Is it possible to store Clickonce application files in SQL server? - c#

I am publishing Windows form application using ClockOnce in ASP.net web application. I understood that when user click on publish button then the clickonce application will be downloaded. this option is unsecure as anyone who know the download URL can download. to add Authentication I am using httphandler as per David P Henry suggestion from codeproject everything is working fine. I would like to add more security to this approach instead of placing the clickOnce app file in Application Files folder in web app I would like to place these files in SQL Server. So my application should able to download these file from SQL Server and send it to user.
Is it possible in Clockonce?
If possible I would like to know the approach.

Yes it is possible. Use a VirtualPathProvider to read the files from SQL instead of the file system.
As ClickOnce requests the files via http/https it is possible to intercept each request and pass your own version (in this case read from SQL instead of the server's file system).
Linked below is a simple project that shows how to utilise a custom VirtualPathProvider.
http://www.codeproject.com/Articles/16848/Creating-Custom-Virtual-Path-Provider-in-ASP-Net-2
I would suggest converting the directory where the files should be stored to an application and adding the Global.asax to the root of the application.
Then add a handler mappings for *.deploy and *.manifest for the root directory so your VirtualPathProvider will run when each file is requested.
Within the overridden FileExists method (in your VirtualPathProvider) write some logic to return if the file exists or not. You could put some authorisation here but I don't know if ClickOnce caches Http responses, as the server would return a 404 if this function returns false.
Within the Stream Open() in your VirtualFile return a MemoryStream read from your SQL server.
Hope this helps.

Related

How to host a local file for external http access from a C# Windows application

I've a .Net/C# Windows application which can create text/pdf files. My requirement is to make these files accessible via http links for another internal application inside my organization. The internal application only accepts http links (ftp and others are not supported).
I know this can be done manually by placing these files in an IIS server. I would like to know whether there is any easy way to do this programmatically? Once the file is created locally in my application, I should have a http link to access the file.
I'm not sure if I understand your need correctly. You can point it out when anything wrong.
Assuming that the application create pdf files in a folder named PDFile. On IIS, you can add a site and set it physical path to PDFile folder. If you enable Directory Browsing, you can see all files when enter the url of this site in browser like this:
When you want to access these file from an external machine, just enter the url http://serverIP:port/PDF file name for example http://xxx.xxx.xxx.xxx:80/mycustomefile.pdf. No need to set anything programmatically.

How to open a local file from a web client/server

I'm trying to add a link in a project that will open a tutorial that explain how to use the system.
The tutorial is only relevant to those who work in the company so I figured it would be best to place the the tutorial on our company network drive and only redirect to this file from web client. In that way it will also be easy to change the tutorial without reuploading the system.
The problem seems that chrome is blocking me from opening a local file from the web client.
But if I remember correctly there are web sites that can open a local pdf files. so why I can't open the tutorial? It is basically a presentation (I think in flash, not really important) that you can open by opening a html file.
Is there any alternate solution for this?
I'm also okay if chrome will ask the user if he is sure that he wants the file to be opened or something like this.
But I don't want to add files directly to my project code because it will require reuploading the whole project to only update the tutorial.
I'm using ASP.NET Framework in the backend and Angular in the Frontend.
No person with a brain would use a browser that lets it open local files. You mean you come to my site to watch cat videos and all the while the browser is opening your banking files or stealing your excel sheet marked "my passwords?". not even close! A browser cannot open local files period!!! To high of a security risk.
You can of course EXPOSE a folder to the web server, and then ANY file in that folder becomes part of the web site and MORE important becomes part of the web server "URL" mapping.
So, you can have your typical site (in say inetpup\wwwroot. In that folder then ONLY valid urls to files in that web site folder are allowed.
And say you have some big file server on your network full of files? Well, then you can add to the site what is called a virtual folder.
So, say the web site is on
c:\inetpub\wwwroot
So, any valid URL typed in a by a user (or your code launching a web page) is now
http://mysite/default.aspx
The above file of course maps to
c:\inetpub\wwwroot\Default.aspx.
So, say you have a folder on the network full of pdf's you want users to see/view/use?
Well, say that folder is:
\SERVER5\PpdFileArcive.
So, that folder is NOT part of the web site. What you do is add a virtual folder to the asp.net site. Lets call it MyPdfs
You map MyPdfs to the above \SERVER5\PdfFileArchive
So, now your URL becomes this:
http://mysite/MyPdf/help.pdf
So, the browser can NOT look at local files on your computer (and would you actually think that is ok that my web site can rummage around on YOUR local computer? Not!!!!).
So you can have some folder sitting on your local network. And if the web site is on that SAME network, then you can add a virtual folder to the web site. That "external" folder will then become part of the web site and mapped to a web "URL" that will then allow you to say have hyper-links, or even allow the user to type in ANY url like:
http://mysite/MyPdf/HowToCookPotatos.pdf
In fact, in many cases you do NOT want users to type in URL's, and in often you do NOT want the users to be able to type in a url.
Well, keep in mind that code behind (the .net code running on the web server) is really the same as .net desktop code. That code behind can open/read/use any file anyplace on the network - including files on your desktop. But that would assume the web server is on the SAME network as you, and it would assume that say even a desktop program running on ANY computer has rights to YOUR desktop folder. (and that's not the default - I think most desktops have a shared public folder).
So, code behind on that web server can open, read/process any file. But you NOT be able to say use a hyper-link, or say a valid URL to get at those files.
Since a company often does NOT want to expose that big huge pdf folder to the wild and crazy internet? Then what is common done is that you do NOT create a virtual folder, and you do NOT map URL's to that internal company folder. you have the code behind OPEN + READ and then STREAM the file down to the browser. You can google and find 100's of examples - just google stream a pdf to browser for how this works. But again, keep in mind that this trick/suggestion STILL is limited to code behind running on the server being able to directly access and open that file sitting on a folder. That file can be any place on the network as long as the web server has rights to read/open/use such files. Users of the web site will not have any possible URL to type in, but if the code behind has such rights or the ability to open such files, then web code can be written to "dish out" or so called "stream" that file to the browser.
So keep in mind the concpet of a web URL (a valid web path name), and that of code behind that does NOT use URL's to open and read files - but you use plane jane regular windows file path names.
Of course if you have a virtual folder and a URL exposed to end users, then code behind STILL often needs to process/open/copy or do whatever with that URL the user typed in. That's where server.mapPath comes in. it will translate the URL value to a full internal path name.
So
Code behind = ALWAYS needs a full valid windows path name.
URL -web folders (including virtual folders that point to server folders). These URL's can be used in hyper-links, web navigation, and even allows the user to type in a full valud URL to the given pdf in that folder (but the user will type in a valid URL that resolves to that folder).
So while you can't for all practical purposes have a browser read/get/use local files on a YOUR computer? You can certanly setup a folder on some server (even the web server) that has all those pdf's, pictures or whatever you want. And with a mapped virtual folder, then the Web users can then consume such files.
Or if you want to keep things locked down, don't want users typing in URL's to files that might not belong to them? Then you can of course maintain a list of files say in a database or whatever. And the code behind can read such files 100% directly with a full valid internal path name and then PUSH (stream) that file out to the user.
Here is a example of such code:
Stream PDF to browser?

