I have 2 asp.net mvc2 projects in a solution. One is normal site for visitors use and the other one is admin back-end which is going to be separated by sub-domains like test.com and admin.test.com. The scenario is like admin will add a new item(e.g product) with image and test.com will use that image to display product. Both application are sharing one db. so there is no problem to get the item details that is coming from the db. but for item image that has been uploaded in admin directory(admin.test.com) - any idea how to get it from general domain(test.com) to display??
Also what is the best way of separating the resources like image files or even css or js files across sites and how to access them?
p.s.I'm using shared hosting.
Thanks!
You can upload to a third sub-domain or to the front end domain.
You upload to a physical folder. This folder can be an appSetting value or so.
So, you get similar settings to those in web.config appSettings:
<add key="ProductImagesPhysicalFolder" value="x:\websites\frontend\product-images" />
<add key="ProductImagesFolderUrl" value="http://frontend.com/product-images" />
Upload to the physical folder (given you setup permission in ISS to allow write access to that folder), and have a helper method like GetProductImageUrl(string imageFilename) to get the URL of the image given its filename (saved in DB).
Related
I would like admins to be able to upload pdf files to a unique directory that contains a webconfig file that only allows admins to view the pdfs.
When the pdf is ready to release to the public the admin would flag it appropriately and the codebehind would modify the webconfig so it is public.
I need this to function at runtime.
My thought was to have a template directory with a private webconfig. Web the admin uploads a pdf it will copy the template directory and webconfig to a new location then insert the pdf. After it is ready to release the admin sets a flag and the code changes the webconfig to public. Again all at runtime.
The important point here is that the path to the pdf never changes once it is uploaded.
I have found code to copy directories and modify a webconfig. The problem is copying a webconfig file from one location to another during runtime.
example webconfig (private)
<configuration>
<system.web>
<authorization>
<allow roles="private" />
<deny users ="*" />
</authorization>
</system.web>
</configuration>
example webconfig (public)
<configuration>
<system.web>
<authorization>
<allow roles="public" />
<deny users ="*" />
</authorization>
</system.web>
</configuration>
I'd recommend using a DB in order to manage this private/public flag. However if you need to use a web.config file for this you can look at the System.IO namespace which allows you to edit and move files around. Just be careful using it as it allows you to do a lot of things to files/folders. See for ex. https://learn.microsoft.com/en-us/dotnet/api/system.io.file.copy?view=net-6.0
As noted, if static URL's are not required, then you can present a link of "my files" or whatever, and display then say in a grid.
You can secure the say UploadFiles or whatever folder for ONLY admin users. And then provide say a grid like this:
And by using a database, then it is MUCH easier to upload and catagorize files by each customer (if that's what you want).
And then a simple flag or setting in the database row controls if the file is read for the users to see (or download).
In above, if you cick on the PDF file preview, then I download the (stream) the file to the user.
The code is much like this:
Dim btnLink As ImageButton
btnLink = sender
Dim strInternalFile = btnLink.Attributes("iFile")
Dim binFile() As Byte
Dim strConType As String = ""
If File.Exists(strInternalFile) Then
strConType = MimeMapping.GetMimeMapping(strInternalFile)
binFile = File.ReadAllBytes(strInternalFile)
Response.ContentType = strConType
Response.AppendHeader("Content-Disposition", "attachment; filename=" + Path.GetFileName(strInternalFile))
Response.BinaryWrite(binFile)
'Response.WriteFile(strWebUrl)
Response.End()
so the above just downloads the file to the users browser.
As noted, if static links are required, and thus files are not dished out on a "per user" or "per logon", then you could sill have a landing page that shows "ready" documents" or "list of available documents" as a URL, but some type of UI or grid display like above would then display, and then a user click on some button to "download" the file would then occur.
I don't think trying to hack away at web config going to make sense. How will that work with multiple users? And a page already loaded will cache those settings. All in all, trying to mess with web config, and working in a multi-user environment I don't think would work.
Toss in caching issues, and all kinds of other things? If there are some files the users are to see or not see? Then provide a UI, and not simple URL's to the files - this will HUGE increase security of the site anyway.
and then a database system becomes the management system for the users - not some web config that going to not really provide any kind of per user controls over that process anyway. Even if you always create some new folder based even on user logon "ID", then having to build some administers page(s) in which you need a easy way to turn on, or allow the user to get and see some files is now some UI and interaction by software that can simple "update" a flag or setting in a database.
