I have a asp.net/c# web app. When do user leave a certain page, I would like to delete 1 particular temp file on the client machine, in the temp file folder. Can I do this at all? Can I do this server side or client side?
Thanks.
You can't delete a file from the end users machine - without using something like an ActiveX. That would tie your users to Internet Explorer though.
A better solution might be to set the applicable caching directives so that the browser doesn't store the file in its cache, that way it won't actually be written to disk (I'm assuming here that the file is one that is being pulled down by the browser as part of viewing/loading the page).
For example:
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetExpires(DateTime.Now.Subtract(new TimeSpan(1, 0, 0, 0)));
Response.Cache.SetNoStore();
If you really wanted to do this, and it wasn't as simple as preventing a file from being cached then as I said, using an ActiveX would be pretty much the only option. If you were going to develop an ActiveX control to do this, I'd strongly recommend you review MSDNs documentation on Per-Site ActiveX Controls. Deploying an ActiveX control, even within an intranet, that allowed files to be deleted from the end users PC from any domain could only be considered reckless at best, negligent at worst.
For security reasons, this is completely impossible.
(Unless you're asking to delete your own cookie)
If you don't want the browser to cache your files, you can use the HTTP caching headers.
Related
I have a simple question in which I couldn't find an exact answer to, that question being:If I created an ASP.NET webpage, is it possible for someone to steal my C# source code?And if so, how can I protect my webpage's source code from being stolen/dumped/reverse engineered?
Please if you do know anything about this, as many replies as possible would be greatly appreciated! Thank you guys so very much, even if you just give me an idea on this topic! :)
Are you talking about a corporate user or a regular user?
Someone accessing your website from a web browser, like a standard user can not access your aspx/cs server side code. However if you are talking about a corporate user, if they browse to your web server and have access to your inetpub\wwwroot directory (or wherever your source resides) they have full read or maybe even write access. It all depends on the type of user, and the user security system in place for your domain, whether the person trying to get in is part of your domain and has proper privileges on your server. Also some client side scripts are exposed to user's as well.
So as far as server side scripts, users not part of your domain, and stringent security settings on your web server, are all factors contributing. But I think you mean in the context of a user just trying to access code from the web browser without any additional permissions. Which in this case would be no.
Not a complete answer but your C# code will be better protected if you use a Web Application rather than a Web Site. Your C# code will be compiled so even with an FTP access (or a direct access to the production server, if you suspect an inside threat), one won't be able to download your .cs files. Of course, one can download .dll and reverse engineer but that's something.
Read more about Web Apps vs Web Sites here : http://msdn.microsoft.com/en-us/library/dd547590.aspx
To the best of my knowledge there is not a way for someone to steal your asp code unless you allow them to see the file itself. If you view source you will see that the majority of the asp code has been changed either to html or javascript.
If I created an ASP.NET webpage, is it possible for someone to steal my C# source code?
Yes it is, there just to many ways how this can happen, vulnerability in the hosting environment, IIS exploit, your code allowing to download things etc. Just accept that your libraries (I assume they are compiled by the time you deploy) will be downloaded and protect them accordingly.
How can I protect my webpage's source code from being stolen/dumped/reverse engineered?
You cannot have an ultimate protection, but you may make life complicated for the person trying to reverse engineer it. Probably the most effective solution is to use code obfuscation. You may also want to read more general documentation on this topic, such as Design Guidelines for Secure Web Applications.
I have a lotus notes web form in which computer-illiterate customers will use to attach Excel files and submit them to our company. I am using a Lotus Notes File Upload Control to allow them to do this, however, I need to default this File Upload Control to a certain directory location. I have already created a C# application the customers will be using, which places all of these excel files in a certain directory location, hence the reason I need to focus this File Upload Control. Unfortunately, some of the customers are computer challenged enough to not know how to navigate to these files on their own. Is this possible at all?
I'm assuming the users will be visiting a web page with the File Upload control, yes? If I'm misunderstanding please let me know and I'll delete this answer.
The simple answer is it isn't possible. The problem is that the browser can't know anything about the file structure of the clients that visit the site, so a "default path" property doesn't really make sense. It would likely only work in very specific environments (which is maybe true in your case, but not across the web in general)
I would investigate using the Notes API to have the C# program handle the upload without involving the browser client use of the file upload control. I don't know enough Java to be sure, but perhaps that might also be an option -- basically writing your own custom upload control that only asks the user for the filename.
You may also be seriously underestimating the ability of the users to follow directions. If your page identifies which directory the file will be found in, I expect most users will be able to follow the directions and upload from the correct directory.
