System.IO.Path Understanding [modified]

adnanrafiq

Hi, This provides usefull methods to get tempfiles, unuque name, and temp directory paths, i m wondering if i can show my files let say in folder "PDF", which is not publicaly viewable, in that temp file, which is unique for each user session. Problem: I have pdf files in PDF folder on which each asp.net user have different rights, some can view the same files and some can not, so i planned to make it restricted for all user, and will get rights from the dataabse, and finally i want to copy these file to uniquly created temp file, and want to redirect to that file, so user can see the file in browser. i hope you understand my question. many thanks adnan -- modified at 10:39 Sunday 26th August, 2007

Many Thanks, Adnan Rafiq muhammadadnanrafiq@gmail.com

Mark Churchill

Hi Adnan, You might find copying the files around will give poor performance, its probably not the best solution to your problem. It seems the root cause of your problem is that ASP.Net permissions don't apply to passive content like PDFs, am I correct? If so you might want to read up on how to stream a file using a handler (ashx). You could then have a URL like "http://mysite/viewPDF.ashx?somefile.pdf". If you want a normal looking URL to hide what you are doing you will have to read about URL remapping. Have a search on this site, theres lots of articles about those topics. Cheers,

Mark Churchill Director Dunn & Churchill

adnanrafiq

Thanks for reply. But now i am confused to go for a reliable solution regarding file security. Its right that asp.net location tag didnot work for like it did work for common aspx pages. I read articles which advocates different solutions, like implementing basic authentication with SSL, to secure the files, and use httpwebrequest type classes to get login on the server and give access to the logined user without prompting a login diaglue. Some advocate NTLM security, which is new even i heard first time. You told me to write handelers, i read a little about it, to map IIS extensions with asp.net extension to restrict file access in browser. But my real problem is i will be having thousands of files, and with hunderd of users having different writes on them, I am looking to having a reliable solution which should also be good in performance. Can you please put little more light regarding my context explained above. I will be very thankful to you. Many Thanks & Best Regards, adnan

Many Thanks, Adnan Rafiq muhammadadnanrafiq@gmail.com

Mark Churchill

Hi Adnan, A handler can be made that will serve out many different files. I'm not going to write one for you, but I can give you some code snippets to give you an idea. (I'm also typing straight into the reply window, so they might be a little wrong). Firstly you would need some way of identifying what file the user wants, and mapping that to a real file. Lets just assume they are all pdf files in one directory, and the user will ask for them by filename in the querystring (http://yoursite/getFile.ashx?SomeFileName). So in our handler we can get the file the user wants with the Request.QueryString. Then we can check whether the user has permission to access the file (how you do this is up to you). Then we can send the file to the client. We want to set the context.Response.ContentType = "text/pdf" (or whatever is appropriate). We need to find the physical filename of the file, say string filename= "c:\\somedirectory\\" + filename + ".pdf". Then we can use context.Response.WriteFile(filename) to send the file to the client. Note that you probably want to check the user's input more carefully than I have. ;)

Mark Churchill Director Dunn & Churchill

adnanrafiq

Thanks Mark, handler works greate for me. regards adnan

Many Thanks, Adnan Rafiq muhammadadnanrafiq@gmail.com