View Single Post
  #1 (permalink)  
Old April 17th, 2012, 11:22 AM
Christos8 Christos8 is offline
Registered User
Points: 14, Level: 1
Points: 14, Level: 1 Points: 14, Level: 1 Points: 14, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jan 2012
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default App_Data Accesibility pg 213

Hi,

I am posting this thread for a problem that I got in trouble, reading the paragraph Making Static Files Secure pg. 213

I have put the two .txt files, Example1.txt and Example2.txt in the App_Data folder.

Then I requested the default page and I selected to from the dropdownlist the Example1.txt.

I got the http://localhost:53557/UsingFileSyst...e=example1.txt

and then I changed the URL, as follows
http://localhost:53557/UsingFileSyst...aspx?filename=
~/App_Data/example1.txt and I got the content of the example1.txt file !

My problem is that according to the book, on page 213

"The App_Data folder is configured so that any file it holds cannot be accessed via the browser" !

The code in the getfils.aspx.cs file is the following:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.IO;

public partial class getfile : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Response.Clear();
//string filename = Path.GetFileName(Request.QueryString["filename"]);
//FileInfo file = new FileInfo(Server.MapPath(Path.Combine("App_Data", filename)));
string filename = Request.QueryString["filename"];
FileInfo file = new FileInfo(Server.MapPath(filename));
Response.AddHeader("Content-Length", file.Length.ToString());
Response.WriteFile(file.FullName);
Response.End();
}
}

I would like to thank you in advance for any response!