Your technology certification is waiting. Enroll in Cloud Class ®
' First, we need to declare our variables
' We'll need a filestream object to fetch the pdf file from its location
' outside the web-site.
Dim fs As FileStream
' As we're not serving standard html,
' we'll need to tell the browser what type of content we're serving
' This value will need to be added to our response header.
Dim strContentType As String
' This is the path to the folder where our file will be kept.
' Note, we DON'T use the
' Server.Mappath() method, as this would defeat the object.
' We want to keep the file outside the web application, so
' we can't use standard server object methods.
' In a real-world application you would store this value in a database
' or otherwise in web.config so that you can change it easily
' without having to recompile your code. I've hard-coded it here
' for readability. Note, you will have to ensure that the ASP.NET
' user account on your system has appropriate access rights to this folder
Dim strPath = "C:\My External\File Path\"
' We need to use this file name
' in the headers that we send to the browser. Obviously
' we don't want to show the user the full path
' to our file on the server,
' so I'm not including this in the path variable above.
' Even though they won't be able to access
' it without admin rights on your server, it will only confuse them.
' Users only need to see the file name,
' which they can then save on their own system once downloaded
Dim strFileName As String = "MyPdfDownload.pdf"
' Next we call our validation function to determine
' whether or not we are prepared to offer the user this file
' I'm not including that function in this article.
' You can create your own validation
' function based on your site's requirements
' You can even include code in this page to indicate
' whether a user has downloaded their file.
' Then save a cookie on their machine and make
' a note in your database. In any future attempts,
' you can check for the cookie to ensure that the user can ONLY download
' the file to the same machine. That way you can prevent
' them from giving their login details to others who could then
' download the file from their machines.
If UserIsValid() Then
' Great. The user is valid and we're happy to give
' them the file. Now we open our file using the file stream object
fs = File.Open(strPath & strFileName, FileMode.Open)
' Declare a byte array to hold our stream information.
' Note, we initialize the byte array to the file stream's size
Dim bytBytes(fs.Length) As Byte
' Write the stream to the byte array
fs.Read(bytBytes, 0, fs.Length)
' Close the file stream to release the resource
' This is important. If you don't close the resource,
' the next person trying to download your file
' may get an error saying the resource
' is still being used by another application.
' Next we need to add some header information.
' These headers will tell the browser what it needs to do
' with the content we're serving
' The first header ensures that the file name
' is correct on the client side. This is extremely important! If you
' don't add this header, the browser will make
' some sort of arbitrary decision as to what the file should be called.
' It will either offer no name and force the user to select a name
' (As we all know, this is like giving a two-year-old a loaded gun)
' or it will simply name the file after the web page
' it's calling (eg. MyFileServer.aspx). This will save without any problem
' but when the user tries to open the file, their system
' will tell them it doesn't know what to do with a *.aspx file
' and you're going to slowly go insane over the next
' six months with support calls, trying to explain to users how to
' change the file extension from *.aspx to *.pdf on their system
"attachment; filename=" & strFileName)
' Next, we need to tell the browser what type of content
' we're serving. If we don't add this header, the user's browser
' will assume it is standard html and try to render your
' bytes as text. The page won't crash,
' but the user is going to see an unholy
' mess on their web page, with bundles of little blocks
' and funny faces that are absolutely meaningless to them.
' I'm using a standard application/octet-stream content type.
' It's better to find out exactly what MIME type your particular
' file extension is defined under, as this should produce
' better browser behaviour.
' However, for our purposes, this will work just fine
' This header tells the browser that it is serving
' an application file as a byte stream.
' The browser will know immediately
' that it shouldn't serve this file as text and will open
' the File Download box instead,
' in which it offers the user the ability to save
' the file. It will also use the Content-disposition header
' (see above) to auto-populate
' the Save File dialog box with the file's name
Response.ContentType = "application/octet-stream"
' Now our headers are added, we can serve the content.
' To do this, we use the BinaryWrite() method of the server object
' This successfully streams our external file to the user,
' despite the fact that the file doesn't exist
' anywhere inside the web application
' Call Response.End() so that no more
' content goes through to the client.
' The file has been downloaded,
' but if this method is not called, the page
' will continue downloading any remaining
' html/ text content and mess up the resulting stream.
' This method call ensures that the downloaded
' file doesn't end up corrupted with unwanted data
' The validation function returned false.
' In other words, we don't want to allow this user access.
' Simply serve the user normal text/html
' informing them that they don't have access to the file
Response.Write("Sorry. You don't have access" & _
" to this file. Please return to the login page and try again.")
Open in new window
Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Please enter a first name
Please enter a last name
Must be at least 4 characters long.
Join and Comment
From novice to tech pro — start learning today.
Premium members can enroll in this course at no extra cost.