Home/ Questions/Q 9025049
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T06:10:33+00:00

I’m looking at writing a C# client-side app. In this app, I’ll need to

  • 0

I’m looking at writing a C# client-side app. In this app, I’ll need to upload a file to a server and have the server respond with a string (A unique identifier for the file uploaded.)

I’m familiar, and comfortable, in both C# and ASP.Net MVC. Can I do this in a relatively secure fashion using these technologies, or do I need to pursue some kind of WCF web service thingie-mah-jig? (I note ‘relatively secure’ because nothing uploaded will be confidential, and definitely not mission-critical)

In either case, any resources on the topic (even if it happens to be in VB.Net) would be fantastic.

Thank you very much!

EDIT: Posting some code.
I’ve a simple web site set up with just a single Event that accepts a POST with a file:

    [HttpPost]
    public string Upload(HttpPostedFileBase file)
    {
        string sPath = "";

        if (file != null && file.ContentLength > 0)
        {
            try
            {
                string sFileName = "test.txt";

                // Save file
                sPath = Path.Combine(Server.MapPath("~/App_Data/uploads"), sFileName).ToString();
                file.SaveAs(sPath);

                // Return val
                return sPath;
            }
            catch
            {
                return "Error on Save .. tried to save to\n" + sPath;
            }
        }

        return "no file";
    }

On the client-side, the C# app does this:

        using (WebClient wc = new WebClient())
        {
            try
            {
                byte[] bResponse = wc.UploadFile("http://127.0.0.1/ISSHost/file/upload", "POST", "C:\\test.txt");
                string sResponse = System.Text.Encoding.ASCII.GetString(bResponse);
                MessageBox.Show("\nResponse received: " + sResponse);
            }
            catch(Exception exception)
            {
                string sError = exception.ToString();
                if (exception.InnerException != null)
                    sError += "\n" + exception.InnerException.ToString();

                MessageBox.Show("Error!\n" + sError);
            }
        }

        this.Dispose();
    }

It works. What I’d like to know is if I’m going about this in entirely the wrong way, or what kind of security flaws I might be exposing … etc. What implications have I created by doing it this way? Is there a better way?

More importantly, how can I prevent an end-user from trying to navigate to the upload page (in this case — http://127.0.0.1/ISSHost/file/upload actually has no “GET” portion to the page, so it just 404’s.)

Thanks again!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Please try using the github’s fileuploader.js in the client side and return the string and your server side code will be something like this.. 

    [HttpPost]    
public ActionResult Upload(string fileName)
{

------------
//your code ...

return Json(new{resultString="Uploaded Successfully."});
}
    • 0