I am working on an ASP.NET MVC application where a user can manage its own profile. He can change for example his own photo.
Since a photo is considered as static content, IIS will lock this file, as I understand, and cache it to optimise performance.
The problem happens when the user try to change the image. What I am doing is :
Record the new image.
Start serving the new one. The old file will never be served.
Now I need to remove the old image. But I having access denied exception.
How to tell IIS to unlock this old photo so that I can delete it.
One can imagine setting up a loop that tries to delete the photo and if cannot it will wait and retry... but I have no idea how much time that can take.
Do you have any better solution to tell IIS to unlock file that will never be used ?
Related
So I have an app that is pretty simple. It has data stored in .htm files which can either be displayed in a UIWebView or parsed through and return a string of the results(the app does both). The data changes weekly, and obviously it takes longer than that just to review an update submission. I want the user to be able to click a button and check for updates on a server and then download/replace the .htm files as needed. The app can take it from there. What service through Amazon Web Services is the best to check for new files and download them? If you think there is an easier service than AWS than I'm definitely open to other ideas.
You could store your files in S3. Set up your app so it downloads the file from S3, then compare it with the one you've got locally (you could hash them both and compare the hashes).
If it's changed then you can use the new one.
I am creating a site using ASP.NET MVC4, one of the functions on the site is for users to upload images. The images may be of a personal nature, almost definitely containing images of their children.
The images are being stored on MS Azure SQL Database along with their metadata. To save bandwidth usage on azure, once the image has been downloaded, it saves to a user directory
~/UserImages/<Username>/<Image>
When the gallery page is loaded, the controller action checks the database against what is in the users directory and just brings down any not already there.
The <Username> part of the directory is created by the controller when required, so I am unable to set IIS permission on it. However even if I was, I am unsure what IIS could do as the users are not known in advance (new registrations etc).
Due to MVC routing, it wont be possible for users to access other users directories by guessing usernames, however if you can guess a username AND imagename, then it does display. I am looking for ideas on preventing that from happening to minimise the chance of someone elses images becoming exposed to others.
I have tried an IgnoreRoute but this didn't work.
routes.IgnoreRoute("UserImages/{*pathInfo}");
Ideally I would have the UserImages directory cleared on logout but not everyone will use logout command. If they were cleared out there is a much smaller chance of something finding the combination of username and imagename before the files are removed.
How about instead of storing your cached images within the actual site structure as static content fed by IIS, you store the images in a path outside the site.
That would ensure no unauthorized user could access them directly.
Then you can provide access to those images through a Controller (UserImagesController maybe) Action that can validate that the image being requested is one to which the current user has access.
Your check might end up being as simple as checking the requested UserName parameter of the action is the same as your current user's UserName.
With this approach you can also control the cache headers, expiration, etc, of those images.
I cant use sessions.
So heres the scenario: I want the user to upload an image, but that image needs to be a particular size. So I allow them to upload any size image, store that temporarily on the server (resize it so it fits on the webpage), display it back to the user, let the user crop it. I then send the crop details back to the server, crop the image and save it and use it as the users profile picture.
I tried to do all this before uploading, but apparently, its a security risk and not allowed.
So how do I temporarily store this file? What if the user does not come back before cropping, I dont want a large image like that sitting on my server. How would I go about removing the file in a stateless application like this?
Files are stored on a CDN.
There are lots of ways to solve this, but perhaps an easy way is that every time a file is uploaded, call a little routine that checks for, and deletes, any 'large' files that are over xxx minutes old.
Alternatively, schedule a job to do the same every xxx minutes in the task scheduler.
You can use TempData, which is similar to Session, but dies after being read.
I'm working on web application which, among other things, needs to save small file to particular folder on user's hard drive whenever user clicks a button. That file will serve as input for another desktop application so it must be saved in predefined folder and predefined format. "Save as..." and save dialog would be very inconvenient. Also setting that all downloads go to that folder would be troublesome.
Also, changing desktop application is not an option.
In current stage of web browsers and web standards what would be the best approach?
Is it development of custom plug in for browser? Or flash/silverlight? Something else?
First of all this is not doable via http and html.
If this is a controlled environment maybe you could get away with simply providing a customized portable firefox to your users. Of course, all other downloads would go to that folder as well.
Anything thats loaded from a website isn't allowed to access the computers HD, and with good reason.
That aside; Could you give it a new extension and associate a program with it that saves it in the correct place, all the user then needs to do is check 'always do this action' or something to open the file with the program when the button is clicked.
Perhaps a different approach would be to have the desktop application retrieve the file from your web-application when it needs it - is this feasible?
This approach means you need not concern yourself with the sandboxing protection of web browsers that prevent web-applications knowing too much about the clients file-system.
We're using ASP.NET MVC and our action does this:
pull records from DB
mark records as downloaded
push zipped download to browser
Now the problem comes when the download doesn't complete for some reason - maybe the user clicks "Cancel" or IE pops up that download security bar. I'm wondering if there's an alternative solution.
Could we push the download to the user and then only mark records as downloaded when we're sure they've received the right number of bytes? I have to say that I'm struggling with this one and a solution which is as easy for end users as possible would be fantastic.
There isn't any reliable way to do this without a process running on the client which can verify the transfer completed. Of course, the only process we can reasonably expect the user to already have, or be willing to install, is Flash.
Only Flash 10 supports saving files directly to disk as the user requests. (Previous versions had a "shared object" which was kind of like a very large cookie space more than anything else - not for transferring files but saving reusable application data). Read up here for info on how to interact with the end-user's filesystem via Flash 10.
Essentially there is a method call save() which will push data to a location of the user's choosing. The specific location is hidden from your code; for obvious security reasons, you merely push the file into a black box and Flash handles the rest.
The only real bit of info missing here is how to get your file into the Flash player, but anyone with a little Flash experience should have no trouble figuring that out with a few minutes of research. Without Flash experience you should still have it working in under a day.
Rather than simply redirecting the user to the resource that is to be downloaded (there by causing the popup of would you like to download a file) you might try to two things. Push the resource out of a page as a byte array. Once the download has completed redirect the download page to another page. On this page you can then add to your workflow asking if the download went ok or not. Also, if they got this far you could assume (ass-u-me) that it worked. To actually track how far the download got I don't think is doable as you have nothing on the other end monitoring bytes received.
I don't believe there is. If this is necessary you may need to utilize a Silverlight (Or flash) control in conjunction with your application.
Basically the approach with either one would be to open a socket connection to the HTTP url and save it to the appropriate path on the User's drive. Once the download is complete you could have the control generate a hash value from the file and send that back to some ASP page. If the hash value is never submitted or is incorrect you know they didn't finish the file.
Even checking that all the bytes were sent doesn't really guarantee anything:
The user might still cancel the download before saving it, or their browser might crash, etc.
The recipient might not be the user. It might be a proxy server with a virus scanner that decides to block the transfer, etc.