Hi,
I am posting this thread for a problem that I got in trouble, reading the paragraph Making Static Files Secure pg. 213
I have put the two .txt files, Example1.txt and Example2.txt in the App_Data folder.
Then I requested the default page and I selected to from the dropdownlist the Example1.txt.
I got the
http://localhost:53557/UsingFileSyst...e=example1.txt
and then I changed the URL, as follows
http://localhost:53557/UsingFileSyst...aspx?filename=
~/App_Data/example1.txt and I got the content of the example1.txt file !
My problem is that according to the book, on page 213
"The App_Data folder is configured so that any file it holds cannot be accessed via the browser" !
The code in the getfils.aspx.cs file is the following:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.IO;
public partial class getfile : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Response.Clear();
//string filename = Path.GetFileName(Request.QueryString["filename"]);
//FileInfo file = new FileInfo(Server.MapPath(Path.Combine("App_Data", filename)));
string filename = Request.QueryString["filename"];
FileInfo file = new FileInfo(Server.MapPath(filename));
Response.AddHeader("Content-Length", file.Length.ToString());
Response.WriteFile(file.FullName);
Response.End();
}
}
I would like to thank you in advance for any response!