Folder selection in MVC web application c#

I am working on one MVC web application project, which require one field called folder selection just like FolderBrowserDialog in windows application.
Help me to find that FolderBrowserDialog for web application. Is there any solution for folder selection in MVC??
Short answer is no. You can use a to select a file, but modern browsers will not send a path for security reasons (and your browser does not have access to paths on the server)
There is no such control (except using ActiveX Control or Java Applets), so don't waste your time to look for it and you can not get any folder path(on the client machine) with JavaScript due to security reasons.
Why don't you just allow the user to download the file and user will select the folder where he wants that file to be saved or else it will get saved in default folder of the browser.
Hope it helps, thanks.

Creating FTP client for asp with C#

I have a little problem because on my website I can't really set permissions for the directories, it just doesn't work. I use filezilla and when I try to set them to some subdirectories of a default directory of the server that is publicly readable and writable it doesn't send me an error but when I want to save a file in one of that subdirectories from an asp page I get an error telling that I haven't got the permission to do so, I tried setting 777, so it should work. Using C# I created a FTP client that allows me to edit those subdirectories (those I couldn't edit from the asp page). My question is: can I create an asp page that uses a FTP client to access one of those subdirectories????? Thanks!!!
As I mentioned before you could try WCF and stream files to your server using a web service.
WCF could be fairly complex; however, there is plenty of tutorials online. You could start with this simple tutorial and adjust it to accomplish what you need. They even provide source code.
Basically what you need is a web service with one method, say:
void UploadFile(Stream object)
Then you need to create a web reference from your client (windows form app for example) by providing the address of your WCF web service. This will automatically create the classes you need to execute the method.
This site has more info about streaming files:
set permission to the account that your website uses to access any directory.By default in IIS iis_user account is used.Chage your web site user account to ftp user or any account that have the permission to access those directories.You can easily change this permission using iis7 manager.

How can I hyperlink to a file that is not in my Web Application?

Ok, my web application is at C:\inetpub\wwwroot\website
The files I want to link to are in S:\someFolder
Can I make a link in the webapp that will direct to the file in someFolder?
If its on a different drive on the server, you will need to make a virtual directory in IIS. You would then link to "/virtdirect/somefolder/"
You would have to specifically map it to some URL through your web server. Otherwise, all your files would be accessible to anyone who guessed their URL and you don't want that...
Do you have another virtual directory/application pointing to s:\someFolder? If so, it's just a simple link.
Are you trying to stream files back? If so, take a look at Response.TransmitFile and Response.WriteFile.
Otherwise, maybe you could create a handler (.ashx) to grab a specified file and stream its contents back?
i think there are only two ways
1) make a virtual path wich points to download directory
2) call a your aspx/ashx handler wich load file locally and send it to client.
A solution which works at the OS level rather than the webserver level is to make a symbolic link.
Links to files are supported on Vista and links to folders ("junctions") are supported on Win2000 onwards.
That depends on the configuration of your web server. Probably not. You don't want the web server to be able to access any file on the hard drive (ie your passwords file), so only those files configured to be accessible in the web server's configuration files are accessible and can be linked to. Usually these are all kept under one directory. You could, of course, copy someFolder and place it under your web directory, then it would be accesible, or if you are sure it is safe, change the configuraton of your web server to allow access to that folder.

Categories

Resources