has read access to that location, and I can navigate to it via the browser like so:
\corp.it.com\root\shared\test.xls
But for the life of me I can't get this to work with an href or a hyperlink or a response.redirect. I've tried a bunch of different things - slashes in both directions, prefacing it with file://, but no luck. I've also tried impersonating a valid user and I can read/copy the file from my code, but I can't use that impersonation to actually navigate to that location.
Any thoughts?
Thanks.
This shouldn't involve IIS at all, you just need a correctly formatted file://... URL. As the spec is file://machinepathisvalidfrom/path, you can omit the machinepathisvalidfrom as localhost is implied but you MUST leave the \s in place. This leaves file:\\\ followed by the UNC with / changed to \:
file://///server/share/file.txt
Note that this can be browser dependant.
See the file:// spec, and other sources
Related
Background: The division I work at within my company has a company intranet webpage with quick links to files and directories located on our local server, and within a shared drive from another server at a different location within the company. The users have the shared drive mapped on their machine using their credentials, and then they can use the home web page to quickly navigate to common files or directories. This worked fine for many years with IE, but it does not in Edge or other common browsers due to a security violation: "Not allowed to load local resource: " Now that IE's support is ending soon we want to get the links working in Edge to use.
Our ASP.NET Core application runs within IIS, and on our local server. Alternatively, I can use an action method instead of the absolute path to a file on the local server since the application is hosted on it. I do this by using the drive letter and full path to the file to read into a byte array and return as a File. I do not know how to do this for the shared server, where users can download files and open up a folder within the browser.
Currently we have static links to a file like: File
or Directory: Directory
I can copy the absolute path into any browser: file://///shared-server-name/Folder and it will show me the folder and its contents. I just can't do it through the HTML markup outside of IE.
What I've tried so far:
Instead of the static links, I tried redirecting to the absolute path using an action method in the controller:
public ActionResult GetFile()
{
redirect("shared-server-name/Folder")
}
This returns an error in the browser: "It looks like the webpage at https://localhost:*****/home/getfile might be having issues, or it may have moved permanently to a new web address."
I tried doing impersonation to see if it was because of the app identity the application was using:
IPrincipal p = _httpContextAccessor.HttpContext.User;
if (p.Identity is WindowsIdentity wid)
{
await WindowsIdentity.RunImpersonated(wid.AccessToken, () => {
bool exists= Exists("shared-server-name/Folder");
log.Debug(exists);
return Task.CompletedTask;
});
}
returns false for exists.
I understand the reason for the security error, but because this is an intranet site, and the access to the shared drive is only through users who are provisioned to it, we'd like to keep the same setup within Edge going forward.
From this blog written by EricLaw (Edge PM), we can know that
For security reasons, Microsoft Edge 76+ and Chrome impose a number of restrictions on file:// URLs, including forbidding navigation to file:// URLs from non-file:// URLs.
The behavior is by design in Edge and there's no option to disable this navigation blocking in Edge. The only thing you can do is using one of the three workarounds listed in the blog:
Open the website in IE mode.
Use extensions like Enable local file links.
Enable group policy IntranetFileLinksEnabled for Edge 95+.
For the group policy, please note that https://localhost/ is considered internet zone by default and can't be configured by the policy.
The Setup
I am building an app using ASP.NET MVC3, the application makes use of sub domains, i added the following in my hosts file : 127.0.0.1 students.localhost.
This all seems fine, when i debug, the browser opens up localhost:{PORT}, i can browse the site, i can also open up: students.localhost:{PORT}, and the site works perfectly.
In case you were wondering, i made use of: Maarten Balliauw's code to achieve the routing requirements in MVC and subdomains
The Problem
I need to somehow find out what subdomain the user is accessing the site from. If i debug, my and go to my subdomain:http://students.localhost:{PORT} Request.Url is : http://localhost:{PORT}, for some reason the deubugger (or ASP.NET Development Server) is not picking up students.
Please do not go into the TLD descussion trying to explain what a subdomain really is, all i need is the first string after http://. in local and production this WILL be my subdomain.
Thanx in advance
UPDATED:
I managed to get the desired result by making use of:Request.Headers["host"], it would be interesting to find out why Request.Url does not contain the students substring.
The easy way to do this is to put a fully qualified domain name in hosts. If the production site is subdomain.domain.com, I like to use subdomain.domain.local and just map this to 127.0.0.1.
new System.Uri(Request.RawUrl).Host
I think this will be the real hostname.
