Security :: Viewing Files In A Directory By Typing Path Into Url?
Apr 14, 2010
I have a directory that holds some images for my site. I have noticed that if i put in the my web sites address followed by "/directoryname/imagename.jpg"
it displays the image i have in that directory. Is there anyway to disable this or stop this from happening? so that the images can not be displayed like this
I have some images and text files that are used by web pages that are available to anonymous users and therefore those files can be viewed directly from a browser.
Is there a way to avoid this and allow the files to be viewed only when a page in the web site calls it ?
I have a page that shows a list of the files in an upload directory. ie: My customer uploads a file through my web page and the file ends up in the proper directory. When I click on a file name, the url path is missing the directory name. It's as if my customer uploaded directly to my root. Interestingly, when I upload a file through the same web page, the path remains intact and I am able to click on the link and download the file. How can I get the proper path in my url name. Here is my code .
I wrote a chat client 1-1 but I need a way to be able to detect if the user is typing and display "UserA is typing message..." just like MSN messenger or yahoo messenger.. how can I detect that?
I want to view the existing files in a directory which is "~/Images". Now the code below works fine and it shows the files (with its name and other details) in this directory very well in a data grid. The name is a hyperlink, but when I click on it, it tries to view the file in "~" (i.e current working directory) instead of "~/Images" and therefore reports the server error as - "file not found".
Also, how to implement if I want the save as option when I click on the file, so that I could save it directory locally instead of viewing it in browser?
VB Code-
Imports System.IO Partial Class uploaddoc Inherits System.Web.UI.Page Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load Dim dirInfo As New DirectoryInfo(Server.MapPath("~Images")) articleList.DataSource = dirInfo.GetFiles("*.gif") articleList.DataBind() End Sub End Class HTML (ASP.NET) Code - <%@ Page Language="VB" AutoEventWireup="false" CodeFile="uploaddoc.aspx.vb" Inherits="uploaddoc" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <%@ Import Namespace="System.IO" %> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title></title> </head> <body> <form id="form1" runat="server"> <div> <asp:DataGrid runat="server" id="articleList" Font-Name="Verdana" AutoGenerateColumns="False" AlternatingItemStyle-BackColor="#eeeeee" HeaderStyle-BackColor="Navy" HeaderStyle-ForeColor="White" HeaderStyle-Font-Size="15pt" HeaderStyle-Font-Bold="True"> <Columns> <asp:HyperLinkColumn DataNavigateUrlField="Name" DataTextField="Name" HeaderText="File Name" /> <asp:BoundColumn DataField="LastWriteTime" HeaderText="Last Write Time" ItemStyle-HorizontalAlign="Center" DataFormatString="{0:d}" /> <asp:BoundColumn DataField="Length" HeaderText="File Size" ItemStyle-HorizontalAlign="Right" DataFormatString="{0:#,### bytes}" /> </Columns> </asp:DataGrid> </div> </form> </body> </html>
I need to stop people using the URL bar to get inside secure folders with web pages in when logging in , ive used roles and security trimming and have a site map which resticts users to see only the pages they are entitled to view.
I have zip files in one directory . I want to iterate through all files and check the file size. If file size <>0 kb then want to move to another directory. How can I do that?
I will have my asp.net site on a shared hoster. Whats the best way to prevent others hacking and viewing my code? The code I most want to secure is in usercontrols and some more code is in class modules. vb.net/MSVS2005/Ajax) Or do I secure the whole site? I also here some encypting code tools cant handle sophisticted code. Also does encryption slow down code and make the site harder to manage...
My basic question is, can a virtual directory in IIS point to a physical path that's not on the local machine? For instance, right now I have a virtual path /NaturalGasReport/NYMEX which points to physical path C:Program Files (x86)NymexSettleNATGAS_REPORTNYMEX, but I want it to point to a physical path on a difference PC on the same network. Is this possible? (I know I can just try it out so I apologize for asking but I thought it would be best to get an explanation along with "yes" or "no"). If you want more detail, this is what I need to do. To make a long story short, because of a vendor product we are using that won't run on a 64-bit operating system, I have to run a program called Generate_NGReportData.vbs (it's a vbscript program) on a PC I will call 28. It uses a vendor product which produces jpg files which are graphs of the Natural Gas market. The machine where I wish it could run is called RTEST01 but this machine runs a 64-bit OS and the components won't work there. RTEST01 has the databases. So, I created a datasource on 28 which points to RTEST01's database. The vbs program will read the data, generate the reports, and write one row to a database table on RTEST01. RTEST01 has to run the complimentary program which sends these reports (via email). 28 is not an email server so it can't email the reports. So on RTEST01 I will run Send_NaturalGasReport.vbs. This program creates an email body of html. The html references [URL]NaturalGasReport/NYMEX/" & Day(nymex_update_dt) & ".jpg which is a virtual directory pointing to C:Program Files (x86)NymexSettleNATGAS_REPORTNYMEX. I need it to point to the folder and files on 28.So if my initial question has a simple yes answer then I am all set. If not, examine my architecture and propose an alternative solution.
