I am working on a Custom WebPart, for which I need an application page to render a PDF file.
I am currently using following link http://support.microsoft.com/kb/306654
It works fine in ASP.NET, but gives a blank page in SharePoint.
Here's the code:
(PDF file is in same directory)
Response.ClearContent();
Response.ClearHeaders();
//Set the appropriate ContentType.
Response.ContentType = "Application/pdf";
//Get the physical path to the file.
string FilePath = MapPath("Test.pdf");
//Write the file directly to the HTTP content output stream.
Response.WriteFile(FilePath);
Response.Flush();
Response.End();
Working on it for last few hrs, making me crazy...any ideas?
A few ideas:
If the file is in the SharePoint directories, why not just redirect to a URL for it?
If you use Fiddler (or Firebug) to look at the HTTP traffic -- do you see the content-type change? What is the content (is it a PDF?)
The main differences between SharePoint and ASP.NET (assuming that you are getting to the file correctly) is that the page life-cycle is slightly different and the security model. You might want to look at how Reponse.End() works to make sure it isn't different in SharePoint. You can run SharePoint in verbose logging and then use .NET Reflector on the SharePoint dlls (with the logs as a guide) to see if there's some weird way of handling this. The SharePoint dlls have pretty liberal log calls. More info here: http://www.andrewconnell.com/blog/archive/2008/06/11/SharePoint-Debugging-and-Logging-Tips-and-Tricks.aspx
Have you considered rasterizing the PDF and just showing it inline in the page? This is what we do in a project my company is working on to view PDF and other documents in SharePoint (Vizit). You still have to solve your problem of reading the file, but instead of responding with the PDF, you respond with a PNG and request inside of an <img> tag.
Related
I am working on file upload and download web App using .net mvc C# APIs and I have read this answer to consider some file security points and I have two questions:
According to the Filetypes point particularly this statement
It's best if the application uses some real content discovery to find
out if the uploaded file is actually an allowed filetype.
I want to check if the user uploads an .exe, .dll or "html containing js code"
file as renamed text file but i don't know how to do that.
According to Content sniffing point, I have added
X-Content-Type-Options: nosniff
To my api web.config file flowing this Answer
but when i upload html page including java script code it uploads and download without any interruption, so how to prevent my app from uploading and downloading these kinds of files.
There are plenty of ideas here (theoretical and practical):
https://security.stackexchange.com/questions/160129/c-malicious-file-upload-to-server
https://www.computerweekly.com/answer/File-upload-security-best-practices-Block-a-malicious-file-upload
I personally would suggest to white-list the extensions that will be allowed to upload, instead of black-listing potentially dangerous extensions.
I am building an excel file (using EPPLUS) on a web page which gives the option to either save or open the file.
Response.ContentType = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet";
Response.AddHeader("content-disposition", "attachment; filename=Excel_List.xlsx");
package.SaveAs(Response.OutputStream);
Response.End();
That works fine. I just want to know how can I check if the user has either opened/saved the file?
Is there an event for that?
The simplest answer is you cannot. Once the server has handed the file off to the client ASP.NET has no control over it.
You could, in theory, place a macro in the Excel file to call a URL on your server, but that's assuming the user opens the Excel file and allows for the execution of the macro (which is disabled in modern Excel versions).
You cannot determine it. After the output is generated you have no info about download process or actions that user takes on downloaded file. It is caused mostly by web browser security limitations.
No, that is not what HTTP is for. If you can successfully send all data from the server, you may assume the client has received it all. Client may then discard, save, print, copy, do whatever they like with the data.
If you want to perform such a check, you should do it from the Excel file itself. But then again you shouldn't, because of privacy. If I ever caught an Excel file phoning home, I don't know what'll happen.
It isn't possible to know if they actually opened it in Excel without adding a macro to the file, but there are ways that you can send a confirmation to the server that the download was completed successfully. For this you would need to embed a rich client in the browser to handle the HTTP request rather than doing it with the browser alone. Something like SoftArtisans XFile can be used for this. Our .NET Excel library also comes with an ActiveX control that can manage the download process (called the OfficeWriter Assistant).
Disclaimer: I work for SoftArtisans
I am making a web site in asp.net with c sharp.
