2

I had created one website which has two modules,

  1. ADMIN
  2. USER

They are hosted on different domains. Now when user open its domain suppose its abc.com and can register their company and also upload photo from there and uploaded photo will go in Company_Logo FOLDER. Now suppose ADMIN's domain is xyz.com . now i want that ADMIN open its xyz.com and can see the photo uploaded from abc.com now i want like ADMIN means from xyz.com can change that uploaded photo to abc.com which is in Company_Logo FOLDER.

In short photo uploded from User side which is on abc.com and replace from ADMIN side which is on xyz.com so how can i do that

CodeCaster
  • 147,647
  • 23
  • 218
  • 272
user1719891
  • 29
  • 2

4 Answers4

1

You have two options.

  • If both of your sites are hosted in the same machine or a shared hosting environment, chances are there that your site can access the other directories. In that case you will be easily able to place the images in desired folder.

  • Now the second case, where one of your site does not have access to the folder of another site, - it is rather complicated. You will have to create a proxy where by the admin site will accept the image and in turn it will put it in the main site folder. I do not recommend this though.

Mike Perrenoud
  • 66,820
  • 29
  • 157
  • 232
Murtuza Kabul
  • 6,438
  • 6
  • 27
  • 34
  • When your admin site access your main site files, it is in no way a security exception. You can only do this if you have access to both the sites and this is the only way you can access the files. I have been doing so for several of my sites without any security issue. Can you please explain me what security issue is involved here ? – Murtuza Kabul Oct 04 '12 at 12:02
  • Ok but give me answer with coding.. i need code and this both domains are LIVE DOMAIN not in local – user1719891 Oct 04 '12 at 12:07
  • You can also do it with live domains. To give you a working code if I know the file structure of both your domains. Let me also know if both the sites are hosted on the same server or different servers. – Murtuza Kabul Oct 04 '12 at 12:09
  • Mike, I am eager to know your answer as if it is really so, it would help me too. – Murtuza Kabul Oct 04 '12 at 12:19
  • Well, when the purpose of one site is control the behavior of another site, this is in no way a security hole. If the Admin site cannot control the content of the user site, what is the purpose of admin site ? What do you suggest otherwise ? – Murtuza Kabul Oct 04 '12 at 12:26
  • Regarding the first option, nn my opinion it is not safe to have sites access the folder structure of other sites, even if they co-exist in the same overall "home" folder. However, that's just my opinion and so take it for what it's worth. – Mike Perrenoud Oct 04 '12 at 14:10
1

So you have two different sites, hosted on different domains and perhaps even different servers, and you want site A to notify site B when some file has been uploaded. You then want to be able to alter that file on site A from site B.

Seems to me you need to create some sort of API on site A, that lets users (admins) from site B check recently uploaded files and also lets them overwrite it.

CodeCaster
  • 147,647
  • 23
  • 218
  • 272
  • Please see my answer and let me know if it looks correct ... I was actually constructing the answer when you said this. :) – Mike Perrenoud Oct 04 '12 at 12:21
  • @Mike I think an HttpHandler is a bit of overkill here. A simple service which lets you retreive a list of files (and perhaps the file data) and which let you save a new image should do the trick. – CodeCaster Oct 04 '12 at 12:25
  • I suppose you could technically still let the images use a path. – Mike Perrenoud Oct 04 '12 at 12:27
1

Okay, this can be done but you'll need to use an HttpHandler. You can find a good example here, but I'll spell out the important parts. I cannot feasibly write the entire handler for you here.

