how to open a file by its full path?

Question

I have a GridView which has following template field that holds the filename, when the user clicks the filename, I call window.open() to open the file. My question is I can only pass relative path to window.open(). I got an error if I use full path. Is there any way I can use full path to open a file? Thanks.

<asp:TemplateField HeaderText="FileName">
                    <ItemTemplate>
                        <asp:LinkButton ID="lnkFile" runat="server"
                        Text='<%# Eval("FileName")%>' OnClick="lnkFile_Click">
                        </asp:LinkButton>
                    </ItemTemplate>
</asp:TemplateField>

Added: The actual location of the file is defined in web.config.

I have wrote following lnkFile_Click(). The old part will open a new window for the file, but I cannot pass fullpath of the file. The new part will let you have a choice to open or save the file. My question is, will this cause security issue?

protected void lnkFile_Click(object sender, System.EventArgs e)
{
    string fileName = ConfigurationSettings.AppSettings["SPRAttachmentLocation"] + "\\SPR" + sprID + "\\" + ((LinkButton)sender).Text;
    if (!File.Exists(fileName))
    {
        Exception ex = new Exception("Could not find the file, please contact your administrator.");
        Response.Write("<p align=\"center\"><br /><br /><br /><br />There has been an Error: <strong>" + ex.Message + "</strong></p>\n");

        return;
    }

New:

byte[] bts = System.IO.File.ReadAllBytes(fileName);
Response.Clear();
Response.ClearHeaders();
Response.AddHeader("Content-Type", "");
Response.AddHeader("Content-Length", bts.Length.ToString());
Response.AddHeader("Content-Disposition", "attachment; filename=" + fileName);
Response.BinaryWrite(bts);
Response.Flush();
Response.End();

Old:

   string newWindowUrl = "/SPR_Upload/SPR" + sprID + "/" + ((LinkButton)sender).Text;

            string javaScript =
             "<script type='text/javascript'>\n" +
             "<!--\n" +
             "window.open('" + newWindowUrl + "');\n" +
             "// -->\n" +
             "</script>\n";

   Page.ClientScript.RegisterStartupScript(GetType(), "", javaScript);
}

Answer 1

Your question gives the impression that you think that you can open a file from the user's local computer. If that's the case, this is not possible.

Window.open expects a URL because the file is located on the server side, not the client side.

With that said, if you are trying to open a file located on the server side and you know the full path to the file; what you need to do is generate the virtual path within your application where the file can be found. You do this by creating a Virtual Directory in your APP from the IIS Admin Manager (Control Panel-->Admin Tools -->IIS Mgmt) and mapping this directory to the actual physical directory.

EDIT:

Say for example your whole website is physically located on the server on c:\inetpub\wwwroot\your_app. Let's assume your app can be accessed via http://example.com and the files you want to serve are physically located on d:\files. Assume further that you created a virtual directory for your app (as I explained above) and that you called this virtual folder public_files. If one knows the file name it should be possible to access the file by simply going to http://example.com/public_files/filename.ext. Since you in your app already know the file name, all you need to pass as parameter to window.open is this url (http://example.com/public_files/filename.txt)

Answer 2

if the file is not located within the virtual directory there are a number of security issues you need to consider and address. in general it's not a good idea to access a file outside of the virtual directory.

if you must, then you will need to raise security permissions and grant access to the file on the network.

Answer 3

You could try using the AppDomainAppVirtualPath to get the virtual path to the file.

string vPath = HttpRuntime.AppDomainAppVirtualPath + "/my/relative/path"