asp.net core - How to serve static file with no extension

Question

ASP.NET Core hapily serves up files from the wwwroot folder based on the mime type of the file. But how do I get it serve up a file with no extension?

As an example, Apple require that you have an endpoint in your app /apple-app-site-association for some app-intergration. If you add a text file called apple-app-site-association into your wwwroot it won't work.

Some things I've tried:

1) Provide a mapping for when there's no extension:

var provider = new FileExtensionContentTypeProvider();
provider.Mappings[""] = "text/plain";
app.UseStaticFiles(new StaticFileOptions
            {
                ContentTypeProvider = provider
            });

2) Adding an app rewrite:

var options = new RewriteOptions()
.AddRewrite("^apple-app-site-association","/apple-app-site-association.txt", false)

Neither work, the only thing that does work is a .AddRedirect which I'd rather not use if possible.

score 37 · Answer 1 · answered May 16 '18 at 12:27

37

Adding an alternative solution. You have to set ServeUnknownFileTypes to true and after that set the default content type.

        app.UseStaticFiles(new StaticFileOptions
        {
            ServeUnknownFileTypes = true,
            DefaultContentType = "text/plain"
        });

answered May 16 '18 at 12:27

sinofis

556
1
5
15

8

Downvoting because this adds a security risk as explained in the ASP Core docs. The accepted answer is the best way to "whitelist" files to be served without opening up all file types. – Brad Sep 24 '18 at 19:28
3

If you are concerned about security you can either reduce the scope of the served file with this option with a specific PhysicalFileProvider, or implement your own IFileProvider as the StaticFileOptions.FileProvider property. – chaami Nov 07 '18 at 13:26
1

Warning Enabling ServeUnknownFileTypes is a security risk. It's disabled by default, and its use is discouraged. – AEMLoviji Nov 27 '20 at 10:37
Just what I needed thanks. This is development work, i dont need to worry about deep security. If you want your default to be binary files use "application/octet-stream" – user430788 Jan 19 '21 at 23:51
The Core docs don't actually explain how it's a security risk, they just state it. On its own I don't see how it's a risk. – Kristaps Baumanis Mar 08 '23 at 10:28

Gabriel Luci · Accepted Answer · 2020-08-05T00:51:08.800

23

Rather than fighting with static files, I think you'd be better off just creating a controller for it:

using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using System.IO;

namespace MyApp.Controllers {
    [Route("apple-app-site-association")]
    public class AppleController : Controller {
        private IHostingEnvironment _hostingEnvironment;

        public AppleController(IHostingEnvironment environment) {
            _hostingEnvironment = environment;
        }

        [HttpGet]
        public async Task<IActionResult> Index() {
            return Content(
                await File.ReadAllTextAsync(Path.Combine(_hostingEnvironment.WebRootPath, "apple-app-site-association")),
                "text/plain"
            );
        }
    }
}

This assumes your apple-app-site-association file is in your wwwroot folder.

edited Aug 05 '20 at 00:51

answered Feb 13 '18 at 15:42

Gabriel Luci

38,328
4
55
84

1

Lol, this is pretty much exactly what I gave up and reverted to - although it feels somewhat wrong, but it does work! – Matt Roberts Feb 13 '18 at 15:43
5

If it's stupid but it works, then it ain't stupid! :) – Gabriel Luci Feb 13 '18 at 15:52
1

Like this you don't event need an actual file in the wwwroot. I've had the same problem with the Apple file - I've put the credentials into appsettings and generated json in code. – Maxim Zabolotskikh Apr 28 '20 at 10:11

score 8 · Answer 3 · answered Mar 27 '20 at 16:07

8

An easier option may be to put a file with a proper extension on the server, and then use URL rewrite as follows.

app.UseRewriter(new RewriteOptions()
    .AddRewrite("(.*)/apple-app-site-association", "$1/apple-app-site-association.json", true));

answered Mar 27 '20 at 16:07

Serge S

81
1
2

Best answer! No security risks like allowing all unknown static filetypes and no overhead by creating a controller for returning a simple json file. – d03090 Dec 26 '20 at 14:31
This somehow didn't work for me in .NET 6. I had to use `app.UseRewriter(new RewriteOptions().AddRewrite("^apple-app-site-association$", "/apple-app-site-association.json", true));` – Marthijn Dec 31 '21 at 09:00

score 4 · Answer 4 · answered Jan 04 '21 at 15:16

I think the easiest way is to add the apple-app-site-association file in a .well-known folder in the root folder of the application as described here: [https://developer.apple.com/documentation/safariservices/supporting_associated_domains] and then allow access to it from your code, like this (Startup.cs):

 // to allow access to apple-app-site-association file
app.UseStaticFiles(new StaticFileOptions()
{
    FileProvider = new PhysicalFileProvider(Path.Combine(env.ContentRootPath, @".well-known")),
    RequestPath = new PathString("/.well-known"),
    DefaultContentType = "application/json",
    ServeUnknownFileTypes = true,
});

Tested in AWS Serverless Application (.NET Core 3.1)

asp.net core - How to serve static file with no extension

4 Answers4

Linked

Related