This page presents a security problem.
Not yet identified the cause of the error. This page was listing all the files in a folder, it worked perfectly. Now she is listing these same files, but using ajax.
The code is simple: I have a PartialView, which is a WebGrid that lists the files in this folder:
PartialView "_files.cshtml"
@model string[]
@{
var folderName = Request["FolderName"];
var columns = new List<WebGridColumn>
{
{ ... }
};
if (Request.IsAuthenticated)
{
columns.Add( { ... } );
}
var grid = new WebGrid(
source: Model,
ajaxUpdateContainerId: folderName + "-grid",
rowsPerPage: 10);
}
@grid.GetHtml(columns: columns,
headerStyle: "grid-header"
)
The request is made by this javascript funciton:
Index.cshtml
<script type="text/javascript">
$(window).load(function () {
loadFiles("Documentos");
开发者_C百科 });
function loadFiles(folderName) {
$.ajax(
{ type: "GET",
url: '/Downloads/Files?folderName=' + folderName,
success: function (data) {
$("#" + folderName + "-grid").html(data);
}
})
}
</script>
<div id="Documentos-grid"></div>
In the Controller, I call PartialView:
public string[] GetFiles(string folderName)
{
var locations = Server.MapPath("~/App_Data/Downloads/");
return Directory.GetFiles(Path.Combine(locations, folderName));
}
public ActionResult Files(string folderName)
{
return PartialView("_files", GetFiles(folderName));
}
The files are sent to the folder:
/App_Data/Downloads/
Following this article, I put a web.config in the Downloads folder, but the error remains.
Web.Config
<?xml version="1.0"?>
<configuration>
<location allowOverride="true">
<system.web>
<securityPolicy>
<trustLevel name="Full" policyFile="internal" />
<trustLevel name="High" policyFile="web_hightrust.config" />
<trustLevel name="Medium" policyFile="web_mediumtrust.config" />
<trustLevel name="Low" policyFile="web_lowtrust.config" />
<trustLevel name="Minimal" policyFile="web_minimaltrust.config" />
</securityPolicy>
<trust level="Medium" originUrl="" />
</system.web>
</location>
</configuration>
Controller
The error happens at line 3 of the method: GetBoletins
private DataContext db = new DataContext();
public IList<Boletim> GetBoletins()
{
return (from boletim in db.BoletinsSemanais
where boletim.Year == DateTime.Now.Year
orderby boletim.Year, boletim.Week, boletim.Name
select boletim).Take(5).ToList();
}
Another Assembly
DataContext is a class that is in another assembly.
public class DataContext : DbContext
{
public DbSet<Boletim> BoletinsSemanais { get; set; }
public DataContext()
: base("name=DefaultConnection")
{
}
protected override void OnModelCreating(ModelBuilder modelBuilder)
{
modelBuilder.Conventions.Remove<PluralizingTableNameConvention>();
base.OnModelCreating(modelBuilder);
}
}
精彩评论