I need to place a download file functionality(pdf, doc, xls) on one of my web page.
How can I do that?
If you want to do this automatically when a link is clicked from the server side, you have to send the file back yourself rather and add a couple of custom headers to the output. The way to do this is to use Response.TransmitFile() to explicitly send the file from your ASP.NET application and then add the Content Type and Content-Disposition headers.
For example:
Response.ContentType = "application/ms-excel";
Response.AppendHeader("Content-Disposition","attachment; filename=someFIle.xls");
Response.TransmitFile( Server.MapPath("~/somewhere/someFIle.xls") );
Response.End();
This will cause a Open / Save As dialog box to pop up with the filename of someFIle.xls as the default filename preset.
To force downloads, you have to set a couple of http headers. Content-Type and Content-Disposition. The first has to be application/octet-stream, and the second has to look something like this:
Content-Disposition: Attachment; Filename="[path to file user wants to download]"
I'm trying to server an exe to Firefox from an aspx page. The aspx page handles the headers and the page is launched by our Flex GUI. Flex correctly launches the link for all browsers (including Firefox) so I'm certain that's not the issue.
The problem I'm having is when I try to download the file from within Firefox, FF downloads the file fine but it names it "Content". It has no extension and the file name is incorrect. All the other browsers download it with the file name I specified in the aspx page and they all have the .exe extension. I should note that if I rename the "Content" file to "Content.exe" it runs correctly.
Below is the code I'm using in my aspx page -
protected void Page_Load(object sender, EventArgs e) {
string fileName = Request.QueryString["file"];
System.IO.FileInfo fileInfo = new System.IO.FileInfo(Server.MapPath(fileName));
Response.Clear();
if ( fileName.EndsWith(".exe") ) {
Response.ContentType = "application/exe";
}
else {
Response.ContentType = "application/octet-stream";
}
Response.AddHeader("Content-Disposition", "attachment; filename=" + fileInfo.Name);
Response.AddHeader("Content-Length", fileInfo.Length.ToString());
Response.WriteFile(fileInfo.FullName);
Response.Flush();
}
Any ideas and/or suggestions on why this isn't working correctly in Firefox?
I just ran the exact code you have mentioned, without the Flex GUI part, in a simple asp.net website, and it works fine on my Firefox, I am getting file name with extension.
I am using Firefox version 3.6.16.
Here are few things you can try:
Try running the same code without Flex GUI part
If it still doesn't work, check your firefox version
As suggested by Jon, use Fiddler and observe if something wrong in the response headers
One more point, may be this is just for test purpose, as allowing to download files this way can be a security threat, as even if the url is being called from Flex GUI, people can monitor traffic using fiddler or wireshark, and then exploit it to download any file they want to. For example they can download web.config and see connection string, or they can download the code.
You should restrict user to download file from one location only and only few allowed extensions.
There's no need for you to add the content-length yourself, as Response.WriteFile will do that if appropriate. The resultant duplicate headers is incorrect.
I'd also avoid flushing at the end, firstly flushing is only useful if it happens part-way through a long download; done only at the end you get the disadvantages of chunked encoding, without any of the advantages. This may also interfere with the content-length header you are sending.
Finally, there is no registered content type "application/exe", "application/octet-stream" should be used for executables. Maybe since Firefox is seeing it as "wrong" for .exe files, it's not using that extension.
If none of the above solves it, I'd recommend updating your question with the headers sent from the browser as seen through Fiddler or similar tools, as that may help someone find the answer (or you yourself for that matter).
I need to display my BLOB data directly into the IE Browser without saving a temporary file on the hard Disk.
I have successfully implemented the method of retrieving the file from the blob.
Please help me out or direct me to good articles on how to acheive this functionality.
Im using Visual Studio 2005, C#.NET and Oracle
You could do the following in an HTTP handler :
context.Response.ContentType = "multipart/related"; // I think...
context.Response.Write(<blob data here>);
Now this relies on a browser - IE, firefox - that can handle mht files..
If you want to parse the mht file and return html etc.. that would be a whole different scenario!
If you've already code that saves it as a file then all you need to do is to change that to write it to the Response.OutputStream stream instead of the file stream.