Lets say I have a web site hosted on a computer named "linux" and it is part of two different networks with the addresses 192.168.1.1 and 10.1.1.1. When working locally on "linux", I can access this web site through the following URLs :
http://192.168.1.1/
http://10.1.1.1/
http://linux/
http://localhost/
http://127.0.0.1/
Working on another machine on the network "10.1.1.0/24" I can use the following :
http://10.1.1.1/
http://linux/
But on "192.168.1.0/24" I can only use :
http://192.168.1.1/
http://linux/
I'm developing an application that compares URLs, and on this application's context two URLs are equal if they point to the same resource.
Is there a quick way of doing that kind of comparison using the URI class in C# ?
There's no way the URI class will help you; it can only determine if two URIs are the same URI, and they're only the same URI if they have the same server name / IP address.
The best option is to download the resource from both URLs and see if it is the same resource by checking for equality and assuming that two resources are the same resource if they're the same sequence of bits.
That isn't an option for me, the perfomance cost could be too great. I was hoping for something that could match the 'host address' part of the URI's, then all that was left to compare would be the relative path and port... – Thiado de Arruda
Unfortunately, there is nothing in the framework that will do what you want out of the box, because there's no reliable way of mapping different host names to the same host and therefore the same resource.
You are going to have to have some sort of mapping of hosts to the various aliases of those hosts and query for them yourself. The URI.Host property will get the host name of the URI in question for you, but you'll have to translate it yourself. Nothing in the framework is going to be able to do it for you.
You may be able to do this with beautiful soup using python (scrape the page and check if a few elements are the same) however it will be slower since you'll need to pull the actual web data.
I have a situation in which there is a login page.After successfully logging in,i 'm redirected to http:\localhost\default.aspx.I want that after logging in my browser url should look like www.abc.com but the pa ge opened would be http:\localhost\default.aspx.I'm not able to do this using URL rewriting
Unfortunately, this is not possible for internet users - you can't 'fake' the URL that your user is looking at. Otherwise evil-doers could re-write 'www.istealyourmoney.com' as 'www.trustworthybank.com', etc.
The only possible option I can think of is if your users are all on the same local area network. In that case, you can add an entry to your HOSTS file with www.abc.com aliased to 'localhost'.
As said by JBRWilkinson this is not generally possible, however if you want to do this just to help you build out a site while you work on it locally, add an entry to your HOSTS file (on Windows: C:\Windows\System32\Drivers\Etc\Hosts) that maps www.abc.com to 127.0.0.1. You want to add a line that looks like this to the end of the file:
127.0.0.1 www.abc.com
Then you can access your local development website with the URL www.abc.com. Note that this will also block access to the live version of that website on your machine.
can't we achieve using IIS url rewrite?
http://www.codinghorror.com/blog/archives/000797.html
One of our application will be run in an iframe, inside salesforce and I'm having troubles with accessing the referer. They'd like us to do some referer checks, to make sure the request is coming from salesforce and we've been given the IP addresses to check against.
My problem is that anytime I try to access the referer through either of the following two methods:
HttpContext.Current.Request.ServerVariables["HTTP_REFERER"]
HttpContext.Current.Request.UrlReferrer
it returns me null.
Any ideas how could I get hold of the referer?
PS: I'm aware that you can spoof the referer, but it's part of the requirement.
If I understand the question correctly you have client sites that refer to your site by embedding IFrames in their webpages the point to your site. You wish to "ensure" that the requests are coming from host page which itself is part of a designated set of sites. The set of designated sites is described by a set of IP addresses. Does that cover it?
Tricky. First off lets assume you've got a referer. You will need to aquire the host name from it (easy enough using the Uri type). Then you need to resolve the IP address for the host name using DNS (again not too difficult with .NET framework).
Of course you need to get a referer and that is the trickiest bit. Browsers do not always place a referer header in the request. This is especially true when the referee address is not in the same domain as the referer, which is the case here. IOW, this is a showstopper.
A better approach to solving this problem (and is not prone to spoofing) is to use some hash based authentication. Doesn't have to be too sophisticated (if the original requirements felt the referer testing was sufficient anyway).
A referrer is only there if the page was requested through a link. When a page is opened say from the address bar in a browser by typing in the address directly (or in your case y setting the src. of the IFRAME), the referrer will be empty.