Is this possible to get full client path in <asp:FileUpload> button?

Question

I have to upload one file from client using Button.I have to get the full client path.for example,

suppose, user uploaded a file from this local machines "d:\\my files\\docs\\test.xml".So, now i want to get the same path("d:\\my files\\docs\\test.xml") to proceed further.how do i get it?

i have used FileUpload1.PostedFile.FileName...But it is worked fine with IE and but not in Firefox...

So, Can you help me with this for Firefox and chrome...

Answer 1

Good Source:

http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx

Checkout the "File Upload Control" section near the bottom. quoted:

Additionally, the “Include local directory path when uploading files” URLAction has been set to "Disable" for the Internet Zone. This change prevents leakage of potentially sensitive local file-system information to the Internet. For instance, rather than submitting the full path C:\\users\\ericlaw\\documents\\secret\\image.png, Internet Explorer 8 will now submit only the filename image.png.

This would suggest it is possible if the site is trusted (in IE) / older browsers

Answer 2

No, it is not possible. Browsers do not allow that due to security restrictions.

If i could set which file I wanted from javascript, a hacker could take a lot of files from your PC.

So, asp.net or otherwise, getting the full client path in a browser is not possible.

Answer 3

http://www.ietf.org/rfc/rfc2184.txt and http://www.ietf.org/rfc/rfc2388.txt seem to be the relevant RFCs that discuss this. They are quite lengthy but what it boils down to is that you do indeed get a filename but not a path.

Browsers will follow these standards so through the standard browser interface there will be no way to get the information you want.

This leaves other techniques such as javascript, flash, silverlight, etc.

Javascript does all of its work through the browser object model so again by default won't help. Anything to do with playing with the file system is considered a security risk (do you want random pages looking through your file system?).

It is possible that you could create your own flash or sliverlight upload tool (or find one) that will allow you to collect richer information, I don't know much about those technologies. At the end of the day though I would expect them to follow similar rules about access to the client computer.

So the RFCs and there spirit which are likely followed everywhere says that no, you can't do this.

You could always ask the user for a path in a textbox though if it is important and just have them copy it in...

Answer 4

There seems to be ways to do it but at the same time it looks like it will only work if it is your machine. Here is a link that explains it.

http://www.codingforums.com/showthread.php?t=72288

The problem occurs because it is seen as a malicious script trying to access information that is not under its control giving the user a prompt. So unless this is for machines under your control or users who trust you then it isn't the best of ideas. Most users who see security risk alerts will always block them.