I have an application that displays password protected PDFs using iTextSharp.
pdfCopy.SetEncryption(true, "Secretinfo", "Secretinfo", 0);
If the user saves the PDF, the saved copy of the PDF is password protected. Which is great. The problem is it also prompts for password before displaying the PDF on the browser. Which isn't good.
So I'm thinking maybe it's possible to supply the password using javascript just to display it on the browser. It's bad practice but I don't see that I have any other choice. I'm no good at JavaScript. Maybe someone here can help me?
But hey if you have another idea of how to best approach my problem, please do tell!
Here's what I need to happen:
Display the PDF on the browser without it prompting for password. But I need the saved copy to be password protected. No edit, print or copy. Not even view. Unless the user supplies the password.
Related
I have a lotus notes web form in which computer-illiterate customers will use to attach Excel files and submit them to our company. I am using a Lotus Notes File Upload Control to allow them to do this, however, I need to default this File Upload Control to a certain directory location. I have already created a C# application the customers will be using, which places all of these excel files in a certain directory location, hence the reason I need to focus this File Upload Control. Unfortunately, some of the customers are computer challenged enough to not know how to navigate to these files on their own. Is this possible at all?
I'm assuming the users will be visiting a web page with the File Upload control, yes? If I'm misunderstanding please let me know and I'll delete this answer.
The simple answer is it isn't possible. The problem is that the browser can't know anything about the file structure of the clients that visit the site, so a "default path" property doesn't really make sense. It would likely only work in very specific environments (which is maybe true in your case, but not across the web in general)
I would investigate using the Notes API to have the C# program handle the upload without involving the browser client use of the file upload control. I don't know enough Java to be sure, but perhaps that might also be an option -- basically writing your own custom upload control that only asks the user for the filename.
You may also be seriously underestimating the ability of the users to follow directions. If your page identifies which directory the file will be found in, I expect most users will be able to follow the directions and upload from the correct directory.
So, I'm sure that accomplishing what you want to accomplish is possible in Notes, just not as simply as adding a default directory to the File Upload Control.
I need to create a web application that prints checks. Because of the nature of the program, it needs to be very secure, and each action needs to be logged. I need to be able to generate a check, print a check, allow reprints if needed, etc.
I've got the generation of the checks completed. I've decided to make a PDF (so that i don't get any browser header/footer garbage). What I'd like to do is not even save that PDF to a file but to instead send the data directly to a printer. Basically, I'd like for the user to enter the amount of the check, select which account it's going to be printed for, then click a button that sends the data for that check directly to the printer. I don't even want the user to be able to view the PDF of what's to be printed.
Has anyone done something similar to this in ASP.NET?
Thanks.
[EDIT]
The original question I asked was answered with ActiveX controls. I, however, decided to do it a different way. Instead of printing a PDF, I've decided to create an image of the background of the check. I will then use that image (.jpg), and manipulate it by placing the appropriate text (MICR line, amount, check date, etc.) on it using System.Drawing.Graphics and stored X,Y coordinates and font preferences in my DB. From there, I can use the System.Drawing.Printing namespace to send the new .jpg file to a network printer from the web server, eliminating the need for an activeX control and further tightening security because the new image of the finished check is never saved, and the user never has access to the overlay of the check.
Thanks for your help.
If you look at how postal services tackle this problem, you'll notice that a simple web application won't do. To have control over how and when items are sent to the printer, ActiveX compontents or Java software is used.
[Edit]
Small clarification: I ment that the software has to run on the client-side as opposed to your suggested server-side suggestion.
If you want to go the .NET route, you're down to an ActiveX in Managed C++ or a Click-Once application that is launched from the web (allows more of the .NET language, but can be decompiled and altered).
We have implemented this scenario in a couple of ways. First, we have the traditional PDF solution, where the server generates the PDF print image, returns it to the browser which is then displayed via the PDF plug-in and optionally printed.
Second, we wrote a client-side ActiveX component to handle the print. Pass the input values to a backend web service which uses FOP to format the print into PCL. The PCL is passed back to the ActiveX component who then sends the PCL directly to the users default printer. No PDF required here.
Either way works, but only the second option - which will require you to implement some client-side piece - meets all your requirements.
There isn't really a way to do this. You can only send a document to the user which the user can then send to the printer. There are ways to prompt the print dialogue to pop straight up, but the web would be pretty insecure if you were allowed to control how data was managed on the user's machine.
NKCSS is right that it would require software actually installed on the user's machine. You have done as much as you can by making it a PDF that the user is prompted to print.
If you had the cheque as html, you can used styles to show/hide content just for the printer as discussed in this post: here
There's no way to do this completely securely. Even if you force the PDF to print directly to the user's default printer, that itself could be a PostScript or PDF printer like PDFCreator. So they could still get a viewable PDF in the end.