I'm trying to deploy my web project to my local IIS server (C:inetpubwwwrootlunchbox). By default the in is created inside the project directory - i.e lunchboxin. This setup, however, gives me the following error when I try to open the site:
When I move the in directory outside the project root (i.e C:inetpubwwwrootin), the site opens up just fine. I'm also able to test the web project from Visual Studio without any issues.
Can someone tell me why I have to move the in directory outside the project root to make the site work? What can I do to not have to do this?
i have a asp.net web application and i need to take a full Directory path (for ex: http:\<server><websitename>folder1 est.lst) and parse the name of the folder that has test.lst file. The directory tree can vary and i just need a generic way to parse this path and find the directory name which has the file.
I have a page where im listing out the files within a directory. How can i get the path to the files that are listed?
in other words, i want the path to the file to be like this:
http://server.com/files/pdfs/mypdf.pdf
but using this string url = Request.RawUrl.ToString(); returns [ http://server.com/files/pdfs/default.aspxMYPDF.PDF ]
That file is actually within a sub directory of the pdfs folder. So the link is obvisously not correct. Ive tried other suggestions found online, but those return the link like this [ http://server.com/files/pdfs/MYPDF.PDF ] again missing the subdirectory it actually belongs to.
To start with then we have a LinkButton whose text is actually an image tag. The image it links to is a Png and resides in a folder in the web directory. This is IIS V6 and win Server 2003.
The path is [URL]
Admin is a virtual directory configured in IIS.
The above url doesn't work but if you change it to [URL] (lowers case 'a') then the image is served, change it back to 'A' and it takes you to login, you log in and it loops back to log in. change to 'a' and voila the image is served. Weirdly this problem doesn't always occur and I have hunted for a resolution for days to no avail.
I am trying to profile the number of "Anonymous Requests" for an ASP.NET web application using perfmon. When I select this key, I have to pick a process of the form _LM_W3SVC_#_ROOT. How do I map the IIS metabase path back to the web application?
I have created a setup for my application which is having both website and desktop application. i m supposed to changes connection string in both the config files at runtime. i used following code :
I created a virtual directory in the Visual Web Developer, according to this post:
[URL]
I want the user to upload / download documents in the mvc app to that virtual directory. When a document is uploaded, I'm specifying the path to the document to be stored for later retrieval like so:
~/VirtualDirectoryName/FileContent.docx. But when I try to open that as a link in th app,using ResolveUrl, it appends the port number after localhost like so,[URL], I get a document not found, since it really should be, [URL].
The example above is specifying that all directories will be locked down to anonymous users except the two directories dir1 and dir2. I'm curious if there is a syntax that I can use that will allow me to define more than one directory within one location element. For example, it would be convenient if we could do something like this...
I have an image ItemTemplate within a FormView, where the ImageUrl is the photo_file_name. However, I want to add "~/uploads/" at the begining of the photo_file_name.
Below is the code:
[Code]....
So for example, if the photo_file_name is Jellyfish.jpg I want it, the ImageUrl to be ~/uploads/Jellyfish.jpg without having to change the photo_file_name in the DB.
I'm using urlrewriting to rewrite my url. Let me introduce my problem by bellow example: Here is old url: http://localhost/test/pages.aspx?pageid=1 I have 2 cases to rewrite:
I have a standard FileUpload control, which calls a class library, where the file becomes HttpPostedFile. In beta versions of my page, I've been able to successfully use HttpContext.Current.Server.MapPath(filename)to save the file. The class library does various functions, including saving the image into /uploads and a thumbnail into/thumbs.
But now, after tidying up the layout of the site, the upload aspx page has moved to a subdirectory 'members'. I had assumed (wrongly) that calling the upload function would act as normal. However, now I receive an error because of where the page is originating from: The code wants to save the file in the non-existant folder /members/uploads and /members/thumbs
My question is: Apart from hard-coding the directory structure of my hosting provider, is there any way to use an equivilent to server.mappath which will recognise the root path of the website, and ignore sub-folders?
One method which solves my problem is to append "../" to the start of the file location, eg HttpContext.Current.Server.MapPath("../" & filename) ...However, as many pages will be able to call the upload class library (and not all of them in a sub-folder) I want to make sure I'm not always back-tracking on the subfolders.