I have a report that I currently allow the user to choose an output option (HTML or PDF) when they are supplying the report parameters (date range, filters, etc.).
I want to change the report such that it always does HTML and puts a link on the rendered HTML page so the user can grab the PDF if they want it.
How do I modify my IIS6/IIS7 configuration, user permissions, etc. to allow my site to write the PDF to the filesystem? Any C# code would be appreciated.
I plan on creating PDFs with random filenames and adding a process to cleanup old PDFs so I don't have a disk space issue. This is a lightly used web application so I'm not worried about having lots of old PDF files hanging around.
In IIS 6 Manager, go to Application Pools and get the properties of the Application Pool your web site is running under (if you're not sure, it's on the web site Properties dialog > Home Directory tab). Go to the identity tab and see what user account that app pool is running under.
Then go to the target folder you want to write the PDF to, right-click and go to Properties > Security > Add and add "write" for the account listed for the app pool.
n IIS 6 Manager, go to Application Pools and get the properties of the Application Pool your web site is running under (if you're not sure, it's on the web site Properties dialog > Home Directory tab). Go to the identity tab and see what user account that app pool is running under.
Then go to the target folder you want to write the PDF to, right-click and go to Properties > Security > Add and add "write" for the account listed for the app pool.
All you should need to do is be sure that the user ID that the web site is running under (or the user that's logged in if your site runs that way) has write permission to the directory you are creating the PDFs in.
You should take a look at the System.Security.Permissions namespace and the FileIOPermission class in .NET so that you can make sure your file permissions are set properly when trying to write your files.
I use it in much the same way that you need it (writing PDF files to the server before serving them back up to the user).
Related
I recently hosted a MVC application on machine and in solution I have a folder UploadedDocuments which i wants to secure. Actually when i browse URL like www.xyz.com/UploadedDocument it lists all the file even i didn't login to website
Note: Using Microsoft Interop for PDF conversion of docs in this directory.
wants to restrict the users who can browse folder but if a url with file name in folder and a user on website that is loggedin can access only with specified url
like www.xyz.com/UploadedDocument/abc.docx(except www.xyz.com/UploadedDocument)
thanks in advance!
In IIS, ensure that directory browsing is disabled.
On the file system, remove read access for any "normal" user accounts or groups, and have only the app pool account that IIS is running under with modify access to the folder (ie the "iis apppool\[MyApplication]" account).
You say you're using Microsoft interop for conversion. Is the conversion happening within the MVC application, or do you have another application / service performing the conversion? If the latter, also ensure that whatever account is running the other application / service has access to modify the folder.
I would like to know if it is possible to open a directory from intranet MVC application ? I have been searching about it but i don't found anything.
I tried to open from javascript using window.open('url') but i get unauthorized access.
Thanks,
Tiago MourĂ£o
IMPOSSIBLE !!!
web browsers does not have allow web pages to access to disk drives.
web pages only can read/write cookies.
FileUpload control allow access to the files, only with user action(scripts no allowed).
I found a way to do resolve this problem. If you create a background process using Process.Start('location'), the application opens directory folder.
Tips:
Process.Start() generally used in windows application and if used in
web applications, a process will start on server(not on user agent
that run current page).
you get unauthorized access error, because of IUser has limited
access ...
1) Web Applications can read/write any file and folders on server side with assigning permission.
2) WebApplication with Some sideway can access to file & folders in web pages (client side) !!!
with JavaScripts:
Write a browser add-on with requested functionality, then install on
user agent(browser).
now with call method/function in add-on, you can do the operations
that does not allowed with JavaScript & etc.
with VBScript(Obsoleted) that run/supported only in MsIE:
can using FileSystemObject to full access files and folders.
can using CreateObject to create instance of each object in OS and
working with it.
Finally my answer is IMPOSSIBLE.
I am trying very hard to find a way to allow exchage of information between an application running locally (made in C#) and an web application residing in an open tab of any web browser.
That is the typical user case:
User login to the .NET MVC web application using their username and password. Once logged in they are assigned a guid and they are redirected to www.myapp.com/view/[guid] . Once there they are prompted to download and run the local application (or if it's already downloaded, to run it).
Once they run the application, it should detect the [guid] and start posting information to the server www.myapp.com/postInfo/[guid].
Originally I thought about using ClickOnce and passing parameters to the clickonce launcher (?guid=[guid]). But clickonce is only supported in IE - chrome and firefox require a plugin which is a showstopper for me -
Then, I throught about using flash in the webapp to paste the guid in the clipboard, and have the local app constantly check the clipboard, but I don't think this is an elegenat solution, as it will erase the current contents of the clipboard.
Any thoughts on how this can be implemented?
Can you not package a file with the downloadable with the guid in that?
When the app starts; read the guid from that file.
or even better edit the app.config for that application prior to making available for download...
Another route would be altering the .exe prior to making available for download... Modify Emdeded String in C# compiled exe
To begin with, I developed a web application which reads an XML file from specific location and displays the contents on editable web page of the application,which is executed perfectly when the XML file is on the same machine/computer. When I try to read the same file on different computer on the network I cannot read the contents onto my web page.
My Observation:
When I access that file from run window in the computer by entering \xxx.xxx.xx.xx\c$ it gives me the window to connect to the machine asking for credentials and I guess the session is open. So I close the window and when I access the xml file from the web application it's able to read the content.
Is there a way to bypass this authentication mechanism which is part of windows when I use my web app to read the XML file or is there a way to accommodate the extra step to configure the authentication in my application?
I would be glad if someone can guide me to the solution.
Check the user your web application is running under and if this user is also permitted to access this location.
If you are using IIS to host the page you have to check the "AppPool" user and also the users which are used at the "Web Site" and "Application"
Just change IIS application pool user to "enough rights" user (right click current app pool - advanced settings - identity) or specify impersonation in the same name section in web.config.
Could it be possible to change your logic,
By storing file from different network to local machine where your code is running, through uploading file and process it.
I have a WebForm application that generates a Crystal Report and streams it to the browser as a PDF.
My users would like the app (well, the Browser I suppose!) to always prompt them where to save the file (a network path) and then store that path (probalby in the SQL table that stores their profile info) and always use that path as the default on subsequent attempts.
I am pretty sure I know how to force the browser (IE) to always prompt them where to save the PDF or open it, and I can name the file (attachment), but how can I automatically populate that dialog box that appears (when thy choose to save the file) with a path? Is there some other way I can accomplish this (use a different mime type or something?)?
I suppose instead of streaming the file back, I can just prompt them for where they want to save and (with elevated permissions on the App Pool Identity) save it out to that path from the server. Since this is an Intranet application, the App Pool does already have some elevated permissions, because it must check certain network paths to see if files exist (it is also a Change/Revision app for CAD Math Data files).
How would you handle it?
You absolutely can not force the web browser to choose any particular location by default to save files, without third-party plugins (most of which I hope would also similarly prevent this sort of thing, which could be used for Evil)
So, if the server has access over the Intranet, that's how you'll have to do it.