I want users to be able to upload images for profile pictures.
Are there any guidlines as to how this should best be handled?
eg - where to save the images? and folder structure to use.
- make it difficult for users to browse through everyones profile pics?
thanks.
I don't mean to be a wet blanket if your into writing this yourself, but I would just use http://en.gravatar.com
But to answer your questions directly:
Are there any guidelines as to how this should best be handled? eg - where to save the images? and folder structure to use. - make it difficult for users to browse through everyones profile pics?
Generally this is going to depend greatly on the setup of server environment. Do you have multiple web servers? Do you have a database server you want to use? Do you have an images only domain you want to use? etc.
The simplest approach is to write them to the file system and use code to retrieve them. By not writing these files into your web directory you can be sure that users cannot use this to execute code or script on your server. Useing an ASPX page to return the image content also allows you to relocate the image store at any time.
As for preventing browsing, I would just use a unique image identifier generated for each user. BTW, I would not use the user's internal "ID" field; rather, create a new id just for images.
If it is only to display a single user's picture, I would recommend to implement Gravatar instead of your own approach. There are plenty of articles out there how to implemt Gravatar with ASP.NET MVC the best.
If you really want to have your own solution, I'd recommend to give all of the user's profile pictures a random file name (for example with a GUID "3F2504E0-4F89-11D3-9A0C-0305E82C3301.jpg").
Related
I've created a website in asp.net mvc4 and i've put it online with specific domain name. Now my client asks to replicate same website on different domain name, and change some static texts/images to distinguish the 2 websites. I'd like to handle just one source code and deploy two times. How i can reach this?
We did this a few years ago with a web application. It was a pain in the a**. We had one website running and the resources were loaded after the user has logged in.
During the development you always had to think about that, split the resources always look for the logged in user etc.
It is just easier to copy the published application to a second folder and for the static texts use some kind of resource files that can be replaced on the fly.
As long as you don't have images and files that are a few gigabytes big it should be no problem to copy the compiled source code an the resources.
Though kind of a too late reply, but I just wanted to share some of my experience with you, you can follow these steps, it won't take too much of your time.
Identify the various text / images like logo for branding etc for which you have a requirement to make them tenant specific.
Create a table called tenant settings (tenantid, key, value )
Identify the pages that needs to be tweaked to look up from this setting than a hardcoded value.
Update these pages and provide a UI for each tenant so that they can change the values at any point of time
This way you can achieve the level 4 multi-tenancy with minimal effort to begin with.
HTH
I'm currently working on a website being developing using ASP.NET and C#. I'm fairly new to ASP and C# so I apologise if I'm making an obvious mistake. The website I am working on has a login page which displays relevant PDF files. The client now wants to rebuild that by only displaying certain PDF files to the end user depending on their role. I have looked into Role based. My problem is I have over 100 PDF files which need to be displayed. What would be the best approach for this? Where would I store the roles in my DB?
Shall I do something like
if(User.IsInRole("Management"))
{
//Do something
}
Thanks in advance for your help and support
You can use the built-in Membership- and Roleproviders (e.g. http://logcorner.wordpress.com/2013/08/29/how-to-configure-custom-membership-and-role-provider-using-asp-net-mvc4/) or customize/override any of these in case you don't want the standard-table structure these providers bring with them.
If you combine the two providers and use the "default" implementation you can actually do it like you suggested yourself in your question, without any further implementation. It would be just configuration in your web.config then.
You can then introduce new roles and user/role mappings in the tables, that ASP.NET automagically created for you in the DB.
Here is some example how to override them: http://www.codeproject.com/Articles/607392/Custom-Role-Providers
I have some PDFs uploaded by the user and they are saved on hard drive. Those PDFs should actually only be visible by the user who uploaded. But at the moment it is not secure. If somebody guesses the name of the PDF, it can be viewed by anybody else too.
Eg: http://www.something.com/PDFs/abcghjiekm.PDF
This is a security threat. What I'd like to be able to do is have some kind of logic that processes the request to these PDFs and compare it with my DB to see if this PDF is actually belonging to the user who requested it. How can I do that?
Edit: I cannot use FileStream as my website is already up and running. I don't want to change all of the codebase and go into each and every aspx page to hunt where the PDFs are accessed.
You could handle PDF through an special HttpHandler in IIS instead of the StaticFile-Handler and check for Access-Rights.
IF you are using MVC a route like /PFDs/{file}.pdf with an Controller returning Content will do.
You could also use some sort of security-by-obscurity, which is less secure, but easier to implement. For example you could save the PDFs in a folder such as PDFs//abcghjiekm.PDF where the guid is the userId of the uploading user. This way guessing the right path for a given file is much harder.
I wouldn't recommend this method if you really need to protect private user data from unauthorized access, but if all that you're trying to achieve is some sort of error-protection (so that users wont access each-other files by mistake) this ought to do it.
If you need real security - I would recommend doing what Grumbler85 suggested.
I think you should use the FileStream, part of the Sql Server 2008 and above to store these files.
http://technet.microsoft.com/en-us/library/bb933993%28v=sql.105%29.aspx
Using it, the files area stored on disk, but in special place. And you have no problem i.e. when someone want to change any file.
I have an web based application. The content for the Home page has been currently mentioned in the HTML code for the Home page using , and tags. To change the content anytime in future, it needs to be changed in the HTML code. :(
Is there a way that we can pick up the content from some external place and get it reflected through the website. This ways, any change if required can be made at the external location without referring to the application's code.
Please advise if there is any solution for it.
Thanks.
You can
Use a database
Include external files using Server Side Includes
Read external files and write their contents and an alternative method
Sounds like you're looking for a Content Management System (CMS), which will allow your content editors access to modify only specific blocks of a page that you specify.
There are a ton out there to do what you want, so you don't have to start from scratch. Just Google 'CMS'.
Although I haven't used it myself, DotNetNuke is a popular one these days and has a free version.
Right now I use Gravatar for user avatars on my website.
I want to let users upload images to use as avatars from my website to gravatar so they don't have to visit gravatar if they choose not to, and I don't have to support multiple avatar methods. I don't know how to accomplish this in ASP.NET MVC.
In Ruby on Rails they made it easy; you just install a plugin. But in ASP you write the whole code yourself.
What do I need to know to get started?
Is there a Gravatar API for this?
Is there an ASP plugin with this feature?
Is there an easy way to convert Ruby code to ASP?
Gravatar does not appear to have an easy service or interface to upload avatars from other websites - they expect you to go to their website directly.
You're likely going to have to scrape their website, and act as an HTTP client to simulate the user going through the actions themselves. It's not trivial, but if you look through the Ruby code you should have a very good idea of what the general process is.
What have you tried so far?
-Adam