Serving PDF Files from ASP

Results 1 to 3 of 3

Thread: Serving PDF Files from ASP

  1. #1
    1GuyFromAndromeda Guest

    Default Serving PDF Files from ASP

    Hi All!!<BR><BR>Sorry if this is to dumb to ask here but i&#039m running out of ideas!<BR><BR>I have a problem and that is that my company decided to make customers invoices available throught the extranet. this is all fine and good except that i have to program the thing.<BR><BR>The situation is as follows :<BR><BR>- Invoices are generated with a program that leaves a bunch of pdf files in a directory ( INV/00001.PDF; INV/00002.PDF; Etc. )<BR><BR>- There is a table in oracle that has ( ACCT, PASS )<BR>- There is a table in oracle that has ( ACCT, FILE, DATE )<BR>- There is a Form with ACCT, PASS<BR><BR>The form submits to an asp that looks up acct in table 1 and compares PASS in form with PASS in Table. If it is ok then Look up in Table 2 all records that match ACCT.<BR><BR>The resulting html file is something like this :<BR><BR>&#060;% do until RS_2.eof %&#062;<BR>&#060;a href="/INV/&#060;%=RS_2("FILE")%&#062;"&#062;&#060;%=RS_2("DA TE")%&#062;&#060;/a&#062;<BR>&#060;% RS_2.movenext<BR> loop %&#062;<BR><BR>Now what is to stop someone to looking at the url and start typing in the address bar something like :<BR><BR>http://svrname/inv/0099.pdf<BR><BR>and seeing someone else invoice?<BR><BR>How can i make this proyect viable and secure?<BR><BR>If you can send also the reply via e-mail to :<BR><BR>Luis Rojas<BR><BR><BR>Thanks in advance<BR><BR>

  2. #2
    Join Date
    Dec 1969

    Default RE: Serving PDF Files from ASP

    Hello Luis.<BR><BR>I *think* you can use a similar method that is used to protect images from being hacked.<BR><BR>See:<BR><BR><BR>What you will need to do is the following:<BR>You have your loop that prints out the PDF file names. Rather than linking directly to the PDF files, you will need to link to an ASP file, passing in the PDF filename, the username and password, like so:<BR><BR>&#060;A HREF="/scripts/showPDF.asp?FileName=&#060;%=RS_2("FILE")%&#062;&U serName=&#060;%=username%&#062;&Pass=&#060;%=pass% &#062;"&#062;&#060;%=RS_2("DATE")%&#062;&#060;/A&#062;<BR><BR>What you&#039ll want to do is bury the PDF files in some complicated directory structure so no one will get to them on their own.<BR><BR>Then, in showPDF.asp you will need to do read in the username password and see if this is a valid user/pass for the file they are wanting to see. If this is the correct user/pass for the PDF, you&#039ll want to redirect them to the PDF file. I *think* through this mechanism they won&#039t be able to see the full URL of the PDF, although I could be wrong, I don&#039t work with PDF much.<BR><BR>If this method doesn&#039t work, another one you can try is in showPDF.asp, you can set the Response.ContentType to the correct content type for PDF files. Then you can use FSO to open the PDF file as a binary file, and response.write the contents to a bufferred stream.<BR><BR>Good luck and happy programming! :)

  3. #3
    Join Date
    Dec 1969

    Default RE: Serving PDF Files from ASP

    Good article BTW but I&#039;m getting an error.<BR><BR>I get this error below and Though I scoured the net I don&#039;t know why<BR><BR>Error Type:<BR>(0x80020009)<BR>Exception occurred.<BR><BR>code I&#039;m using below<BR><BR>&#060;%<BR>Response.Buffer = True<BR><BR>response.Expires = 0<BR>response.ExpiresAbsolute = Now() - 1<BR>response.addHeader "pragma","no-cache"<BR>response.addHeader "cache-control","private"<BR>Response.CacheControl = "no-cache" <BR><BR>&#039;Read in the filename<BR> Dim strFileName<BR> strFileName = "filename"<BR><BR> &#039;The file name is really a complex directory and the filename, though<BR> &#039;We need to append the directory name to the front of the filename!<BR> Const strDirectory= "C:INetPubwwwroot4GuysFromRolla\"<BR><BR>&#039 ;I won&#039;t show my directory for obvious reasons but I&#039;m assuming &#039;I just replace 4GuysFromRolla with my folder<BR><BR>strFileName2=strDirectory & strFileName<BR><BR>Response.ContentType = "application/octet-stream"<BR><BR>Dim oFM, oBS<BR> Set oFM = CreateObject("SoftArtisans.FileManager")<BR> Set oBS = oFM.OpenBinaryFile(strFileName)<BR> <BR> Response.BinaryWrite oBS.ReadAll<BR> <BR> Set oBS = Nothing<BR> Set oFM = Nothing<BR><BR><BR>%&#062;<BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts