Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SECURE FILES SUCH AS PDF, DOC, MOV ETC 2

Status
Not open for further replies.
stupiet

stupiet

Programmer
Aug 21, 2001
176
US
To anyone that can help,

I am very new at ASP. Somehow I managed to create a login page for restricted users to enter only.
After you enter you can enter al kinds of ASP pages.

If you were to load one of these ASP pages without logging in it would redirect you to the login page.

Now my problem is how can I do the same for files that are in PDF and other formats?

When I load the address for any pdf file on my server, I can access it without logging on. Ie, I want only those that have logged on to access them.

Not very secure huh? please let me know what I should do, and since I am new at this a sample code would be handy.

THANKS!

Stupiet
 
Sort by date Sort by votes
Hi ...
can't you put your files in DB and users download them from DB.
----
TNX.
E.T.
 
Upvote 0 Downvote
Wouldn't the files still have it's own address since you have to hyperlink to the file from within the database? I don't quite understand what you mean.

Plus, My databases are all independent to prevent them from getting too big and complicated. So the login database is independent from my files database.

Thanks for the help.
 
Upvote 0 Downvote
Hi again ...
I doesn't matter that where is your DB .
but if you place your files in DB, nobody can access the files except your application.
so if someone has not looged in, he/she doesn't have access to the file.
but, there is one problem which you DB will become big.
becouse you are storing your File physically in your DB.
----
TNX.
E.T.
 
Upvote 0 Downvote
Thank you very much for your help. I understand now what you mean.

But is this the easiest way to secure your documents? Isn't there a simple code or something you can put on your ASP page that tells the server not to open the file if the user has not logged on?

Stupiet
 
Upvote 0 Downvote
Another option would be to open the file from the ASP page. You can read the contents of a file and output it to the screen just like you would when forcing someone to download a common file. The only difference is that you wouldn't want to add the header to make the browser treat it as an attachment. I'll post the link to a thread where I gave example code recently:
thread333-413760

In this case, of course, your file extensions would be differant, and you would want to leave off the line that says:
Code: 
<%
Response.AddHeader &quot;content-disposition&quot;, &quot;attachment; filename=&quot;&strFilename
%>
otherwise it will force the client to download it. As long as they have the appropriate plugins (Adobe, Office, etc) than the document will open, but your ASP address will still be the one displayed in the address bar.

As a sidenote this will work very similarly to storing the document in the databse ang then writing it out to the page.

-Tarwn --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
For my next trick I will pull a hat out of a rabbit (if you think thats bad you should see how the pigeon feels...) :p
 
Upvote 0 Downvote
Hi Tarwn,

I tried using your code and I can see what you are trying to do. Unfortunately it is not working for me, but if it did it would be exactly what I need.

Maybe it was because I used pdf, or I noticed the &quot;Stream&quot; connection you used. Please let me know what I did wrong.

Here is the code I used for the download page:
__________________________________________________________

<%
Option Explicit

Dim strFilename, strExt
If Request.QueryString(&quot;filename&quot;) = &quot;&quot; Then
Response.Redirect &quot;login.asp&quot;
Else
strFilename = Request.QueryString(&quot;filename&quot;)
strExt = Request.QueryString(&quot;ext&quot;)
End If

Dim filetype
Select Case strExt
Case &quot;pdf&quot;
filetype=&quot;text/pdf&quot;
Case &quot;htm&quot;
filetype=&quot;text/html&quot;
Case &quot;html&quot;
filetype=&quot;text/html&quot;
Case &quot;text&quot;
filetype=&quot;text/plain&quot;
Case Else
End Select



Response.ContentType = filetype



Dim fileStream
Set fileStream = Server.CreateObject(&quot;ADODB.Stream&quot;)
fileStream.open
fileStream.Type = 1
fileStream.loadFromFile Server.MapPath(&quot;MSDScopies/&quot;&strFilename)

Response.BinaryWrite fileStream.read

fileStream.close

Set fileStream = Nothing
%>

______________________________________________________

Then I used this html code for the hyperlink:

<a href=&quot;download.asp?filename=test.pdf&ext=pdf&quot;>open</a>

 
Upvote 0 Downvote
Try changing the filetype for pdf to:
&quot;application/pdf&quot;
I just stole that from my IIS settings. That may be the problem, Are you getting an error to the screen or a bunch of gobbledygook?

-Tarwn --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
For my next trick I will pull a hat out of a rabbit (if you think thats bad you should see how the pigeon feels...) :p
 
Upvote 0 Downvote
OK, I tried that but am still getting the same error.

This is what the browser tells me:

Error Type:
ADODB.Stream (0x800A0BBA)
File could not be opened.
/mfg-intranet/safety/download.asp, line 35


I want to thank you for putting your time in helping me. As I said before I am new at this and your time and help is very much appreciated.

Stupiet
 
Upvote 0 Downvote
Hi ...
have you tried replacing Slash with Backslash ?
fileStream.loadFromFile Server.MapPath(&quot;MSDScopies\&quot;&strFilename)
----
TNX.
E.T.
 
Upvote 0 Downvote
Things to check:
1) Do a response.write followed by a response.end on the filename before you attempt to load it:
Code: 
Response.Write Server.MapPath(&quot;MSDScopies/&quot;&strFilename)
Response.End
Double check that the path is correct.

2) Check the security settings on the folder this file is in as well as on the file and make sure it is set fo reading by everyone

Let me know if those don't clear it up,
-Tarwn --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
This space has nothing in it, it's all ni your imagination
 
Upvote 0 Downvote
Hey Tarwn,

It worked all along! I forgot I had a subfolder under &quot;MSDScopies&quot;. Stupid me!

