Another question from me. This wont be an easy one!
I'm having issues with handling a simple upload.
Pre Requirements to test with:
- No Flash (hijacking)
- Basic upload field usage + form to post
- Max file size is 20MB (web.config maxrequestlength)
- I'm running the web site with the build in IIS development tool in visual studio (i think)
- I'm using a MVC web project
Question: Is it possible to show a nice error message to the user when a file is larger than 20MB? (Without getting the whole file to the server first)
These links helped me the most:
http://www.telerik.com/community/forums/aspnet/upload/maximum-request-length-exceeded.aspx
ASP.NET MVC: Handling upload exceeding maxRequestLength
http://forums.whirlpool.net.au/archive/809909
http://forums.asp.net/t/1106579.aspx/1
Catching "Maximum request length exceeded"
But still i haven't been able to fix the issue. Atm i use the code of the accepted answer of the last link (Catching "Maximum request length exceeded"), but my code crashes when i run the code line below:
this.Server.Transfer("~/error/UploadTooLarge.aspx");
Error message: Error executing child request for ~/error/UploadTooLarge.aspx.
I think i get this message because i'm using VS.NET's build in web server (see: http://forums.asp.net/t/1106579.aspx/1 last post of that page).
I'm affraid i made the whole question a bit hard to read. In short:
How can i show a neat error message when i uploaded file is too large (using S.NET's build in web server)?
If you don't want to send to whole file to the server first, then your only option would be javascript.
The FileReader object would solve that for you
https://developer.mozilla.org/en-US/docs/DOM/FileReader
Problem being it won't work on older browsers.
Now, if older browsers are not a problem for you then you should find plenty of tutorials showing you how to use the FileReader object. With it you can do asynchronous uploads so you even add a nice progress bar considering is fairly large file.
Related
I have this specific scenario:
The user is sending me request which contains a URL to a file in my private repository.
The server side catch this request and Download the file.
The server making some calculation on the downloaded file.
The server sending the results back to client.
I implemented this in the "Naive" way. Which mean, I downloading the file (step 2) for each request. In most cases, the user will send the same file. So, I thought about better approach: keep the downloaded file in short term "cache".
This mean, I will download the item once, and use this for every user request.
Now the question is, how to manage those files?
In "perfect world", I will use the downloaded file for up to 30 minutes. After this time, I won't use it any more. So, optional solutions are:
Making a file system mechanism to handling files for short terms. Negative: Complex solution.
Using temporary directory to do this job (e.g. Path.GetTempFileName()). Negative: What if the system will start to delete those files, in the middle of reading it?
So, it's seems that each solution has bad sides. What do you recommend?
This is my first time developing this kind of system, so many of these concepts are very new to me. Any and all help would be appreciated. I'll try to sum up what I'm doing as efficiently as possible.
Background: I have a web application running AngularJS with Bootstrap. The app communicates with the server and DB through a web service programmed using C#. On the site, users can upload files and reference them later using direct links. There's no restriction to file type (yet), so just about anything is allowed.
My Goal: Having direct links creates a big security problem for me, since the documents/images are supposed to be private data. What I would prefer to do is validate a user's credentials when the link is clicked, then load the file in the browser using a more generic url path.
--Example--
"mysite.com/attachments/1" ---> (Image)
--instead of--
"mysite.com/data/files/importantImg.jpg"
Where I'm At: Not very far. My first thought was to add a page that sends the server request and receives a file byte stream along with mime type that I can reassemble and present to the user. However, I have no idea if this is possible using a web service that sends JSON requests, nor do I have a clue about how the reassembling process would work client-side.
Like I said, I'll take any and all advice. I'd love to learn more about this subject for future projects as well, but for now I just need to be pointed in the right direction.
Your first thought is correct, for it, you need to use the Response object, and more specifically the AddHeader and Write functions. Of course this will be a different page that will only handle file downloads, so it will be perfectly fine in your JSON web service.
I don't think you want to do this with a web service. Just use a regular IHttpHandler to perform the validation and return the data. So you would have the URL "attachments/1" get rewritten to "attachments/download.ashx?id=1". When you've verified access, write the data to the response stream. You can use the Content Disposition header to set the file name.
As I have been requested by my instructor to use AntiXss library in the development of my senior project, I am facing a lot of difficulties of using this library because of the lack of resources on the web. A part of my project I have an upload file function where the user will be able to upload files, and after uploading his files, he will be redirected to the same page to see some other information. Everything works fine, but when I added AntiXss library and use it with the following line only, I got this error
(HTTP 400 Error - Bad Request)
and I don't know why. Could anyone tell me why I am getting this error? And how to fix it?
C# Code:
Response.Redirect(Encoder.HtmlFormUrlEncode(Request.Url.PathAndQuery));
Break up your code and look at each step:
Take the incoming request's URL, and extract out the path and query.
Run that through a form-based encoder
Redirect to that string
What do you think a form-based encoder would do in order to prevent XSS attacks?
Try this:
Response.Write(Encoder.HtmlFormUrlEncode("http://www.stackoverflow.com"));
What is written out? Try putting that in a web browser, and you'll likely get a 400 (or a 502) error.
Request.Url.PathAndQuery
The above syntax returns `/Cambia3/Temp/Test.aspx?query=arg`
For further url references check this
HtmlFormUrlEncode gets string and encode as parameters. for further info on that see here
Many might have had experience using File Upload widget from Yahoo User Interface library. The docs and community all know how to receive the files on the server using another server technology other than ASP.NET. If anyone has indeed used the widget in their asp.net pages could you share the code on
How to receive the uploaded files Stream/Bytes to a file.
How to check Integrity of the File
How to check if file was received correctly.
Also i would love to do it in single page because doing so i would learn how to differentiate between a normal webpage request and the one caused my file upload widget
Yahoo Upload Widget can be Found here: https://developer.yahoo.com/yui/uploader/.
Have you tried looking at postedfiles collection though? The API looks like it does a standard post. If it does, the just use that collection.
If it doesn't, then you need to use the inputstream property on the request object to read the incoming bytes.
Using something like Fiddler or firebug will tell you how it's making the request. Look for the request type being multipart/mime
edit
Checking the file integrity & whether it was uploaded correctly are pretty much impossible. The only way I can think to do it is to have the user generate a hash of the file then upload the file & the hash & you check the hash is valid. ie not really practical.
All you're getting is a stream of bytes. you have to assume when the stream ends, it ended cleanly & you got all the file.
I answered my own question with code over here.
http://labs.deeptechtons.com/asp-net-tuts/how-to-upload-files-asynchronously-using-yahoo-uploader/
I have a .NET 4 application that uses Process.Start(URL); to open the user's default browser and take them to my update page if they accept an update request. This works fine for most people, but I'm getting crash logs from some users where this fails with:
System.ComponentModel.Win32Exception (0x80004005): The system cannot find the file specified
I have chastised myself for ignoring the possibility of failure here and using naive examples from the web and now I'm trying to work out what to do. My first instinct is to show a general "Couldn't open browser, here's the URL" message and maybe add a button to copy it to the clipboard, but can I do better?
A more robust way to open the URL? Although this seems to be the standard answer to questions about opening URLs, is it really the best way?
Something more informative to say to the user? Does failure mean a misconfiguration on the user's machine? Virus-scanner blocking access, maybe?