How to display a file in a folder without showing physical path?

Question

I use .NET Framework. I have a files in a folder. Physical path like:

https://example.com/folders/123aaa.jpg

And I have a button to redirect this link. But I don't want to show this path. I want user to see like:

https://example.com/display.aspx

Is there any way to do that?

<asp:Button ID="eg" runat="server" CausesValidation="false" CommandName="Save"

private void save(int i)
{
    GridViewRow row = GridView7.Rows[i];
    string sid = row.Cells[0].Text;
    SqlCommand cmd = new SqlCommand("xxx", con);
    cmd.CommandType = System.Data.CommandType.StoredProcedure;
    cmd.Parameters.AddWithValue("@id", sid);         
    con.Open();
    SqlDataReader rd = cmd.ExecuteReader();
    if (rd.HasRows)
    {
        while (rd.Read())
        {
            string url = rd[0].ToString();
        }
    }

    Response.Redirect(url,false); 
}

Use e.g. [ASHX handlers](https://stackoverflow.com/q/12087040/107625). — Uwe Keim, Feb 28 '20 at 12:35
When the user requests `display.aspx`, how will you know what file to return? Is there only one possible file? If so then you can just stream the file to the user from within your `display.aspx` code. — David, Feb 28 '20 at 12:39
i have only one path. it was just an example. I get id from my gridview and getting link from database. so there is only one file. — Nail Özkan, Feb 28 '20 at 12:53

CodeCaster · Answer 1 · 2020-02-28T12:52:04.767

2

No, your client has to send some form of identifier. Otherwise, how will your server know which file they requested? And any identifier that an browser sends, can be inspected by the user.

So you're trying to apply security through obscurity.

If you don't want clients to know the folder name folders, or the file name 123aaa.jpg, you'll have to obscure this through a mapping, for example a large random name that maps to the actual file path.

You can do this by for example saving the random names and actual paths in a database, and create a handler that looks up the file:

/images.ashx?file=abc-123-456

Then that ASHX handler looks up the file with the name abc-123-456 in the database, and writes the actual file to the response.

edited Feb 28 '20 at 12:52

answered Feb 28 '20 at 12:38

CodeCaster

147,647
23
218
272

I agree the way you say. I generally use tokens for per user to display. I just wondered is there any easy way to hide physical path. Thanks for answer. – Nail Özkan Feb 28 '20 at 12:40
Isn't an ASHX handler more lightweight than an ASPX page? – Uwe Keim Feb 28 '20 at 12:44
1

@Uwe absolutely right, no need for a page lifecycle when you're going to return a file. – CodeCaster Feb 28 '20 at 12:51

How to display a file in a folder without showing physical path?

1 Answers1