I'm creating an application that is able to generate xml licenses.
The application is secured by forms authentication.
Now the problem is that if I create a physical xml file that file can be downloaded even with the security enabled.
How would you guys secure this license file?
You could put it in the App_Data folder.
Don't know about asp.net, generally though, I'd just create the file someplace in the filesystem which is not accessible through the web, and if needed, relay it through your application, previously checking authentication...
Related
I developing a web application using ASP.NET. The users can download an excel template from the site. Now, i want to check the integrity of the file to check whether the file is the same as that on server and it is not corrupted. I can get md5 hashcodes for the file on the server by identifying the path using server.mappath() method but how can i get the location of the downloaded file to generate and check the hashcodes.
how can i get the location of the downloaded file to generate and
check the hashcodes.
You can't. (and thats a good thing). Also, you shouldn't.
You can't access client's system resources through browser. You may use ActiveX (or others browser/OS specific) to do something like that but a better option would be to just provide the hash with each download and let the user verify the file integrity.
I am trying to save settings for our ASP.NET MVC 4 project in an xml file. In the MVC-part of the solution I made the following path: /Settings/Data/sitesettings.xml.
This xml file has some info about the site and also has the api keys and smtp and ftp info stored. When I run the application on localhost I can access and change the file using
private static string settingsXmlFile = HostingEnvironment.MapPath(".\\Settings\\Data\\sitesettings.xml");
When I deploy the website, it just keeps loading, when I navigate to /Settings/Data/sitesettings.xml I can see the contents of the xml file which is REALLY bad.
So there are a few downsides and I would like to know what the best option would be for saving settings in an xml file. I'd like a (static) class from which I can access and write to the file, and I certainly would like the file to not be publicly available via the link...
How do I fix the issue (site keeps loading when deployed) and how can I make it more secure? Or should I use another way of saving settings?
These extensions are denied by default by IIS, so users can't request them over HTTP. I'd suggest using .config. You can also use the Web.config's AppSettings section to store configuration values.
When I deploy the website, it just keeps loading
That's a different question.
how can i get a list of folders from a website?
Namely I wrote a program that take a URL
And give a list of folders from the website.
I try
Directory.GetDirectories(myURL)
but it not work.
Generally, you will have to have the server run some code to get the list of directories. The client does not have access to the filesystem of the web server, and even using FTP or WebDAV the scope of what can be seen by the client will be limited.
The easiest way would be to create a folders.txt file in every directory on your web server with the name of all child directories. Then use your favorite HTTP API to download the file and parse its contents.
As for websites that are beyond your control: you can't. However you can check if you have access to a folder with a specific name. That should give you some ideas.
You can't directly access the file system on the web server (a .NET security feature). You can however do this when you're running locally (under localhost), but I understand that's not the point. If you're talking about submitting an URL that you don't own, then typically, no, that's not possible.
I have a ASP.Net website and in some cases it's generating .pdf-files and .csv files for users to download.
Now my question: What is the default directory for saving that files on the webserver? Is there any ASP.NET Folder like App_... or something like that?
What can you recommend?
If you don't want to reuse the files, stream the files directly without saving it to disk.
If you save it to disk you have to ask yourself if the content of the file is to be available to all users or if it's a bad idea that other users can access the files. If it's a bad idea, the folder you put the files in should be made unavailable to the users by setting access rights correspondingly. You can either do this by putting the folder outside of the web site directory or by setting security settings in the file system or on the web server.
You can basically put the files in any folder that is made writable for the user writing the file (typically the ASP.NET App Pool user). IIRC the App_data folder is writable by default for the ASP.NET user, so that could be a candidate.
You can create your proper folder for this need
Here list of specific Folder (But you don't need):
App_GlobalResources,
App_LocalResources,
App_Resources
App_Themes
App_WebReferences)
App_Code
App_Data
App_Browsers
Here MSDN link about project structure
Link : http://msdn.microsoft.com/en-us/library/ex526337%28v=vs.100%29.aspx
It's really up to you! I would recommend you put them in a sub folder of your solution so that they are self contained and you can easily control security without worrying about folders further down the tree.
Folder is anything you tell it to be. If you have low volume you could just stream the files from memory so they're not stored on the server.
It is also important that you consider whether you are going to have more than one web server, and have servers in a cluster. To be ready for such a case, it is better not to keep the files under the web application folder, and not to access them relatively to the application path, but keep the files in a separate folder that you could easily expose (there will still be security issues) as a network path.
We have two separate web applications for a site: One for the site itself, and one for the cms/administration side. I'm not sure why the original developer designed it this way, but whatever.
I am tasked with adding some functionality to the administration side that uploads files. These files then need to exist within the folder structure of the actual site. I was thinking I might have to write a web service that sits on the actual site that accepts the file bytes and file name from a call within the administration site, and creates the file in the correct folder, but I was wondering if anyone had any ideas about a cleaner way to accomplish the same thing.
In general, how would you tackle a scenario where you upload a file on one site, and send it to the directory structure in another?
Thanks in advance!
The solution I ended up going with is to store the full file path to the other site in the web.config. It's not the most elegant solution, but it works and I'm mildly happy with it since it is easily maintainable across dev/staging/production.
You could create a Windows Service to transfer the uploaded files from one folder to another.
After a file is uploaded on the admin site, the windows service moves the file over to the correct location on the other site. You just need to decide how to communicate with the service - you could add details about the uploaded file to a message queue that the service monitors or perhaps you windows service might just watch the upload folder for any new files.