I have ActionResult to download a file in which i passed file name as parameter to download.
[HttpGet]
public ActionResult OpenFile(string fileName)
{
try
{
/*Get the folder name from the config file*/
string FolderName = Convert.ToString(WebConfigurationManager.AppSettings["DownloadAttachments"]);
FolderName = (FolderName == null ? "DownloadAttachments" : FolderName);
return File(new FileStream(Server.MapPath("~/" + FolderName + "/" + fileName), FileMode.Open), "application/octetstream", fileName);
}
catch (Exception ex)
{
}
return Content("<h1>File Not Found.</h1>", "text/html");
}
But User can able to download web.config file of the application also by Passing web.config file name as parameter.
Its any better way to avoid this security breach other than this condition..
if (fileName != null && !fileName.ToLower().Contains("web.config"))