One problem though, it is still not redirecting me to the login page, when I view the file without being logged on.

Am I doing something wrong again?

Thanks again for dealing with me!

Stupiet
 
Upvote 0 Downvote
Handle this in your ASP script, first check the cookie or session variable or whatever your using to check if they are logged in, if they are then show them the file otherwise do a Response.Redirect back to the front page.

-Tarwn --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
This space has nothing in it, it's all ni your imagination
 
Upvote 0 Downvote
Sorry to keep bothering you, but please take a minute to look at my code. I opened the login database to verify the user, but somehow it prevents the download page from executing:

-----------------------------------------------------------

<!-- #Include file=&quot;../adovbs.inc&quot; -->

<%
dim db
set db = Server.CreateObject(&quot;ADODB.Connection&quot;)
db.Open &quot;LOGIN&quot;

if Session(&quot;bValidUser&quot;) = True and Session(&quot;UserID&quot;) = &quot;&quot; then
dim rsUserIDCheck
set rsUserIDCheck = Server.CreateObject(&quot;ADODB.Recordset&quot;)
dim strSQL
strSQL = &quot;SELECT UserID FROM Users WHERE UserName = '&quot; & Session(&quot;UserName&quot;) & &quot;';&quot;
rsUserIDCheck.Open strSQL, db
if rsUserIDCheck.EOF then
Session(&quot;bValidUser&quot;) = False
else
Session(&quot;UserID&quot;) = rsPersonIDCheck(&quot;UserID&quot;)
end if
rsUserIDCheck.Close
end if
%>

<%
If Session(&quot;UserID&quot;) = &quot;&quot; then
Response.Redirect &quot;../login.asp&quot;
End if
%>

<%
Option Explicit

Dim strFilename, strExt
If Request.QueryString(&quot;filename&quot;) = &quot;&quot; Then
Response.Redirect &quot;../login.asp&quot;
Else
strFilename = Request.QueryString(&quot;filename&quot;)
strExt = Request.QueryString(&quot;ext&quot;)
End If

Dim filetype
Select Case strExt
Case &quot;pdf&quot;
filetype=&quot;application/pdf&quot;
Case &quot;htm&quot;
filetype=&quot;text/html&quot;
Case &quot;html&quot;
filetype=&quot;text/html&quot;
Case &quot;text&quot;
filetype=&quot;text/plain&quot;
Case Else
End Select



Response.ContentType = filetype



Dim fileStream
Set fileStream = Server.CreateObject(&quot;ADODB.Stream&quot;)
fileStream.open
fileStream.Type = 1


fileStream.loadFromFile Server.MapPath(&quot;MSDScopies/&quot;&strFilename)

Response.BinaryWrite fileStream.read

fileStream.close

Set fileStream = Nothing
%>
----------------------------------------------------------

Here is the error that the browser displayed:

Error Type:
Microsoft VBScript compilation (0x800A0400)
Expected statement
/mfg-intranet/safety/download.asp, line 31



Please look it over for me. I really appreciate your help.

Stupiet
 
Upvote 0 Downvote
I am betting line 31 is:
Code: 
Option Explicit

Option explicit declarations only belong at the top of your code. Basically this is a declaration that you are going to Dim all of your variables. It is handy to have because if youmispell things as often as I do it will complain about the mispelled variable rather than treat it as a new one, causing crazy issues further down the road.

-Tarwn --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
 
Upvote 0 Downvote
IT WORKS!

I got rid of the option explicit and it did exaclt what I needed.

Thanks so much for dealing with all my questions. Hope I didn't bother you too much.

Until next time!

Stupiet
 
Upvote 0 Downvote
Anyone care to take pity on me. I'm very close to getting a PDF to display in browser. That's all I need to do. I can build the rest of my page up from there based on that feature. At the moment the display is coming up in a garbled format, so I'm guessing there's setting I've got to change.

Here's my code. I've tried to make a simple, stripped-down version of the code given earlier.

Cheers...

<%
Option Explicit %>

<%
Response.buffer = true
Dim filename

filename = &quot;CIST003.pdf&quot;


If filename = &quot;&quot; Then
Response.Write &quot;Error: No filename!&quot;
End If

Dim filetype

filetype=&quot;text/pdf&quot;

Response.ContentType = filetype

Dim fileStream
Set fileStream = Server.CreateObject(&quot;ADODB.Stream&quot;)
fileStream.open
fileStream.Type = 1

'Without these lines commented I've opened the page and then cut & pasted the resulting path
'in the browser address line - the PDF opened fine
'Response.Write Server.MapPath(filename)
'Response.End

fileStream.loadFromFile Server.MapPath(filename)

Response.BinaryWrite fileStream.read

fileStream.close

Set fileStream = Nothing
%>
 
Upvote 0 Downvote
Hi ...
Try changing the file type to : &quot;application/pdf&quot;
----
TNX.
E.T.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Swi
  • Locked
  • Question
PDF Interrogation
Replies
0
Views
246
Swi
Swi
penguinspeaks
  • Locked
  • Question
write HTML code within ASP line
Replies
1
Views
573
xwb
xwb
leifoet
  • Locked
  • Question
How to send HTML emails with ASP classic?
Replies
0
Views
584
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
Return to current location on page after asp processes.
Replies
2
Views
476
penguinspeaks
penguinspeaks
Krus1972
  • Locked
  • Question
msxml3.dll error '80072f7d' - An error occurred in the secure Channel support
Replies
7
Views
725
Krus1972
Krus1972

Part and Inventory Search

Sponsor

Back
Top