So, I'm sure that accomplishing what you want to accomplish is possible in Notes, just not as simply as adding a default directory to the File Upload Control.
The Plan
I need to upload a file without causing a full page refresh.
The uploaded files should be stored in a temporary place (session or
cookies).
I will only save the files in the server, if the user
sucessfully fills all the form fields.
Note: This is one of the slides of a jQuery slider. So a full refresh would ruin the user experience.
The Problem
If I place a Fileuploader Control inside a AJAX Update Panel, I wont be able to acess the file on the server side.
Note:From what I have found so far, this happens due to safety reasons.
Can't be done without co-operating binaries being installed on the
client. There is no safe mechanism for an AJAX framework to read the
contents of a file and therefore be able to send it to the server. The
browser supports that only as a multipart form post from a file input
box.
The Questions
When storing the files in a temporary location, should I use session or cookies? (what if the user has cookies disabled?)
If preventing a postback, really is against the standarts of user safety. Will it harm my website reputation? (regarding SEO and such)
Which road to take?
C# ASP.Net with AJAX? (is there a workarround?)
C# ASP.Net + AJAX Control Toolkit? Does it helps? (using the AsyncFileUpload control)
C# ASP.Net + jQuery Control? (won't I have problems fetching the data from the JavaScript?)
C# ASP.Net + iFrame? (not the most elegant solution)
The total amount of cookies that you can use is limited to a few kilobytes, so that's not a viable option to store a file. So sessions would be the only remaining. Consider also to save the file in the file system and remove it if it's not going to be used, as storing files in memory (session) will limit how many users you can handle at once.
No, for functions like uploading files you don't have to worry about that. Search engines doesn't try to use such functions when scanning the page.
You can use an AJAX upload in browsers that support direct file access, but there is no way around doing a post if you need to support all browsers. However, the post doesn't have to end up loading a new page, you can put a form in an iframe, or point the target of a form to an iframe.
I don't really know how to explain what I want to do.
I will try to explain what I am doing. I built a website in ASP.NET 4 (WebForms) and I want that my brother will be able to click on a button, choose a file from his computer and it will be uploaded to my server.
I have no idea how to do it. It sounds very hard to do and I am really stuck with this for a few days now.
I don't care if it will be with JavaScript, HTML or C#, I just really need it to work.
There's an ASP.NET control made just for that, the FileUpload control. Here's a handy example.
Note that it's notoriously difficult to style if you want to apply CSS and make it elegant, but there are more advanced ways around that. Also, this won't give your web application access to the client's local files or anything like that, it's just a standard file open dialog box for the user to select a file and upload it.
I also highly recommend doing a lot of input checking when accepting files. File type, file size, etc. are all important.
you have 2 options really.. use a traditional fileupload control (from the toolbox) or use the Ajax AsyncFileupload control.
either way it will allow your brother to upload a file from his computer to your server.
We all know that it is possible to "open" a Word document (or file from any arbitrary application) by clicking on a website link and then clicking the Open button.
I also know that, if I want to upload an application document to a web server, I must first save the document to my computer, and then go to an upload page, click a file/open button, find my saved file and upload it.
But is it possible to save a document to a website location or Url, effectively skipping the first save step and uploading the file to the web server through the Save dialog of the application, directly?
How would this be done in ASP.NET MVC?
It really depends on how complex you want to make it. This is pretty much what "web folders" offered (via WebDAV), but in general it creates more problems than it will ever fix. I don't recommend this approach.
Your best bet to make this simple is a dedicated client app - perhaps (although this is a dubious example) how Office talks to sharepoint. In a simpler example, you could create a silverlight out-of-browser application that saved via a web-service to a site using WCF or similar.
I think there is some creedence in what #Marc says. Personally I'd probably map a drive to the web site in question, if that's possible, and have a folder to upload to.
Then I'd have .Net check changes to the folder and take those files and import them into the repository, whatever that may be.
It's still an imperfect solution and I'm not sure there is a correct solution as yet.
I guess you could always write, and I can't believe I'm writing this, macros to save to the ftp location.
I'd guess you have a few choices, in no particular order:
Web service that the application can reference and upload through.
REST service (WCF or otherwise) that the application can POST to.
HttpHandler or MVC controller action that the application can POST to.
WebDAV directly to the server.
Number 3 sounds like it's closest to what you were looking for ("How would this be done in ASP.NET MVC?"). Scott Hanselman has a good article on handling file uploads in MVC on his blog.
When you implement the client, there's a little bit of a trick to that, too, since you can't just POST like usual; you have to post in multipart/form-data format. I posted a blog entry with some sample code on how to do that.