asp.net core - How to serve static file with no extension

Question

ASP.NET Core hapily serves up files from the wwwroot folder based on the mime type of the file. But how do I get it serve up a file with no extension?

As an example, Apple require that you have an endpoint in your app /apple-app-site-association for some app-intergration. If you add a text file called apple-app-site-association into your wwwroot it won't work.

Some things I've tried:

1) Provide a mapping for when there's no extension:

var provider = new FileExtensionContentTypeProvider();
provider.Mappings[""] = "text/plain";
app.UseStaticFiles(new StaticFileOptions
            {
                ContentTypeProvider = provider
            });

2) Adding an app rewrite:

var options = new RewriteOptions()
.AddRewrite("^apple-app-site-association","/apple-app-site-association.txt", false)

Neither work, the only thing that does work is a .AddRedirect which I'd rather not use if possible.

sinofis · Accepted Answer · 2018-05-16 12:27:39Z

40

Adding an alternative solution. You have to set ServeUnknownFileTypes to true and after that set the default content type.

        app.UseStaticFiles(new StaticFileOptions
        {
            ServeUnknownFileTypes = true,
            DefaultContentType = "text/plain"
        });

answered May 16, 2018 at 12:27

sinofis

5961 gold badge5 silver badges16 bronze badges

Sign up to request clarification or add additional context in comments.

7 Comments

Brad Over a year ago

Downvoting because this adds a security risk as explained in the ASP Core docs. The accepted answer is the best way to "whitelist" files to be served without opening up all file types.

chaami Over a year ago

If you are concerned about security you can either reduce the scope of the served file with this option with a specific PhysicalFileProvider, or implement your own IFileProvider as the StaticFileOptions.FileProvider property.

AEMLoviji Over a year ago

Warning Enabling ServeUnknownFileTypes is a security risk. It's disabled by default, and its use is discouraged.

user430788 Over a year ago

Just what I needed thanks. This is development work, i dont need to worry about deep security. If you want your default to be binary files use "application/octet-stream"

Kristaps Baumanis Over a year ago

The Core docs don't actually explain how it's a security risk, they just state it. On its own I don't see how it's a risk.

|

Gabriel Luci · Accepted Answer · 2020-08-05 00:51:08Z

24

Rather than fighting with static files, I think you'd be better off just creating a controller for it:

using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using System.IO;

namespace MyApp.Controllers {
    [Route("apple-app-site-association")]
    public class AppleController : Controller {
        private IHostingEnvironment _hostingEnvironment;

        public AppleController(IHostingEnvironment environment) {
            _hostingEnvironment = environment;
        }

        [HttpGet]
        public async Task<IActionResult> Index() {
            return Content(
                await File.ReadAllTextAsync(Path.Combine(_hostingEnvironment.WebRootPath, "apple-app-site-association")),
                "text/plain"
            );
        }
    }
}

This assumes your apple-app-site-association file is in your wwwroot folder.

edited Aug 5, 2020 at 0:51

answered Feb 13, 2018 at 15:42

Gabriel Luci

41.5k4 gold badges66 silver badges98 bronze badges

4 Comments

Matt Roberts Over a year ago

Lol, this is pretty much exactly what I gave up and reverted to - although it feels somewhat wrong, but it does work!

Gabriel Luci Over a year ago

If it's stupid but it works, then it ain't stupid! :)

Maxim Zabolotskikh Over a year ago

Like this you don't event need an actual file in the wwwroot. I've had the same problem with the Apple file - I've put the credentials into appsettings and generated json in code.

Kailash Mali Over a year ago

How locally works and at server level not worked. does server block it?

Serge S · Accepted Answer · 2020-03-27 16:07:28Z

9

An easier option may be to put a file with a proper extension on the server, and then use URL rewrite as follows.

app.UseRewriter(new RewriteOptions()
    .AddRewrite("(.*)/apple-app-site-association", "$1/apple-app-site-association.json", true));

answered Mar 27, 2020 at 16:07

Serge S

911 silver badge2 bronze badges

2 Comments

d03090 Over a year ago

Best answer! No security risks like allowing all unknown static filetypes and no overhead by creating a controller for returning a simple json file.

Marthijn Over a year ago

This somehow didn't work for me in .NET 6. I had to use

app.UseRewriter(new RewriteOptions().AddRewrite("^apple-app-site-association$", "/apple-app-site-association.json", true));

Christina P. · Accepted Answer · 2021-01-04 15:16:41Z

6

I think the easiest way is to add the apple-app-site-association file in a .well-known folder in the root folder of the application as described here: [https://developer.apple.com/documentation/safariservices/supporting_associated_domains] and then allow access to it from your code, like this (Startup.cs):

 // to allow access to apple-app-site-association file
app.UseStaticFiles(new StaticFileOptions()
{
    FileProvider = new PhysicalFileProvider(Path.Combine(env.ContentRootPath, @".well-known")),
    RequestPath = new PathString("/.well-known"),
    DefaultContentType = "application/json",
    ServeUnknownFileTypes = true,
});

Tested in AWS Serverless Application (.NET Core 3.1)

answered Jan 4, 2021 at 15:16

Christina P.

611 silver badge1 bronze badge

Comments

angularsen · Accepted Answer · 2023-12-03 15:08:51Z

AspNetCore does not serve unknown file types for security reasons, but it should generally be safe to do for files in the .well-known folder.

The problem is that Apple requires the correct MIME type for files without extensions, so we must explicitly configure those.

Solution

Allow serving unknown file types (no extension) from .well-known folder.
Add files to wwwroot/.well-known folder.
Add a custom IContentTypeProvider to map filenames to MIME type, such as apple-app-site-association file name to application/json MIME type.

Startup.cs

app.UseStaticFiles(new StaticFileOptions
{
    FileProvider = new PhysicalFileProvider(Path.Combine(env.ContentRootPath, "wwwroot", ".well-known")),
    RequestPath = "/.well-known",
    ServeUnknownFileTypes = true,
    ContentTypeProvider = new CustomWellKnownFileContentTypeProvider(),
});

CustomWellKnownFileContentTypeProvider.cs

/// <summary>
///     Custom file extension content type provider for serving certain extension-less files in .well-known folder.
///     <list type="bullet">
///         <item>apple-app-site-association - application/json - Apple Universal Link association</item>
///     </list>
/// </summary>
public class CustomWellKnownFileContentTypeProvider : IContentTypeProvider
{
    private readonly FileExtensionContentTypeProvider _defaultProvider = new();

    public bool TryGetContentType(string subpath, out string contentType)
    {
        // Custom handling of files without file extensions.

        // Apple Universal Link association, requires the correct MIME type set.
        if (subpath.EndsWith("apple-app-site-association", StringComparison.OrdinalIgnoreCase))
        {
            contentType = "application/json";
            return true;
        }

        // Fallback to default provider, based on file extension.
        if (_defaultProvider.TryGetContentType(subpath, out string? extContentType))
        {
            contentType = extContentType;
            return true;
        }

        contentType = string.Empty;
        return false;
    }
}

Collectives™ on Stack Overflow

asp.net core - How to serve static file with no extension

5 Answers 5

7 Comments

4 Comments

2 Comments

Comments

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

5 Answers 5

7 Comments

4 Comments

2 Comments

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related