I am trying to knock up a quick DOS based app in C# to assist me with some tedius tasks I have to perform on websites every so often. One of the pages I need to access requires you to be logged in to view the source. This shouldn't really be a problem, I have a valid username and password. I found this question here:
Login to website, via C#
which tells me how I can send a POST request to a specific URL and retrieve a cookie from the header for future use with any page that requires me to be logged in.
This would work nicely if it wasn't for the fact that the POST form on the login page is a little more complicated than just a "username" and "password" field. Looking at the form it has an "OnSubmit" call to a javascript function, which takes the username and password and encrypts them into some kind of hash (maybe md5 plus a little extra bits and bobs) then saves them in further hidden fields in the login form.
I was thinking it is probably possible to run the javascript function from C# somehow? If I could maybe retrieve the HTML file (with included JS) and then run that JS function from with C# and then retrieve the cookie from the POST request the JS effectively sends. A further complication may lie in the fact that I am not sure if the JS function is stored locally or is linked in via a tag.
The site sounds like it's doing something nice, e.g. hashing your password instead of sending it in clear text.
I'd say you have three basic options. You could simply use a WebBrowser control instead of using HttpWebRequest and let the site work the way it's supposed to. Your code can just fill the the form and click the submit button.
You could try to run the javascript in your application, though the tools seem either obsolete or iffy. Search SO for discussions about this in the past, e.g. this one.
If this is really worth it to you, you can duplicate the functionality of the javascript in C#, and do all the work yourself, just populating the final fields before posting. Converting algorithmic procedures like a hash function is probably not very difficult. Most likely it's a standard SHA algorithm which is already part of .NET anyway. You would potentially have problems in the future if things change on the site, of course.
Unless you really need a super-clean solution, I'd just use a WebBrowser control and let the site do its thing.
I'm currently developing an add-in aimed to edit office documents stored in a codendi forge.
First problem was the read only flag on my file. A simple ‘save as’ solved that problem.
This solution was ok until I removed codendi’s cookie then instead of my file I received an error page.
What I want to do is to be able to catch an event triggered by office before it starts downloading the file. Then I can prompt the user for authentication and recreate a cookie by myself without the need for the user to open internet explorer and sign in.
Is there a way to catch an event indicating that word, excel and powerpoint are about to start a download?
Thanks in advance
I'm not sure I really understand what you want to do.
I don't think any office application actually downloads the wanted file, it is downloaded by your browser in a temporary file and therefrom opened by it.
I think that if you want to edit the file from you client, the best way would be to use the soap interface, which is part of Codendi. Have a look to
[yourforgehostname]/soap
[yourforgehostname]/soap/codendi.wsdl.php?wsdl
If you want to see the wsdl in a more readable form consider using
http://tomi.vanek.sk/index.php?page=wsdl-viewer
One of the supported API is login
Hope it helps
How can I make a PDF non-printable programmatically using .net?
Short answer. You can't. You can try to set a DRM parameter to prevent printing, but that all depends on the client's software for rendering the PDF and if it respects DRM or no.
Also, assuming you are able to view a PDF there is nothing preventing the user from taking screen captures of the contents presented in the PDF.
Sure you can prevent printing! Of course you cannot prevent a screen capture, but you can definitely prevent a casual user from printing a PDF in the Adobe Reader. I know in our ActiveReports product when we export PDF you can specify various security options that determine whether the user viewing the PDF can print or not. The developer can specify an admin password that can be used to enable only some users to print, while preventing those without the password from printing.
You can read more about this in the PdfSecurity enumeration documentation of ActiveReports. A code sample is in the documentation here. Follow some links on that page to see more information.
If you want to load an existing PDF and modify usually people suggest iTextSharp. Although I have not used it, other people recommend it highly and I think it will work for this read+modify scenario. I managed to find an example of how you can use iTextSharp to enable/disable the "AllowPrint" and other permissions here.
Sounds like you're really looking for a group policy object in Active Directory that prevents users from printing, perhaps?
update
What prevents said users from emailing the PDF to themselves and printing at home, other than another GPO that prevents attachments with given extensions or over certain sizes?
You've got a number of options depending on the full requirement details but the easiest would indeed be to set password encryption on the document. As some of the folks above mentioned, you can set an owner password and user password to encrypt the document. The owner password basically allows admin level access and fully opens up the document to all operations. The user password opens up the document but access is limited to what you specified at the time of encryption, e.g., if you turn turn off printing rights, then someone who supplies the user password won't be able to print the PDF.
We offer a solution that supports .NET and can easily encrypt and also decrypt PDFs. Here's a link to the API docs if you're interested in giving it a look:
http://www.pdfonline.com/easypdf/epsdk_manual/index.htm?page=reference%2Fpdfprocessorsdk%2Fpdfprocessor%2Fm_encrypt.htm
The idea would be to call the Encrypt() function above and pass a PrintingPerm argument of PRC_SEC_PRINT_PERM_NONE. You can also set other access permissions like modification, copy/paste, etc., if you like.
Hope this helps.