0

I have a a couple of delete buttons from the frontend which are processed via these functions:

protected void ibDel01_Click(object sender, ImageClickEventArgs e)
    {
        Classes.deleteFile(GridView1, "01", hplCorr01);

    }
    protected void ibDel02_Click(object sender, ImageClickEventArgs e)
    {
        Classes.deleteFile(GridView1, "02", hplCorr02);

    }

The I have main Classes.cs file which defines our deleteFile function:

public static string sDocumentFilePath = "~/Correspondence/";
public static void deleteFile(GridView gv, string sFileNo, HyperLink hpl)
    {
        string sID = gv.SelectedDataKey[0].ToString();
        string sURL = "CorrFile" + sFileNo;
        string sURLdate = "CorrFile" + sFileNo + "Date";
        Classes.deleteFileFromSql(sID, sURL, sURLdate);
        //delete from folder
        string sFile = hpl.NavigateUrl.ToString().Remove(0, 17);
        //Classes.deleteFileFromServer(hpl);
    }

    public static void deleteFileFromSql(string sID, string sURL, string sURLdate)
    {
        SqlDateTime sqldatenull = SqlDateTime.Null;
        string sSql = "UPDATE dbo.tbl_uploads " +
            "SET " + 
                sURL + " = " + sqldatenull + 
                ", " + sURLdate + " = " + sqldatenull +
                    " WHERE fID = " + sID;
        SqlCommand comm = new SqlCommand(sSql);
        comm.Parameters.Add("@ID", SqlDbType.Int).Value = sID;
        if (DBConnect.CmdExecute(comm, sSql)) { } else { }
    }

    public static void deleteFileFromServer(HyperLink hpl)
    {
        string sFile = hpl.NavigateUrl.ToString().Remove(0, 16);
        string sPath = HttpContext.Current.Server.MapPath(Classes.sDocumentFilePath);
        //string sPath = HttpContext.Current.Request.ApplicationPath;
        if (Directory.Exists(sPath))
        {
            File.Delete(sPath + sFile);
        }
    }

As we can see it's simple functionality that deletes (makes data empty on db) data for the specified columns (sURL). Now this works locally (IIS > localhost) but on the live it does not delete and in fact no action happens at all on the frontend nor does data get removed from the db nor does the physical file get removed from the defined directory. Is this a directory definition issue or security issue(application's secure paths)?

Structure:

The physical path locally: C:\Docs\VS2012\BABYAPP
Virtual local's URL: http:/localhost:0000/babyapp/admin.aspx
Local file uploads location: C:\Docs\VS2012\BABYAPP\Correspondence

The physical path for live: D:\motherapp\babyapp
Virtual live's URL: http://motherapp/babyapp/admin.aspx
Live file uploads location: D:\motherapp\BABYAPP\Correspondence

Any thoughts?

shucode
  • 55
  • 9
  • First of all your SQL handling is very insecure. It invites every guy who plays with SQL Injection. Take a look into SqlParameters. Debug your code. Then you know which path is used in ```Directory.Exists(sPath)``` and you can compare that to your expectations. – Benjamin Abt Jan 15 '16 at 11:18
  • I understand before going live I will change all embedded sql to use Stored procedures and parameters. Under Script Documents when in Debugging we get two new resources pop up, one is called something like ScriptResource.axd?d=9d78zhfu etc. and the second one called is called http://localhost:0000/babyapp/userAdmin.aspx?_TSM_HiddenField_=ctl00_MainContent_ToolkitScriptManager1_HiddenField&_TSM_CombinedScripts_=; – shucode Jan 15 '16 at 12:03
  • Could it be that the live IIS has a different version of ToolscriptManager? In fact on local even when directory is wrong or removed in definition (e.g. public static string sDocumentFilePath = "~#122jibberish/";) it still deletes from the frontend i.e. file is not there anymore. This tells me that it could be a clientside only issue. – shucode Jan 15 '16 at 12:04
  • Our live box is dodgy and doesn't have the correct version of Visual Studio and just proves a more painstaking task moving files back and forth from local to live. Debugging locally there is nothing in Directory.Exists(sPath). – shucode Jan 15 '16 at 12:06

1 Answers1

2

Probably reason

If the path is correct as you say, and works locally then the issue is on permissions.

To been able to delete the file, you must give on the directory/file the permission on the user under witch your pool is running

See here how you can do that: How to set correct file permissions for ASP.NET on IIS

Alternative reason

Other reason that a file can not be deleted is because have been opened by some other program/procedure..

Some comments

The File.Delete Method throw exception if fail to delete the file, so probably the Directory.Exists Method fails also because of permissions, or you have exception that you miss.

from msdn:

If you do not have at a minimum read-only permission to the directory, the Exists method will return false.

Community
  • 1
  • 1
Aristos
  • 66,005
  • 16
  • 114
  • 150
  • I think you're right it's probably the Probable reason. I will have to tread lightly and note each step of permission as we don't want motherapp going down due to wrong permission settings. Quite possibly it could be the Alternative reason and Some comments reason if permissions would be related to the first reason. I will try the Alternative reason first by putting in downtime this afternoon and because it's safe but if it doesn't work I will try to fix it via Probably reason which would also mean it was a permissions issue from Some comments reason and resolve this too. – shucode Jan 15 '16 at 12:32