Home/ Questions/Q 7748065
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T10:41:15+00:00

Ive just tryed some things out with my new server today, and ive found

  • 0

Ive just tryed some things out with my new server today, and ive found a big flaw in what ive done in my MVC application.

So what happening in applikation is : people can access page and login, when people login , they can upload files in their own folder on a server. and then they can access them when they want. but the problem ive found is: people can see any folder they want if the enter right url. for example :

URl can be named like : testnameweb.com/Upload/testUserName/testfilename.png
in this case the one who enters url, can see testfilename.png file. BUT, if same person enters :
testnameweb.com/Upload/

they acan see any people folders and browse on server any way they want.

Any idea how to prevent this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The first step would be to put those files into a folder which is not publicly accessible. For example App_Data. Or a folder that’s completely outside of the application root. Then you could organize your files into folders per user. So each user will have his own sub-folder. Then you could write a controller action to which you will only pass the filename and which based on the currently authenticated user will server the proper file.

    [Authorize]
public ActionResult File(string filename)
{
    string username = User.Identity.Name;
    // now that you know the currently connected username and the filename
    // go and find the corresponding file and stream it as a result
    ...
}

    And to provide a link so that the currently connected user can browse a file:

    @Html.ActionLink("Open foo.txt", "file", new { filename = "foo.txt" })
    • 0