Click here to Skip to main content
15,667,370 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
I work on core 2.2 Project with angular 7 . I face issue when download file

It created with Name [object FormData].xlsx but Name must be DeliveryGeneration_Output.xlsx .

Path returned and Created


so why file name created with [object FormData].xlsx and not created with DeliveryGeneration_Output.xlsx

and How to solve this Issue ?

What I have tried:

on Angular 7

public uploadFile = (files) => {
    const formData = new FormData();
    formData.append('file', this.fileToUpload,;'https://localhost:44396/api/ApprovalQuality/', formData,{ responseType: 'blob' })
      .subscribe((response: Blob) => saveAs(response, formData + '.xlsx'));
on Web API .Net Core 2.2

 var memory2 = new MemoryStream();
                    using (var stream = new FileStream(exportPath, FileMode.Open))
                    memory2.Position = 0;
 return File(memory2, "text/plain", Path.GetFileName(exportPath));
Updated 7-Dec-20 23:39pm

1 solution

It's going to depend on how you've initialized your exportPath variable, which you haven't shown.

However, based on the code you have shown, I suspect you're not handling the upload properly.

The name of the uploaded file will be the path, or more often just the filename, of the file on the client. Your code is running on the server. You cannot simply open the specified path on the server and expect to read the file from the client!

It might appear to work when you're debugging in Visual Studio. But that's only because, in that specific case, the server and the client are the same computer. Once you deploy your code to a real server, you will either get a FileNotFoundException, or in the extremely unlikely case that the file already exists in the same path on the server, you will be reading the wrong file.

You will also open up a security vulnerability - an attacker can pass the path of any file on your server and have it send in the response. They could use that to read your web.config or appSettings.json files, which could reveal information you don't want them to see. They could use it to download your application binaries, which they could then decompile to see your source code. They may even be able to download your database files.

The file upload name is for information only, and should not be trusted. You need to read the uploaded file contents from the IFormFile instance's stream.

Upload files in ASP.NET Core | Microsoft Docs[^]
IFormFile Interface (Microsoft.AspNetCore.Http) | Microsoft Docs[^]
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900