Downloading resume on server side

Question

3.00/5 (2 votes)

See more:

Hello friends,
I am working on a website where I am giving a facility to the user to download his resume.

The code is working well locally but on the server it is giving an error like:
:-Access to the path 'D:\WEBDATA\allaboutstaffingjobs.com\Test\JobSeeker\Resume\_Loginmastersors.txt' is denied.

This is my code:

C#

private void DownloadFile(string fname, bool forceDownload)
{
   // string path = MapPath(fname);
    string name = Path.GetFileName(fname);
    string ext = Path.GetExtension(fname);
    string type = "";
    // set known types based on file extension
    if (ext != null)
    {
        switch (ext.ToLower())
        {
            case ".htm":
            case ".html":
                type = "text/HTML";
                break;
            case ".txt":
                type = "text/plain";
                break;
            case ".doc":
            case ".rtf":
            case ".docx":
                type = "Application/msword";
                break;
        }
    }
    if (forceDownload)
    {
        Response.AppendHeader("content-disposition",
            "attachment; filename=" + name);
    }
    if (type != "")
        Response.ContentType = type;
    Response.WriteFile(fname);
    Response.End();
}

protected void linkdownload_Click(object sender, EventArgs e)
{
    objCandidate.IntJobseekerid = Convert.ToInt32(Session["JobSeekerId"]);
    dsCandidate = objCandidate.SelectJSProfileEduInfoByJobseekerId();
    if ((dsCandidate.Tables[0].Rows[0]["ResumeFile"]).ToString().Trim().Length > 0)
    {
           string DirPath;
          DirPath = Server.MapPath("./Resume/");
        string databasename=(dsCandidate.Tables[0].Rows[0]["ResumeFile"]).ToString();
        string  destinationfile=DirPath+databasename;
        string extnsn=(dsCandidate.Tables[0].Rows[0]["ResExtnsn"]).ToString();
        int Eduid=Convert.ToInt32(dsCandidate.Tables[0].Rows[0]["ProfileEduId"]);
        //string filename = dsCandidate.Tables[0].Rows[0]["ResumeFile"].ToString();
        string folderfile = "Resume" + Eduid.ToString() + extnsn;
     string sourcefile=DirPath+folderfile;
     if (File.Exists(destinationfile) == true)
     {
         File.Delete(destinationfile);
     }
     if (File.Exists(sourcefile) == true)
     {
         File.Copy(sourcefile, destinationfile);
         string filename = databasename;
         //uploadresume.SaveAs(Path.Combine(DirPath, "Resume" + i.ToString() + Path.GetExtension(uploadresume.FileName).ToLower()));
         DownloadFile(DirPath + filename, true);
         File.Delete(destinationfile);
    }
    }
}

I am not getting where the problem is, please help me.

Thanks in advance.

Posted 17-Jun-11 20:50pm

pawanvats

Updated 17-Jun-11 20:53pm

R. Giskard Reventlov

v2

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Christian Graus · Answer 1 · 2011-06-17T20:53:00

Your basic issue is that you don't understand how ASP.NET works. ASP.NET has NO access to any filesystem above it's root. You need to store the files inside your application folders, you can't just store them to a random place in the file system.

So, you're OK with two people uploading a resume that happens to have the same filename, and then the first user has their resume deleted, and they find they have access to the data that belongs to the second person ? Have you considered storing these things in a database, and using the user information to make sure that each person's data is secure ?

**R. Giskard Reventlov** · Answer 2 · 2011-06-17T20:57:00

It is probably a permssions issue: you need to give the correct permssions to the folder where you intend to store the documents.

CG is also correct in that you can't just put all the doucmnets in the folder and hope a) that you never get a name collision or b) that there are so many documents in ther that the whole thing just grinds to a halt.

You should rename each file with a guid and store that and the original file name in the database. You can also create a new folder for groups of files using the first 5 or 6 characters of the guid and store matching files.

Further, as CG says, you need to ensure that the storage folder is either within your application or is properly permissioned and accessible.

Downloading resume on server side

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0