Web Forms :: Protect FileUpload Control Against Virus Files
Jul 28, 2013
I have a webpage where by user can upload jpg file through browse control on my server. Functionality working fine.
I have concern that if any one create virus and assemble it in a form of jpg and upload it on my server which can crash the hard disk or any other disaster.
We are going to start accepting resumes online but I need to know if the uploaded files will be virus scanned before I park them into the database. I thought this would be a server thing but the server admin and the security guy both said they didn't know. We already have a firewall and antivirus software, I just want to know how things work with native ASP.Net controls and not a product to try.
I have developed a web based application in ASP.NET and C# where users have the facility to upload files on the server through this application I want the application to Scan the uploaded files for viruses before saving on the server. Same like when we attach files with our email in Yahoo. Any API which can be integrated in ASP.NET application or any other way you can suggest. We can purchase the licensed version of a product which can achieve this.
the first file selected uploads perfectly - every subsequent file is 0bytes. The code for the upload button is presented below.
Protected Sub cmdUpload_Click(sender As Object, e As EventArgs) Handles cmdUpload.Click Dim hfc As HttpFileCollection = Request.Files For i As Integer = 0 To hfc.Count - 1 If i < 9 Then team = "/Team0" & i + 1 & "/" If i > 8 Then team = "/Team" & i + 1 & "/" Dim myFtpWebRequest As FtpWebRequest
I had implemented FileUpload code. In which for every particular Id, it creates Folder/Directory (if not exist) on Page _load.Then inside that particular Id's folder it will upload single or multiple files.
I am experiencing the following page error when trying to use the FileUpload control on my web page to upload files larger than 3MB or so. The error is as follows:"Problem loading page The connection was reset The connection to the server was reset while the page was loading.
* The site could be temporarily unavailable or too busy. Try again in a few moments.
* If you are unable to load any pages, check your computer's network connection.
* If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web."I suspect this may be due to a timout issue. If so, how can I increase the timeout period for this control / process? I am coding in VB.NET.
Can I upload files without having a fileupload control? I was looking at the HttpFileCollection class, but I believe that only works with the fileupload control.
I'm testing a very simple aspx page on Visual Studio's own ASP.NET Development Server(the local server). On the webpage there is a FileUpload control which can upload jpg file up to 2MB without problems. On uploading bigger files, the browser immidiately show "The web page cannot be displayed". It does not show any exception which really puzzles me. "The web page cannot be displayed" is normally caused by network problem, but in this case it's a local server and it can handle smaller jpg file fine. Whta's the problem here?
We need to upload multiple files using ASP.Net in one go. One option is to use the ASP.Net FileUpload control but it seems that it can't upload multiple files in one go. Any other option or ASP.Net FileUpload control can do multiple uploads in one go with some tuning?
I'm trying to use an asp:FileUpload Control to allow users to upload files (.doc, .gif, .xls, .jpg) to a server that is outside of our DMZ and not the Web Server. We want to have the ability to look at these files for viruses, structure, etc prior to saving them into another directory that would allow access to outside users. From what I have read about this control is that it will allow for files to be uploaded to the web server. Can this control be used to upload files to a server other than the web server? If it can be done where should I look for this type of functionality or how do I force it to go to https:servernamefolder name (Where server name is not the web server)? Would I have to read the file then write it to the other server?
In continuation to my previous research at this link : Security Risks or concerns with the use of FileUpload control of asp.net - how to Scan files during upload, also how to intimate user if file is virus affected and abort the operation. In addition to above, we have McAfee Antivirus installed on our servers. I heard that there is some APIS for this work for Symantac Antivirus but I am not sure about McAfee antivirus.
In my website,I have a home page in which by clicking on an image button,I get redirected to a different .apsx page .This page consists of a FileUpload control and 2 buttons(ATTACH,CANCEL).When a user selects/browses a file from his local machine and click ATTACH button,I display that file in a GRIDVIEW and also push the details of that file like Filename into a DATATABLE. The user in this way can browse multiple files and all of them are added to GridView and also pushed to DATATABLE.Now when the user clickes CANCEL button,I am sending the whole DATATABLE in a session object to the HOME page.Upon clicking SAVE button in the home page,the files in the DATATABLE must get stored in a physical location that I mention in the code. The problem that I am facing is that when I write
The files are not at all getting saved in the location. However If I pass the FileUpload control using Session from the second page,
FileUpload fl=(FileUpload)Session["FileUpload"]
The files are getting saved with the correct filenames but the content of all the files consists of the content of the latest uploaded file.I know what the problem is but unable to get a solution. My Requirement is to save the files in a physical path only after clicking the Save button in the home page.
I use file upload control.........and below this there is upload button which include programming to upload file.........
It is working fine for file size of less than 2mb but when i pick file of 5 mb(say) and i click on file upload button or any other button then outcome is
Internet Explorer cannot display the webpage
I placed break point on upload button but control doesn't go their..........
I am new at asp sites, and just started to use visual studio...
So every page i make, there is another one (source file) linked to it.
Example...default.aspx and with that the default.aspx.vb or default.aspv.cs. I know what those files are for, but how do i protect them from being downloaded from users... Anyone can just type the url, and get my hard work :-/
Please help to understand this RegEx statement in details. It's supposed to validate filename from ASP.Net FileUpload control to allow only jpeg and gif files. It was designed by somebody else and I do not completely understand it. It works fine in Internet Explorer 7.0 but not in Firefox 3.6.
I'm working on a website that streams audio files for the user from a directory on the server machine. How do I protect the audio files from users being able to navigate to the folder and just downloading them locally, but still provide them access to stream them? If I set permissions on the folder via IIS, is there a level that I can set so that the server can stream but not allow anonymous access?I'm sure there is a tutorial or other thread about this out there, it's just hard to search for this specific issue. Any help or a simple link to another thread/tutorial
[URL] .... I am referring to the link given mentioned above, i want to save image details into database of each file, if i select two files i want to save filename in database in each row. ist file in 1 row , second file in next row with file name.
I have a website running on a IIS 7.5 server with ASP.NET 4.0 on a shared host, but in full trust.
The site is a basic "file browser" that allows the visitors to login and have a list of files available to them displayed, and, obviously, download the files. The static files (mostly pdf files) are located in a sub folder on the site called data, e.g. http://example.com/data/...
The site uses ASP.NET form authentication.
My question is: How do I get the ASP.NET engine to handle the requests for the static files in the data folder, so that request for files are authenticated by ASP.NET, and users are not able to deep link to a file and grab files they are not allowed to have?
If a user clicked on a button, which runs a one minute process that MUST stay connected to the file (through the use of FileStream) for writing purpose, and he/she accidentally closed the browser. Currently, when that happens, if the user clicks on the button again, it will return an exception saying that the file is still being used. The part where I write to the file, the code for that is in a class library, which has a destructor (or finalizer, whichever), which calls a Dispose() method. It would usually take about 20 seconds before the file is free again to be used, but is there a way to make it quicker?
I'm thinking the way I'm designing my web app is not the conventional way. How do most people avoid this situation (ie. accidentally closing browser) where a file/resources are not freed up? Do they write into a SQL server instead of a flat file?
Is there any way where I can restrict filetypes in file upload, that is when I click the upload button in fileupload control the dialog shoule show only files of particular type(for ex jpeg)
We have a problem with some people working from home where when uploading 30-40mb (max upload is 50mb) they are timing out. Naturally when these people are on site they have no problems because of the network speed with have. What are peoples thoughts about extening the time out period, working on an 250k upload speed from home, we would be thinking about 20 to 30 mins.