To read the article online, visit http://www.4GuysFromRolla.com/webtech/081199-1.2.shtml

Protecting Everything, Part 2


Time to create our code for showFile.asp. Remember, our first step is to verify that the user has proper permissions to view the PDF file passed in:

<% Option Explicit %>
<% 'We want this page NOT to be cached... Response.ExpiresAbsolute = Now() - 1 'Read in the Username and Password Dim strUserName, strPassword strUserName = Request("UserName") strPassword = Request("Password") 'Read in the filename Dim strFileName strFileName = Request("File") 'The file name is really a complex directory and the filename, though 'We need to append the directory name to the front of the filename! Const strDirectory = "C:\INetPub\wwwroot\4\Guys\From\Rolla\" strFileName = strDirectory & strFileName 'I'm going to leave out the database specifics here 'Basically you would want to perform a query to determine 'if strPassword was valid for strUserName, then you'd want 'to make sure strUserName has rights to see strFileName 'A little pseudo-code here... If TheUserDoesNOTHavePermission Then Response.Redirect "/BadPermission.asp" Else '. . .

Now, what comes after the Else? Well, we've accomplished the first step, we've verified that the user can view this file. Now we need to do two things: set the content type, and dump the contents of the file.

Content Type dialog box Before I continue, let me take a step back and explain what Content Type is. When a web server sends data to the client (a browser), it tells the browser what kind of data it is sending. This type is known as Content Type. The browser takes this information and decides how to handle the incoming data. If the content type is image/gif, it runs the data through its GIF displayer. If the content type is text/html, it runs the data through its HTML parser. To view all of the content types your computer knows about, click on My Computer, then click on the View menu and go to Options. You'll be shown a dialog box. Click on the File Types tab. Now, click on a file type, and you'll see it's Content Type (MIME). The content type for PDF files is application/pdf.

Note that this value is passed in through the querystring to showFile.asp. It is wise to do it this way because we can now setup showFile.asp to show ANY type of file. If you've got text files you want to protect, we can do that; let's say you want to protect images, or wav files, or html pages, or ANYTHING! WE CAN PROTECT IT!! :)

All we have to do is set the Response.ContentType to the appropriate content type.

'Continued from above... Response.ContentType = Request("ContentType")

Pretty easy, eh? Since we're going to be dumping binary files to the user, we want to turn buffering on, so that the user doesn't receive the data stream until the ASP page is finished executing. We can do this by setting Response.Buffer to true, like so:

'Continued from above... Response.Buffer = True

We've only got one more task to perform, and that's to open the file, and dump its contents to the stream. To do this, we need to use a component, and I'm afraid the FileSystemObject just won't cut it, since it's not designed to handle binary files. We will use Software Artisans SA-FileManager V1.1. This is a free component, so go grab it. Once you have it installed, it is really easy to use. All we need to do is the following:

Dim oFM, oBS Set oFM = CreateObject("SoftArtisans.FileManager") Set oBS = oFM.OpenBinaryFile(strFileName) Response.BinaryWrite oBS.ReadAll Set oBS = Nothing Set oFM = Nothing End If

And that concludes showFile.asp! Pretty straight forward, and a powerful way to protect any type of file. To learn more about protecting files, be sure to check out Protecting your Images. It protects images by only allowing folks from a certain domain to view the image. Worth a read...

Response.ExpiresAbsolute Not Working in IE?
From alert reader Cynthia C.:
"I found that the response.expires AND the Response.ExpiresAbsolute properties are ignored by IE 5...but work beautifully under Netscape 4.

You may wish to edit your article to include the following page-protecting code, which I found was the only thing to truly force NO CACHING to work under IE:

response.Expires = 0
response.ExpiresAbsolute = Now() - 1
response.addHeader "pragma","no-cache"
response.addHeader "cache-control","private"
Response.CacheControl = "no-cache"

Works like a dream!!!

Well, I hope this has enlightened you... Happy Programming!


Article Information
Article Title: Protecting Everything, Part 2
Article Author: Scott Mitchell
Published Date: Wednesday, August 11, 1999
Article URL: http://www.4GuysFromRolla.com/webtech/081199-1.2.shtml


Copyright 2017 QuinStreet Inc. All Rights Reserved.
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers