Skip to main content
BuyLog In
ASP.NET Web Forms Controls
Search in…
Docs > Components > File Management > File Manager > Security Considerations
All docs
V23.2
ASP.NET Web Forms Controls
Prerequisites
Supported Browsers
What's Installed
Get Started
Upgrade to a New Version
Common Concepts
Components
Card View
Chart Control
Data and Image Navigation
Data Editors
Diagram
Docking and Popups
File Management
Deployment
File Manager
Root Folder
Thumbnails
View Modes
Custom Columns
Toolbar
Adaptivity
File Upload
File Download
Context Menu
Access Control
File System Providers
Security Considerations
Visual Elements
File Upload
Gantt
Gauges
Grid View
HTML Editor
Multi-Use Site Controls
Pivot Grid
Reporting
Rich Text Editor
Scheduler
Site Navigation and Layout
Spell Checker
Spreadsheet
Tree List
Vertical Grid
Query Builder
Security Considerations
Redistribution and Deployment
Troubleshooting
Get More Help
.NET Framework API Reference
Client API Reference
Download CHM

File Manager Security Considerations

  • 2 minutes to read

The ASPxFileManager control stores thumbnails in the folder specified by the ThumbnailFolder property (~\Thumb\, by default). The subfolder structure is based on the source folder’s relative path. The file manager creates thumbnails when they are displayed for the first time. Before creating a thumbnail, the control checks for an existing thumbnail with the corresponding path and name, and if found, uses that thumbnail instead.

The described behavior can cause the following issues:

  • If the file manager creates thumbnails in a public folder, it can result in unauthorized access to thumbnails of private files.
  • If you change the RootFolder property value dynamically, multiple thumbnail images can have the same relative path and file name. In this case, ASPxFileManager may display incorrect thumbnails.

Resolution

If you implement a multi-user application or dynamically change the root folder, specify the thumbnail folder dynamically based on the current user. We also recommend that you restrict access to each user’s thumbnail folder.

protected void Page_Load(object sender, EventArgs e) {
     string userSubFolder = ASPxComboBox1.Value.ToString();
     ASPxFileManager1.Settings.RootFolder = "~/Content/" + userSubFolder;
     ASPxFileManager1.Settings.ThumbnailFolder = "~/Thumbs/" + userSubFolder;

     FileManagerFolderAccessRule folderRule = new FileManagerFolderAccessRule();
     folderRule.Browse = Rights.Deny;
     folderRule.Path = "~/Thumbs/" + userSubFolder;
     FileManager.SettingsPermissions.AccessRules.Add(folderRule);
}

<dx:ASPxComboBox ID="ASPxComboBox1" runat="server" AutoPostBack="True" SelectedIndex="0">
     <Items>
          <dx:ListEditItem Text="Common" Value="Common files" Selected="True" />
          <dx:ListEditItem Text="User 1" Value="User1" />
          <dx:ListEditItem Text="User 2" Value="User2" />
          <dx:ListEditItem Text="User 3" Value="User3" />
     </Items>
</dx:ASPxComboBox>
<dx:ASPxFileManager ID="ASPxFileManager1" runat="server">
     <Settings RootFolder="~/Content/Common files" ThumbnailFolder="~/Content/Thumbs/Common files" />
</dx:ASPxFileManager>