Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ASP.Net: Getting "view_pdf.aspx?DocRef=12345" to return a PDF to the user

Posted on 2004-04-02
4
Medium Priority
?
279 Views
Last Modified: 2010-05-18
We have some PDF's that can be viewed by users. Rather than simply providing them with a link to the URL of the document, we would like some way to first check that they have permissions to view that PDF (by cross-referencing the PDF ref with the user ID in a database), then if they do have permissions to view it, return the PDF output to the page. Also, we don't want them to simply be able to guess the URL of other PDF's and be able to view them. Therefore, can somebody please confirm, and provide more code instead of the comments below:

----------
Dim sDocRef As String
Dim bAccess As Boolean
Dim sDocLocation As String

sDocRef = Request.QueryString("DocRef")

' Query the database to check they have access to this file.
' Do SQL stuff.
If myRS("Access") = 1 Then
  ' Query the database to return the real location of the PDF
  ' Do SQL Stuff
  sDocLocation = myRS("Location")
  ' Set the content type of the page to be a PDF *****
  ' Read the contents of the PDF *****
  ' Output the contents of the PDF to the page *****
Else
  Response.Redirect = "permission_denied.aspx"
End If
----------

I.e. by going to "view_pdf?DocRef=12345" they are presented with the PDF in that same window [assuming have permissions].

Can somebody please provide the code where the comment has ***** at the end of it.

Any other bits of code in there would be helpful, e.g. check PDF exists, etc. are there any issues with this method?

Any help much appreciated.

Thanks,

Ben.

0
Comment
Question by:webtechy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Assisted Solution

by:culshaja
culshaja earned 1000 total points
ID: 10740851
Response.Clear()
Response.ContentType = "application/pdf"
Dim MyFileStream As FileStream
Dim FileSize As Long
 
 MyFileStream = New FileStream(sDocLocation , FileMode.Open)
 FileSize = MyFileStream.Length
Dim Buffer(CInt(FileSize)) As Byte
 MyFileStream.Read(Buffer, 0, CInt(FileSize))
 MyFileStream.Close()
Response.BinaryWrite(Buffer)
Response.Flush
Response.Close()


James :-)

0
 
LVL 35

Accepted Solution

by:
YZlat earned 1000 total points
ID: 10740929
Dim PDFBuffer as Byte

' set the content type to PDF
Response.ContentType = "application/pdf"

' add content type header
Response.AddHeader("Content-Type", "application/pdf")

' set the content disposition
Response.AddHeader("Content-Disposition", "inline;filename=form.pdf")

' write the buffer with pdf file to the output
Response.BinaryWrite(PDFBuffer)

Response.End()
0
 
LVL 2

Author Comment

by:webtechy
ID: 10741990
Cheers, guys. So this method will work? i.e. it doesn't matter to the browser that the extension of the page will be .aspx but we are actually returning a PDF as we are setting the content type? Is this method the "best" for restructing access to PDF's?
0
 
LVL 7

Expert Comment

by:culshaja
ID: 10742050
This is the standard way to do it with any file type.

The content type tells the page what is actually being sent, not the extension. The extension is used by the web server to determine what the content type should be initially set to, but in a server-side environment like ASP/ASP.Net/PHP etc you can chnage this as we do above. Its the MIME type that is sent back as the content type that the client uses.

You can do this with a web page that is just a table as contents and tell it the content type is the MIME type for excel and it will open the web page in Excel with the page contents in the first workbook.

James :-)
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes relatively difficult and non-obvious issues that are likely to arise when creating COM class in Visual Studio and deploying it by professional MSI-authoring tools. It is assumed that the reader is already familiar with the cla…
More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question