I have some files in a shared location/folder. I need to provide a link/path on a webpage. If an user click on the link, user should be able to view the file.
I am using asp.net with C# (VS2010)
Is the above requirement is possible ?
If yes please help me in enabling this feature.
Thank you in advance
It should be possible using something like file://server/share/path/to/file.txt. Firefox is a lot more tolerant of encoding of characters in filenames than IE, so you may need to use Server.UrlEncode on the file path.
What I would do is to write an ASHX Generic Handler where you pass the requested file name as an URL parameter and that ASHX handler actually fetches the file for you, sends it to the browser.
This has these benefits in my opinion:
It uses the HTTP protocol, not the FILE protocol.
You are keeping internal structures internal, without exposing them to the visitors.
You can implement access rights and other things since the files are streamed through your handler, and are not directly delivered by the web server (IIS).
If NTFS security permissions are an issue you might use impersonation for fetching the files from your shared folder location. I've written a small impersonator class some years ago to simplify this task.
Related
Is there anyone hehe who has experience with uploading very large files (3-5Gb) in Blazor and know if it works well, eg using c#, JavaScript manual shunk up files or HTML5 File API multipart upload? Preferably without a third-party library.
I also have a general question about the scenario of a logged in user if there are no special restrictions set for allowed file types possible to upload, what security concerns can still be handled using c#, JavaScript client, server side with regard to eg OWASP?
The only way I have gotten it to work properly is to make a native call to an API that is running on the same server.
You can use fetch or ajax to do so.
An example on how to use fetch: https://flaviocopes.com/how-to-upload-files-fetch
After it has been uploaded you can check the file location using dotnets file system.
You can always check the file extension however I would not recommend allowing just anyone to upload files to your website.
There is an API for virus total, I have not used it so look it through yourself!
https://github.com/Genbox/VirusTotalNet
You have to do it using pure javascript or jquery any attempt to do it using c# will use signalR and that has a very slow upload.
I have developed web application in mvc6. I am uploading pdf files and storing it in the UploadedFile folder. I am trying to restrict direct access through URL. for eg, i am able to open file using below url without login also.
http://192.168.0.118:50814/UploadedFile/1005_Visa_fhgfg_20160731.pdf
This is really dangerous. I disabled .pdf files in request filtering but i want to open those files inside the web application. I tried in many ways but could not resolved. Can anyone tell me what is the approach to fix this? If it is in controller level i would have been fixed. But here direct access is possible. Thanks in advance.
how can i get a list of folders from a website?
Namely I wrote a program that take a URL
And give a list of folders from the website.
I try
Directory.GetDirectories(myURL)
but it not work.
Generally, you will have to have the server run some code to get the list of directories. The client does not have access to the filesystem of the web server, and even using FTP or WebDAV the scope of what can be seen by the client will be limited.
The easiest way would be to create a folders.txt file in every directory on your web server with the name of all child directories. Then use your favorite HTTP API to download the file and parse its contents.
As for websites that are beyond your control: you can't. However you can check if you have access to a folder with a specific name. That should give you some ideas.
You can't directly access the file system on the web server (a .NET security feature). You can however do this when you're running locally (under localhost), but I understand that's not the point. If you're talking about submitting an URL that you don't own, then typically, no, that's not possible.
Ok I know this is a probably a very basic question but I'm more of a winform person.
Question is simple.
If we Add System.IO to a Web Form . Can we then use a StreamWriter to write a log file to the end user Computer?
For example if page_Load use the following code:
StreamWriter sr=New StreamWriter("C:\abc.log)
sr.Write("ABC")
Then where this abc.log file is created? on webserver or on end user? If on websever then how can we write it on the end user machine?
I want to write a log file on the client machine. What are options? Is using a cookie an option?
No - that is not the way the web works...
You could present the Log as an download, that would be the cleanest solution.
As everyone in this thread has pointed out: this is simply not possible. Now depending on what you are trying to store you could leverage cookies to store some information on the users computer but this can be cumbersome and you are limited to 4K of information. That being said HTML5 offers the new JavaScript objects localStorage and sessionStorage which are basically a key/value dictionaries. localStorage would probably suit your needs best I think since it will persist information on the users PC after the browser is closed. For example:
function logSomeData(message) {
localStorage.logFile += message;
}
function showData() {
alert(localStorage.logFile);
}
If you run the logSomeData function in a browser, close the browser, then come back and run the showData() function the value you added to logFile will be persisted. This isn't a new concept, this is doing exactly what cookies do today except that localStorage is easier to work with (in my opinion) and it can store much more information (2MB to 10MB depending on the browser). It is worth pointing out that this is a new technology so older browsers like IE7 can't use localStorage.
Please let me know if you have any other questions!
As far my knowledge you can't write the client file using asp.net.
In your example you are writing the file where application is hosted.
Means the application server's c:\abc.log
All the code behind in asp.net runs on the server so the code you posted will write to the server machine.
Browsers don't allow interaction with the local machine file system for security reasons
You could use some other technology (e.g. an ActiveX control hosted in a web page)
why you want log file on client site ?
if you want to store some information on client site use cookies
If you're stuck to Internet Explorer 6, the only solution to be able to store client-side data, is to use userData Behavior. It well let you store up to 128kb.
I would recommend you to have a look at jStorage. Which is:
a cross-browser key-value store database to store data locally in the
browser - jStorage supports all major browsers, both in desktop (yes -
even Internet Explorer 6) and in mobile.
It's mainly based on HTML5 localstorage but it will switch to any available technology (like userData Behavior) when HTML5 is not supported.
You could download the text file of log to client machine if you flush the .txt file in the respose object i,e (response.write)
I need to let a company push information up to my site.
The best way to explain what I am talking about is to explain how it is currently done with their previous website:
This company uploads a CSV file to an FTP set up by the website. The website then processes the CSV file and puts it into an SQL database so that it can be used by the website.
In this case, I am the website and I am working with the company. Both sides are willing to change what they do. So my question is...
What is the best way to accept batch information like this? Is there a more automated way that doesn't involve FTP? In the future I may have a lot of companies wanting to do this, and I'd hate to have to setup accounts for each one.
The project is C# ASP.NET MSSQL
Let me know if you need more information...
Set up a web service to accept incoming data. That way you can validate immediately and reject bad data before it ever gets into your system.
If you want to eliminate FTP, you could allow them to upload files to your site leveraging using FileUpload. Once the file is uploaded you can do your server side processing.
EDIT: From the OP's comment's it seems to be an automated process. That said, if their process generates the file, you could:
Allow them to continue their current process which would involve them generating their file and placing it somewhere where it could be accessed via a URI with authentication, you could access this file on a schedule and process it. From what it seems right now they generate a file and upload it to your FTP server, so there seems to a manual element to begin with.