Experts Exchange connects you with the people and services you need so you can get back to work.
' First, we need to declare our variables
' We'll need a filestream object to fetch the pdf file from its location
' outside the web-site.
Dim fs As FileStream
' As we're not serving standard html,
' we'll need to tell the browser what type of content we're serving
' This value will need to be added to our response header.
Dim strContentType As String
' This is the path to the folder where our file will be kept.
' Note, we DON'T use the
' Server.Mappath() method, as this would defeat the object.
' We want to keep the file outside the web application, so
' we can't use standard server object methods.
' In a real-world application you would store this value in a database
' or otherwise in web.config so that you can change it easily
' without having to recompile your code. I've hard-coded it here
' for readability. Note, you will have to ensure that the ASP.NET
' user account on your system has appropriate access rights to this folder
Dim strPath = "C:\My External\File Path\"
' We need to use this file name
' in the headers that we send to the browser. Obviously
' we don't want to show the user the full path
' to our file on the server,
' so I'm not including this in the path variable above.
' Even though they won't be able to access
' it without admin rights on your server, it will only confuse them.
' Users only need to see the file name,
' which they can then save on their own system once downloaded
Dim strFileName As String = "MyPdfDownload.pdf"
' Next we call our validation function to determine
' whether or not we are prepared to offer the user this file
' I'm not including that function in this article.
' You can create your own validation
' function based on your site's requirements
' You can even include code in this page to indicate
' whether a user has downloaded their file.
' Then save a cookie on their machine and make
' a note in your database. In any future attempts,
' you can check for the cookie to ensure that the user can ONLY download
' the file to the same machine. That way you can prevent
' them from giving their login details to others who could then
' download the file from their machines.
If UserIsValid() Then
' Great. The user is valid and we're happy to give
' them the file. Now we open our file using the file stream object
fs = File.Open(strPath & strFileName, FileMode.Open)
' Declare a byte array to hold our stream information.
' Note, we initialize the byte array to the file stream's size
Dim bytBytes(fs.Length) As Byte
' Write the stream to the byte array
fs.Read(bytBytes, 0, fs.Length)
' Close the file stream to release the resource
' This is important. If you don't close the resource,
' the next person trying to download your file
' may get an error saying the resource
' is still being used by another application.
' Next we need to add some header information.
' These headers will tell the browser what it needs to do
' with the content we're serving
' The first header ensures that the file name
' is correct on the client side. This is extremely important! If you
' don't add this header, the browser will make
' some sort of arbitrary decision as to what the file should be called.
' It will either offer no name and force the user to select a name
' (As we all know, this is like giving a two-year-old a loaded gun)
' or it will simply name the file after the web page
' it's calling (eg. MyFileServer.aspx). This will save without any problem
' but when the user tries to open the file, their system
' will tell them it doesn't know what to do with a *.aspx file
' and you're going to slowly go insane over the next
' six months with support calls, trying to explain to users how to
' change the file extension from *.aspx to *.pdf on their system
"attachment; filename=" & strFileName)
' Next, we need to tell the browser what type of content
' we're serving. If we don't add this header, the user's browser
' will assume it is standard html and try to render your
' bytes as text. The page won't crash,
' but the user is going to see an unholy
' mess on their web page, with bundles of little blocks
' and funny faces that are absolutely meaningless to them.
' I'm using a standard application/octet-stream content type.
' It's better to find out exactly what MIME type your particular
' file extension is defined under, as this should produce
' better browser behaviour.
' However, for our purposes, this will work just fine
' This header tells the browser that it is serving
' an application file as a byte stream.
' The browser will know immediately
' that it shouldn't serve this file as text and will open
' the File Download box instead,
' in which it offers the user the ability to save
' the file. It will also use the Content-disposition header
' (see above) to auto-populate
' the Save File dialog box with the file's name
Response.ContentType = "application/octet-stream"
' Now our headers are added, we can serve the content.
' To do this, we use the BinaryWrite() method of the server object
' This successfully streams our external file to the user,
' despite the fact that the file doesn't exist
' anywhere inside the web application
' Call Response.End() so that no more
' content goes through to the client.
' The file has been downloaded,
' but if this method is not called, the page
' will continue downloading any remaining
' html/ text content and mess up the resulting stream.
' This method call ensures that the downloaded
' file doesn't end up corrupted with unwanted data
' The validation function returned false.
' In other words, we don't want to allow this user access.
' Simply serve the user normal text/html
' informing them that they don't have access to the file
Response.Write("Sorry. You don't have access" & _
" to this file. Please return to the login page and try again.")
Open in new window
Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Please enter a first name
Please enter a last name
Must be at least 4 characters long.
Join and Comment
From novice to tech pro — start learning today.
Premium members can enroll in this course at no extra cost.
Premium members get this course for $349.00.
Premium members get this course for $37.50.
Premium members get this course for $24.99.
Premium members get this course for $151.20.
Premium members get this course for $31.25.
Premium members get this course for $108.00.
Premium members get this course for $174.99.
Premium members get this course for $18.75.
Premium members get this course for $159.20.