Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Access to PDF files in webserver folder
Message
General information
Forum:
ASP.NET
Category:
Other
Title:
Re: Access to PDF files in webserver folder
Miscellaneous
Thread ID:
00853842
Message ID:
00855155
Views:
11
Evan,

If I read your post correctly, basically you want to "protect" the downloads of reports generated as pdf files using any ASP.NET authentication type. There is more than one way to approach this. I have approached this using a method derived from one I used to use with a third-party component in asp classic. There are further variations on this theme, but you can visit those on your own.

1. Create a folder outside of your web root structure (or any web root structure).

2. Grant read privelages to this folder to your aspnet account on the machine.

3. Write your pdf's and any other protect to that folder. Store the physical path to this folder in your web.config or any other configuration file so it can be retrieved.

4. Create an aspx page in an authenticated folder called something like getfile.aspx.

5. For any link to a file you want protected that's in your protected downloads folder, simply make the link /authenticatedfolder/getfile.aspx?file=report.pdf where report.pdf is the file that actually sits in your protected downloads folder.

6. In your getfile.aspx file, you'll need code to first check for the existence of the file. If the file doesn't exist, display an error as part of getfile.aspx, or redirect to an error page. If the file does exist, clear the response , then set the content dispostion and length headers, then write the file to the response buffer and flush it. Here is a simple vb.net example of what I'm talking about. This is from some of my earliest asp.net code, so please forgive the way I break best practices in some cases for naming conventions, etc....

dim sFile as string = ""

If Request.QueryString("file") <> Nothing Then
sFile = Request.QueryString("file")
End If

If File.Exists(sFile) Then

Dim oHR As System.Web.HttpResponse
Dim oFile As New System.IO.FileInfo(sFile)

oHR.Clear()
oHR.BufferOutput = True
' This line makes the content show up as a file to download
' instead of displaying in the page
oHR.AddHeader("Content-Disposition", "attachment; filename=" + oFile.Name)

oHR.AddHeader("Content-Length", oFile.Length.ToString())
' I have a custom object method for determining the content type
' that I have ommitted for this example, and added pdf for you
oHR.ContentType = "application/pdf"
oHR.WriteFile(oFile.FullName)
oHR.Flush()

Else

Response.Write("no file found, sorry.....")

End If

As you can probably see, there are a number of ways to enhance this, such as passing a file id and looking the actual file and path up in a database, etc....

regards,

Jim Erwin



>Hi folks.
>
>I am using II5 on Windows 2000 server. Our web app outputs reports to PDF files into a folder on our webserver. In order to navigate to the PDF files to display them, I went into Internet Services Manager, right clicked on the folder then in the Directory tabe of the dialog, put a check mark next to for Read Access. Work great. Little did I realize that this folder allowed anyone to access the folder even if they didn't authenicate via our web application.
>
>How can I change this so that it:
>- let's authenticated users access a particular file (not browse the foler)
>- locks unauthenticated users out
Jim Erwin
jerwin@visionds.com
http://www.eyekahn.com
http://www.visionds.com
Previous
Reply
Map
View

Click here to load this message in the networking platform