First, let's build a class in the web project and call it ImageHandler ...

public class ImageHandler : IHttpHandler
{
}

... next let's implement the interface ...

public bool IsReusable
{
    get { return false; }
}

public void ProcessRequest(HttpContext context)
{
    // find out what we're trying to do first
    string method = context.Request.HttpMethod;

    switch (method)
    {
        case "GET":
            // read the query string for the document name or ID

            // read the file in from the shared folder

            // write those bytes to the response, ensuring to set the Reponse.ContentType
            // and also remember to issue Reponse.Clear()

            break;
        case "PUT":
            // read the Headers from the Request to get the byte[] of the file to CREATE

            // write those bytes to disk

            // construct a 200 response

            break;
        case "POST":
            // read the Headers from the Request to get the byte[] of the file to UPDATE

            // write those bytes to disk

            // construct a 200 response

            break;
        case "DELETE":
            // read the Headers from the Request to get the byte[] of the file to DELETE

            // write those bytes to disk

            // construct a 200 response

            break;
    }
}

... finally we need to setup the handler in the web.config ...

<configuration>
   <system.web>
      <httpHandlers>
         <!-- remember that you need to replace the {YourNamespace} with your fully qualified -->
         <!-- namespace and you need to replace {YourAssemblyName} with your assembly name    -->
         <!-- EXCLUDING the .dll                                                              -->
         <add verb="*" path="*/images/*" type="{YourNamespace}.ImageHandler, {YourAssemblyName}" />
      </httpHandlers>
   </system.web>
</configuration>

Finally, something you're also going to want to do is pass in some kind of session key that can be validated when you get into the handler because otherwise this is open to everbody. It wouldn't matter if you didn't need the PUT, POST and DELETE verbs, but you do.

Technically you wouldn't need to check the session key on GET if you didn't care that everybody could access the GET, but you gotta check it on the others.

Mike Perrenoud
  • 66,820
  • 29
  • 157
  • 232
  • Can you elaborate here that on what site the handler should be implemented, USer or Admin. I assume that it should be implemented on the User site, if so, what should admin site do ? post the file to user site ? – Murtuza Kabul Oct 04 '12 at 12:31
  • @MurtuzaKabul, yes it's implemented on the `User` site and the `Admin` site leverages the handler to get and update images. – Mike Perrenoud Oct 04 '12 at 12:32
  • My second suggestion of writing a proxy code is exactly same thing but I do not recommend it as you open an interface to public to post something. Now you have to protect it also, wouldn't it be a maintenance nightmare ? – Murtuza Kabul Oct 04 '12 at 12:32
  • @MurtuzaKabul, in your solution you stated (though it appears maybe you updated it or I read it wrong) that the admin and user site would both hold a copy. That's what I was referring to specifically. – Mike Perrenoud Oct 04 '12 at 12:36
  • You have still not answered my question. If the admin site is manipulating the User site (which is its sole purpose), what is wrong in it and where is the security breach ? – Murtuza Kabul Oct 04 '12 at 12:38
  • @MurtuzaKabul, I did answer your question. Having the admin site literally access the folder structure of the user site breaches security because now you have opened up two holes for attacks via mistakes made by programmers to the file structure of that site. Rule number one in security ... leave as few holes open as possible ... that's why Linux is so secure OOB because not very much is running so there's not much to exploit. – Mike Perrenoud Oct 04 '12 at 12:44
  • This really does not make any sense. If you are not entrusting those who have developed both the sites and who only can access the site, whom would you trust, public ?.. whom you are opening your httphandler to - Isn't it a security hole - a site open to accept files ? – Murtuza Kabul Oct 04 '12 at 12:47
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/17555/discussion-between-mike-and-murtuza-kabul) – Mike Perrenoud Oct 04 '12 at 12:48
0

You can do this in 2 steps:

1) Upload image to your server using standard File Upload mechanism

2) Use HttpWebRequest class to upload image to different server on server-side right after original upload. Please refer to this article: Upload files with HTTPWebrequest (multipart/form-data)

see this for reference: http://forums.asp.net/t/1726911.aspx/1

Community
  • 1
  • 1
Talha Ashfaque
  • 3,656
  • 1
  • 15
  • 7
  • I think I have already suggested this solution. This is not though safe as anyone can upload the files. Thats why I do not recommend it. – Murtuza Kabul Oct 04 '12 at 12:14