Access to the path is denied after Assembly.Loadfile

Question

I create web form application to upload file(.exe) for get assembly version and delete file(.exe) but after Assembly.LoadFile i can't delete file because of error shown be Access to the path is denied. Please kindly explain this problem to me.

protected void uploadBT_Click(object sender, EventArgs e)
    {
        if (FileUpload1.HasFile)
        {
            try
            {

                /** Save file to tmp **/
                string filename = FileUpload1.PostedFile.FileName;
                if (Directory.Exists(Server.MapPath("~/FilesUploaded/tmp")))
                {
                    FileUpload1.PostedFile.SaveAs(Server.MapPath("~/FilesUploaded/tmp/" + filename));
                }
                else
                {
                    Directory.CreateDirectory(Server.MapPath("~/FilesUploaded/tmp"));
                    FileUpload1.PostedFile.SaveAs(Server.MapPath("~/FilesUploaded/tmp/" + filename));
                }

                /** get assembly version **/
                Assembly ulf = Assembly.LoadFile(Server.MapPath("~/FilesUploaded/tmp/" + filename));
                string version = ulf.GetName().Version.ToString();

                DirectoryInfo di = new DirectoryInfo(Server.MapPath("~/FilesUploaded/tmp"));

                FileInfo[] fi = di.GetFiles();
                for (int i = 0; i < fi.Length; i++)
                {
                    fi[i].Delete();
                }

                //Directory.Delete(Server.MapPath("~/FilesUploaded/tmp"), true);
                //Thread.Sleep(5);
                //Directory.CreateDirectory(Server.MapPath("~/FilesUploaded/tmp"));

                /** Save each versions **/
                //Directory.CreateDirectory(Server.MapPath("~/FilesUploaded/" + version));
                //FileUpload1.PostedFile.SaveAs(Server.MapPath("~/FilesUploaded/" + version + "/" + filename));
                errTxt.Text = "Completed !";
            }
            catch (Exception ex)
            {
                errTxt.Text = ex.Message.ToString();
            }
        }
    }

Answer 1

1. The file is locked because you have loaded it into memory.
2. Loading arbitrary executables into memory on your web server is a massive security hole. Do not do this! Seriously you have no idea what is in that file.

Use this instead:

var version = AssemblyName.GetAssemblyName(
   Server.MapPath("~/FilesUploaded/tmp/" + filename)).Version;

See here