I just don't see how a viable workflow can occur by trying to mess with web.config, and I not even sure that already cached pages etc. would work correctly anyway.
I would not go down that road - it just too much of a hack approach here.
And I also added a extra column to the database with a GUID column. So I can provide a URL with a GUID that points to the file. I take the GUID from the URL, fetch the one row, and now I can check that file owner by ALSO having stored the User_ID in that database row. So, now logged on users ONLY can get at their OWN files that belong to them. And of course its then trival to add "admin approved" flag or what not to show/allow the files to be used and seen by that one user.
I have an ASP .Net site which requires users to log in i.e. http://www.example.com.
They login and upload images which are stored under the images folder, under the root of the site i.e.
MySite
App_Code
App_Data
Images
Employee Images
Employee1.jpg
Employee2.jpg
Employee3.jpg
Country Logos
Country1.jpg
Country2.jpg
Country3.jpg
....
I now have a second project completely separate from the above. I need to display the images from the above location but if i use http://www.example.com/images/ i am forced to log in.
How could i access the images without logging in?
You need to write controller function in order to access files in the protected directory. Then control access to that controller.
I have a site that's about to be taken down in month's time. What I need to do is place a robots.txt to prevent the search engine from indexing it any longer. However, after I placed the file on the root of the solution in the web server, and tried to check if I can access it by typing www.sitename.com/robots.txt, it just refreshes the screen or perhaps just returns to the home page. My application is running in MVC 3.
Things I've already tried:
Added modules runAllManagedModulesForAllRequests="true" in web.config
Used Dynamic Robots.Txt using IHttpHandler and Controller/Action approach (based on this link robots.txt file for different domains of same site)
Played around with MIME Types (removed .txt and back)
I am expecting to see the contents of the robots.txt file same as when I access a css file or js file just by appending the file name in the URL.
I have this in my web.config:
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="UserFiles"/>
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
I think I am going about this the wrong way, but I can't seem to find the right way to google this. I want to grant download access to only that folder 'UserFiles'. I need to do this via the web.config since the live environment will be on Azure, so I will not have a machine to RDP into to change this is IIS.
First, if you are using Azure web role and not Azure Websites, you should be storing this stuff in a blob. Second, are these files needing to be secured so that only authenticated users can access them (or even users can only access their own files?).
Lets assume that anyone can download any file from the server. If that is the case, create a directory called UserFiles underneath content. Now, you can simply link to those files like so
MY File title
Now, if they are secured behind an authentication scheme, things get tricky. You don't want just anyone to be able to download those items. So, lets take a few steps to secure them.
1.Create a folder called UserFiles at the top level of your solution.
2.In your web.config, let's make it to where no one can access it
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="UserFiles"/>
</hiddenSegments>
</requestFiltering>
</security>
3.Create a MVC controller, lets call it files, that you actually will use to deliver the files to the user. In here, let's make an action called download that takes in a file Id (assuming you are storing file information in the database)
public FileResult Download(int id){
//perform logic to see if user has access to this file
//if access, return the file
//else return a 404
}
Now, your file download link will look like
#Html.ActionLink("My File Title", "Download", "Files", new{id = Model.Id})
MVC and your code will have access to the UserData folder, while an outside web user will not. Use the controller/action to gate your content
Files in App_Data will not be served to the end user, by design.
App_Data is used to store data files. From the MSDN:
App_Data contains application data files including .mdf database files, XML
files, and other data store files. The App_Data folder is used by
ASP.NET to store an application's local database.
The content of application folders... is not served in
response to Web requests, but it can be accessed from application code.
It would be pretty bad if people could download stuff, like your database, out of App_Data.
You'll need to move the UserFiles folder outside of App_Data.
I am working on a website where the images and other files are handled by a handler named resources.ashx. These files are not stored in any folder but are fetched from database.
The problem is the access to some of the files is restricted, whereas some images and files are open to all.
Lets say the path to one of the restricted image is :
../website/resources.ashx/restrictedimage.jpg
If an unauthenticated user types in this url, he will have access to the image straight away.
I want to restrict that.
P.S. -> I can't change the handler as I am referencing it from some other project.
May be an HttpModule can help you out. Handle the AuthenticateRequest event, parse/compare requested url and users/roles.
You can use authorization rules in your web.config to control access to the files (ie urls) or your choosing based on user/group membership.
See:
using multiple authorization elements in web.config