hai friends
I am using a file upload control to upload the files if the user browse and upload the file. after uploading the path gets disappears. i should be maintain there itself. how?
Well, this is the default behavior of the browsers for security reasons
have a look at MS support site for IE http://support.microsoft.com/kb/266087
Edit
In your code behind you can try something like
fileUpload.Attributes.Add('value',filename);
see if this works.
Related
I am working on file upload and download web App using .net mvc C# APIs and I have read this answer to consider some file security points and I have two questions:
According to the Filetypes point particularly this statement
It's best if the application uses some real content discovery to find
out if the uploaded file is actually an allowed filetype.
I want to check if the user uploads an .exe, .dll or "html containing js code"
file as renamed text file but i don't know how to do that.
According to Content sniffing point, I have added
X-Content-Type-Options: nosniff
To my api web.config file flowing this Answer
but when i upload html page including java script code it uploads and download without any interruption, so how to prevent my app from uploading and downloading these kinds of files.
There are plenty of ideas here (theoretical and practical):
https://security.stackexchange.com/questions/160129/c-malicious-file-upload-to-server
https://www.computerweekly.com/answer/File-upload-security-best-practices-Block-a-malicious-file-upload
I personally would suggest to white-list the extensions that will be allowed to upload, instead of black-listing potentially dangerous extensions.
I have the following structure:
AppName
Content
img
file.png
I can navigate directly to mysite.com/Content/img/file.png without any issues.
However when I add test.txt to img and set to Copy Always and type Content (same as file.png), I get No webpage was found for the web address when visiting the link, when I want to be able to enable folks to download the publicly accessible file (no auth needed), just like the image. Why isn't this working?
I can see test.txt in the bin folder of the app. Does something else need to be configured to enable direct file downloads?
Make sure your IIS site settings or web.config have mime type associated with .txt extension.
https://www.iis.net/configreference/system.webserver/staticcontent/mimemap
i just wanna upload afile from a fixed path, so i dont want browse button, I need just a TextBox(Path of my file some thing like c:/junk/upload) and and upload button.some thing like
[TextBox.Path][UploadButton]
or can i get the code in java applets or any other lanaguage?
For security reasons, a webpage loaded in a browser from internet cannot directly refer the local file system. You need a desktop application or plugin to achieve this.
no we can make using asp.net or java applets and yes what you said is right, security reasons! , but every applications has a sand box limits and thats include file handling as default , and we achived that. with out problem
In my project i will be having an link like
Download
I want the users to download files of different types. The file will be in the root folder. When i am clicking on the link it is displaying an error. This is the plugin to install in the chrome. If the user download this link and open then it will automatically add to the chrome.
How can i do this.
The file is not even downloading.
This isn't a valid path:
~/hello world.crx
The ~ character is for use server-side to denote the root of the application. Client-side it has no meaning. The browser doesn't know what the root of the application is (or what the application is at all), it's just sending requests to resources at addresses. And it doesn't know what to do with that address.
You'll need to either use some server-side logic to translate that path into a browser-useable path, or manually make it a relative or absolute path.
If the ASP.NET MVC Framework isn't translating this for you then you're probably using a version that requires a little more manual work for it. Try something like:
Download
(Note: This assumes the use of the Razor view engine. If you're not using that then you'll want to use whatever your view engine equivalent is.)
What you need to do is set up a directory online, where you can host the file.
I also see that in your aref you don't want to type the full path so denote it with a /hello_world.crx, but make sure that you've set up a base href:
<base href="http://yourdomain.com/something/">
Try renaming the file to remove any spaces e.g. "hello_world.crx" and then change the name in the link code to match.
if a webpage and the downloadable file is in the same location
(i.e)
SampleFolder->Download.html
SampleFolder->hello world.crx
then try the below
download
If the webpage and the downloadable file in different location
(i.e)
SampleFolder->Download.html
SampleFolder->Downloads->hello world.crx
then try the below
download
I'm building an application which involves writing some fields to a database, along with uploading some files from the end user to an FTP site. The file upload works fine... in IE. In Firefox and Chrome, I get an error that it can't find the file (running it in localhost at this point, haven't moved it to a dev or production environment yet).
I have tried getting the file via:
Server.MapPath(FileUpload1.PostedFile.Filename)
... which points to the folder the application is residing in.
And also:
Path.GetFullPath(FileUpload1.PostedFile.Filename)
... which points to c://Programs (x86)/... ...
I can get a file to upload properly if I get it from either folder, but nothing from anywhere else.
Any ideas on how to make this point to the right place? Or, will it actually work properly once it resides in a server environment?
Thanks in advance!
FileUpload.PostedFile.Filename works differently in each browser. in Firefox and Chrome it won't include the full path - just the file name. It depends on your customer's browser.
FileUpload.PostedFile.FileName
This actually gives you path of the uploaded file.
But in all the newer browsers (FF 3.6 series, Chrome, IE7+) this feature has been disabled due to security reasons. Any website should not need path of a file stored in client's systems because that gives the directory structure and may expose other important things to website owner.
So in your case, the above code returned only the file name.
you can check this link, it may help you Fileupload control - fullpath issue