Hi,

I am posting this thread for a problem that I got in trouble, reading the paragraph Making Static Files Secure pg. 213

I have put the two .txt files, Example1.txt and Example2.txt in the App_Data folder.

Then I requested the default page and I selected to from the dropdownlist the Example1.txt.

I got the http://localhost:53557/UsingFileSyst...e=example1.txt

and then I changed the URL, as follows
http://localhost:53557/UsingFileSyst...aspx?filename=
~/App_Data/example1.txt and I got the content of the example1.txt file !

My problem is that according to the book, on page 213

"The App_Data folder is configured so that any file it holds cannot be accessed via the browser" !

The code in the getfils.aspx.cs file is the following:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.IO;

public partial class getfile : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Response.Clear();
//string filename = Path.GetFileName(Request.QueryString["filename"]);
//FileInfo file = new FileInfo(Server.MapPath(Path.Combine("App_Data", filename)));
string filename = Request.QueryString["filename"];
FileInfo file = new FileInfo(Server.MapPath(filename));
Response.AddHeader("Content-Length", file.Length.ToString());
Response.WriteFile(file.FullName);
Response.End();
}
}

I would like to thank you in advance for any response!

"The App_Data folder is configured so that any file it holds cannot be accessed via the browser"

The key here is "via the browser". You cannot, for example, load http://example.org/App_Data/example1.txt

However you can do whatever you like in code, including loading files from C:\Windows should you so desire.