I am making an application to edit mp3 files. After the editing is finished I want to present a link to download the file. I am just concerned that the file location, if known, can be abused for illegal files. What do I need to do so that, instead of presenting a link to a file on the server, I can store it in memory (which I already have using taglib) and then stream the download without storing it on the server.
You need to use an HTTP Handler to write the file to the user while masking the true location of the file on the server. This will enable you to enforce whatever rules you may have regarding the downloading of the file, such as a one time download.
See: How to create an HTTP Handler
The code inside the handler will need to be unique to your needs, but something along the following lines should help:
public void ProcessRequest(HttpContext context)
{
context.Response.ContentType = "Application/mp3";
context.Response.AppendHeader("Content-Disposition", "attachment; filename=mysong.mp3");
context.Response.TransmitFile(Server.MapPath("~/Files/song.mp3"));
}
You could use a Stream in case you don't want to save an actual file anywhere, but this should get you started.
Related
I have a program that allow to user upload a file.
Suppose the user is only allowed to upload the psd file (or any other file that is specified by admin user). If user changes the file extension from .exe to psd, can upload it.
How can we prevent files that have changed the extension from being uploaded?
You could check for ContentType header, but that could be tampered by someone with enough knowledge to do so.
Like MrTux pointed out, the best way would be to read the file header and check if it's complying to the file format you want to check against.
It would be easy to decide if you have information on how users are currently uploading files. If it's your own system or if users compose their own http post requests.
I have this specific scenario:
The user is sending me request which contains a URL to a file in my private repository.
The server side catch this request and Download the file.
The server making some calculation on the downloaded file.
The server sending the results back to client.
I implemented this in the "Naive" way. Which mean, I downloading the file (step 2) for each request. In most cases, the user will send the same file. So, I thought about better approach: keep the downloaded file in short term "cache".
This mean, I will download the item once, and use this for every user request.
Now the question is, how to manage those files?
In "perfect world", I will use the downloaded file for up to 30 minutes. After this time, I won't use it any more. So, optional solutions are:
Making a file system mechanism to handling files for short terms. Negative: Complex solution.
Using temporary directory to do this job (e.g. Path.GetTempFileName()). Negative: What if the system will start to delete those files, in the middle of reading it?
So, it's seems that each solution has bad sides. What do you recommend?
Maybe the title I have does not reflect my Question 100% but I will try to make it clearer. That is how our system is right now.
We have an Webserver that is public on the internet and the Webserver that has access to a Fileserver. We would like without having files on the Webserver the client to be able to download files from the Fileserver. Is there any technology available for these kind of requests?
We are using ASP. NET WebForms.
Thanks in advance.
I don't know of any Framework that would do this but I implemented something similar. In our case we have a list of the files that users should be able to download in a database but you could simply use System.IO.Directory to query for the available files in a certain folder yourself. It's also required that the application runs in an application pool that has an identity (User) that is allowed to access the fileshare.
The actual download is implemented as an ASP.Net WebHandler (.ashx-File). When the user hits that Handler I basically do something like this in the ProcessRequest method:
string fileName = "\\\\myServer\\folder\\file.pdf";
byte[] fileContent = System.IO.File.ReadAllBytes(fileName);
context.Response.Clear();
context.Response.ClearHeaders();
context.Response.ClearContent();
context.Response.ContentType = "application/pdf";
context.Response.AddHeader("Content-Disposition", "attachment;filename=" + System.IO.Path.GetFileName(fileName));
context.Response.AddHeader("Content-Length", fileContent.Length.ToString());
context.Response.BinaryWrite(fileContent);
Of course if you are dealing with bigger files you might want to not load the entire file into memory but rather read in chunks and make multiple calls to BinaryWrite. You also should set the ContentType to a MIME-Type that fits your file type so it gets handled correctly by the clients browser.
I am building an excel file (using EPPLUS) on a web page which gives the option to either save or open the file.
Response.ContentType = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet";
Response.AddHeader("content-disposition", "attachment; filename=Excel_List.xlsx");
package.SaveAs(Response.OutputStream);
Response.End();
That works fine. I just want to know how can I check if the user has either opened/saved the file?
Is there an event for that?
The simplest answer is you cannot. Once the server has handed the file off to the client ASP.NET has no control over it.
You could, in theory, place a macro in the Excel file to call a URL on your server, but that's assuming the user opens the Excel file and allows for the execution of the macro (which is disabled in modern Excel versions).
You cannot determine it. After the output is generated you have no info about download process or actions that user takes on downloaded file. It is caused mostly by web browser security limitations.
No, that is not what HTTP is for. If you can successfully send all data from the server, you may assume the client has received it all. Client may then discard, save, print, copy, do whatever they like with the data.
If you want to perform such a check, you should do it from the Excel file itself. But then again you shouldn't, because of privacy. If I ever caught an Excel file phoning home, I don't know what'll happen.
It isn't possible to know if they actually opened it in Excel without adding a macro to the file, but there are ways that you can send a confirmation to the server that the download was completed successfully. For this you would need to embed a rich client in the browser to handle the HTTP request rather than doing it with the browser alone. Something like SoftArtisans XFile can be used for this. Our .NET Excel library also comes with an ActiveX control that can manage the download process (called the OfficeWriter Assistant).
Disclaimer: I work for SoftArtisans
I need to display my BLOB data directly into the IE Browser without saving a temporary file on the hard Disk.
I have successfully implemented the method of retrieving the file from the blob.
Please help me out or direct me to good articles on how to acheive this functionality.
Im using Visual Studio 2005, C#.NET and Oracle
You could do the following in an HTTP handler :
context.Response.ContentType = "multipart/related"; // I think...
context.Response.Write(<blob data here>);
Now this relies on a browser - IE, firefox - that can handle mht files..
If you want to parse the mht file and return html etc.. that would be a whole different scenario!
If you've already code that saves it as a file then all you need to do is to change that to write it to the Response.OutputStream stream instead of the file stream.