I have an ASP.NET webapp using the ASP.NET MVC 2 framework. It allows users to upload files to an uploads folder. The issue occurs when an image within a sub-folder is accessed by a web browser:
http://mywebapp/uploads/image_gallery/sub_folder/image.jpg
The uploads folder is static and can't be modified by users, but anything below it is intended to be modifiable.
In the above example, the image_gallery folder becomes locked because w3wp.exe appears to create a handle on the sub_folder directory (using process explorer by sysinternals). I am still able to rename the sub_folder directory and the handle seems to stay with it after a rename, but i can't rename the parent folder (image_gallery in this case).
I can still browse within the folder and view other images and files etc. But can't rename the parent folder.
As this is using the MVC 2 framework i've put in an exclusion for the uploads folder like so:
routes.IgnoreRoute("upload/{*pathInfo}");
into global.asax, so i'm assuming that ASP.NET is serving up those images directly (outside of the MVC framework)
So I guess my question is, is there any way to prevent IIS from putting a handle on specific directories or forcing it to remove a handle? Is the MVC 2 framework doing something tricky even though i have the ignoreroute specified?
Thanks in advance for any tips!
I had the same problem, and after much investigating I've found the culprit:
Web.config
<configuration>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
Setting this option (which makes all http modules run on ALL files, static ones included) to false fixed it for me.
I believe, directory handle gets created in worker processor because ASP.NET typically watches the file system for changes - this allows it to respond to change/addition of config files, new dlls etc.
I suggest that you move from the concept that users can control physical directory structure on the web server. Typically, what user can create is an logical directory structure but physical structure would be controlled by your program logic. Your logic will store the logical structure created by user and its mapping with actual physical structure on the web server.
Related
can any one tell me whether it is a good practice to store IIS Virtual directory .
in aspnet mvc , we are mainitaing log files ,
1)can we store them in virtual directry of that web application
2) we have an option to download pdf files from my website , is that a good practice to store them in some location in virtual directory.
please clarify
It depends on your requirements, but there is generally nothing wrong with storing log files and other app data within your app's virtual directory. There are indeed benefits to doing so, such as self-containment. It is common to create a Logs folder within the directory if your app generates logs as text files.
As for data files that need to be accessible/downloadable from your app, in ASP.NET (not Core) you can store them within your project's App_Data folder, which is made for this and is secured from the Web by default. In ASP.NET Core, you'll need to create your own folder and ensure it is secured appropriately. More info on the latter here: App_Data directory in ASP.NET5 MVC6
My ASP.NET MVC project's root directory contains some typical static files, like robots.txt, manifest.json, browserconfig.xml, etc. If I'm not mistaken, each of these examples I listed should be able to be served with no involvement from MVC via GET requests to the root directory (i.e. mysite.com/manifest.json — if that's not true, please let me know).
I know from this answer that I can configure this behavior per file type in the Web.config. My question is, what if there are other .json files in my root directory that I don't want to serve, like compilerconfig.json or bundleconfig.json (both files generated by IDE tools)? What's the best way for the application to be able to serve some files of type X, but not others?
You can always ignore them via routes:
routes.IgnoreRoute("{somefilename}.json");
Another alternative would be to move the files you don't want to be served to another folder and add a web.config file to it to manage what gets served (or doesn't).
I am sure there are other ways. Modules come to mind...
I want to be able to have a folder which allows regular access like the \content folder except that it holds a ClickOnce application. I can't seem to be able to achieve this using Mvc, but I'd like to have this folder accessible without Mvc seeing it as a controller action.
I tried using routes.Ignore(theUrl), but this seemed to have no effect.
There are two ways you can do this. The first is where you are currently going, which is to satisfy it with routing. You should be able to use the following to ignore the intended route:
routes.IgnoreRoute("...")
However, this might not be the right approach from a security stand point. I would recommend you define an explicit action to download your click-once exe. Have a look at this q/a as an example of using the FileContentResult class.
The reason for this is that you can control security for that file without having to open up access levels to other directories.
Edit: If this is for an entire directory, you can still follow this same approach.
Set up the folder as a virtual folder in the website on IIS. then you can set the url in the code to point to the machine serving the request and to the virtual folder on the web server.
I see that ASP.NET MVC generates a Content folder by default, which stores the site.css file. I have a site that uses some image files and XML files in order to do its job, yet I do not want to have those files as embedded resources. Should I just put the files in the solution within the content folder? Should I turn off the "Do not copy" build option on each resource since I will need to deploy the files to the website? Or should these files not even live in the solution and be loaded from the file system?
It's a good approach to add all your files/resources to the solution (at least you can see them in VS ;-) Other developers won't be surprised that your solution really needs some other files.
If those files are the 'content' of your website (like css files) then you can store them in the Content folder. It is up to you what folder structure you come up with. For example you might want to store your images in folder related to the modules of your application, or just all in the images folder. MVC doesn't enforce any particular way of keeping your resource files.
Just leave the Build Action set to Content and Copy to Output Directory to 'Do not copy'.
You might want to take a look at T4MVC project (also available as NuGet package) which will help you in keeping urls to your images / files compile-time safe.
Does there exist a method when publishing an ASP.NET MVC application to completely remove the .aspx view files (and if possible .master too) by compiling them into the application DLL as resources?
The published application would just be the /bin folder, Global.asax and web.config, a default.aspx if needed, and whatever is in the /Content folder. All the views would be contained in the MyProject.dll file.
To clarify I don't mean where every .aspx is overwritten with a 1 line dummy file referencing the correct resource, but where those files can be eliminated entirely in the published app.
The goal here is to simply change management and all the auditing and layers of people surrounding it - one file gets deployed, that file replaces the existing file, and no messing around with a stack of .aspx files that have to be added/removed/updated (yes, SVN or a similar solution handle that problem instead, but management politics prevent this).
Is this what you are looking for?
It's possible with the web forms view engine but you'll have to extend the path provider yourself.
Here is a question here at SO about the same thing:
Using VirtualPathProvider to load ASP.NET MVC views from DLLs
If you use the Spark view engine, it already has additional path providers built in.
The documentation can be found here:
Adding a view folder to config
It allows you to locate your views inside a DLL as an embedded resource, somewhere else on the file system, using the default virtual directories, or plug in your own custom provider.