I am running a website written in ASP.net and any Excel file you download gets downloaded in Protected View. This causes an extra few clicks for the user to be able to edit it.
How can I alter this so the files always are downloaded in Unprotected View?
It is possible IF you have control over the computers who can download from your website. Than you can add your website to the trusted websites and everything will work fine.
How to do it, you have to google - our Admins had to google a lot to find it out, and I do not know the details :/
Check out the following links:
Disable Protected View in Office 2010,
https://amsterdam.jira.com/wiki/display/MAN/How+to+disable+protected+view+in+Excel+2010
Disable Protected View in Office 2007 and 2010 by using Trust
Settings,
http://helpmerick.com/solution-to-microsoft-outlook-2007-or-2010-not-opening-word-or-excel-attachments.htm
How to edit your Excel settings.
http://office.microsoft.com/en-us/excel-help/what-is-protected-view-HA010355931.aspx
What is Protected View?
"Files from the Internet and from other potentially unsafe locations can contain viruses, worms, or other kinds of malware, which can harm your computer. To help protect your computer, files from these potentially unsafe locations are opened in Protected View. By using Protected View, you can read a file and inspect its contents while reducing the risks that can occur."
Why is my file opening in Protected View?
Protected View is a read-only mode in which most editing functions have been disabled. There are several reasons why a file opens in Protected View:
The file was opened from an Internet location - When you see the message in Protected View that states This file originated from an Internet location and might be unsafe. Click for more details., this is because the file is being opened from the Internet. Files from the Internet can have viruses and other harmful content embedded in them. We recommend that you edit only the document, if you trust its contents.
The file was received as an Outlook 2010 attachment and your computer policy has defined the sender as unsafe - When you encounter the message in Protected View that states This file originated as an e-mail attachment and might be unsafe. Click for more details., this is because the file was received from a potentially unsafe sender.
The file was opened from an unsafe location - When you encounter the message in Protected View that states This file was opened from a potentially unsafe location. Click for more details. the file was opened from a folder that is unsafe. An example of an unsafe location is your Temporary Internet Files folder.
The file is blocked by File Block
File validation failure - When you encounter a message in Protected View that states Office has detected a problem with this file. Editing it may harm your computer. Click for more details. It has occurred because the file did not pass file validation.
NOTE - You can learn more about file validation failures in Problem detected with a file.
The file was opened in Protected View by using the Open in Protected View option. When you encounter the message in Protected View that states This file was opened in Protected View. Click for more details., this is because you chose to open the file in Protected View. This can be done by using the Open in Protected View option: Click the File tab. In the Microsoft Office Backstage view, click Open. On the Open dialog box, click the arrow on the Open button. From the list, select Open in Protected View. The following image is an example of Protected View appearing when Open in Protected View is selected.
IMPORTANT System administrators can extend the list of potentially unsafe locations to include additional folders also considered unsafe."
Related
I am using RadAsyncUpload control from Telerik to upload a file on the server. It is working well locally (on localhost) but not in the server. What did I miss?
(When I select a file to upload the dot becomes red instead of green)
I had the same behavior and it was a folder permissions issue.
Another symptom in this case, Chrome DevTools console was showing the following error when I attempt to upload a file:
HTTP Error code is 500
There is a temp folder where RadAsyncUpload saves files temporarily. If you don't define the TemporaryFolder property on the RadAsyncUpload control, the default will be in your App_Data\RadUploadTemp folder. If IIS_USERS don't have write permissions to this folder, the upload can't save a file here. It will work on your localhost because you have write permissions to that folder. Here's how to give the permissions necessary.
Right click on the App_Data\RadUploadTemp folder on server and
select proprties
Select Security tab
Click "Edit..." button
Under "Group or user names:", select IIS_USERS
Under "Permissions for IIS_USERS", check Write in the Allow
column.
Note: This was IIS 7 on Windows 2008 R2 Server.
The dot could become red either when the allowed file extension validation failed or when the file size exceeds the allowed one.
You can attach to the OnClientValidationFailed and OnClientFileUploadFailed events and check what the exact error is and fix it.
The Troubleshooting article offers additional information about the different errors and how to solve them.
I need to hide the direct link of the files in my site and show download delay of 30 seconds for unRegistered users, Like mediafire and rapidshare do. Is there any way to hide or obfuscate the link of the files doc, pdf,ppt, images and Videos (Most Important), on server (asp).
For start, you place all that files on a protected directory (like the App_Data) and then you use a handler to send them to the registered users.
Inside the handler you can make your checks, if the user is register, if he comes from your site, if the link have time out etc.
For how to make this handler, here is some tutorials, but you can find more if you search.
Simple File Download Protection with ASP.NET
ASP.NET File Download on MSDN
Also you may interesting for this questions/answers:
What is the best way to download file from server
Error handling when downloading file from ASP.NET Web Handler (.ashx)
Hi all I am using Webform Protected Downloads module for Drupal 6. I am facing the problem that when i go to "protected download" tab it gives me the message "You need to attach files to this node before you can configure protected downloads." Where can I attach a file to configure the "Webform Protected Downloads" module?
Go to the default drupal edit page of the given node and upload at least one attachment. Check the private checkbox for every attachment that you want to protect. Then go back to the configuration page for protected downloads. The warning should be gone now.
I am developing a elearning site and we have developed our courses in Flash. I want to know how we can prevent our courses from getting download from our site.Technology used for developing website is ASP.NET with C#.
Assuming you are developing an e-learning site with a user login system, you can only give access to the courses to authenticated users that have rights to specific courses. If there is an unauthenticated / public request for a course file (swf, html, etc...) then refuse to serve that file to the client.
I'm sure there are other ways to accomplish this, but one way is to handle those file requests in your Global.asax, the general idea would involve using "Begin_Request", something like:
void Begin_Request(object sender, EventArgs e)
{
if (Request.FilePath.Contains("yourprotectedpathname"))
{
if (check session if user is not logged in or does not have access)
{
Server.Transfer("404.aspx");
return;
}
}
}
}
You would want to store what users have rights to what courses in a database of course, and take advantage of Sessions
As the others have mentioned, anything the client can see can be downloaded. This method would simply limit the clients that have access to download your courses.
As others have mentioned users need to be able to download the content in order to view it. If your Flash files are standalone a user could pull the SWF files from their cache and run them locally or event post the files to another server to access them online.
If the content in the Flash files is read from a database via C# script that would make it much more difficult for users to replicate the structure.
I don't really recommend this method but you could hard-code the SWF files to only load from your domain, for example (AS3):
var myURL:String = "http://www.mydomain.com/";
//Check to see if the SWF is being loaded from mydomain
if (loaderInfo.url.slice(0, myURL.length) != myURL) {
//If it isn't being loaded from mydomain, remove all displayobjects from stage
while (numChildren > 0) {
removeChildAt(0);
}
}
This ActionScript would remove all items from the stage and just show a blank page if anyone tried to load the SWF locally or from another domain. I don't recommend this since you are hard-coding the domain into your Flash files. If you move the files to another domain the code would have to be updated. You would also need to account for variations in the URL (e.g. https, mydomain.com, www.mydomain.com etc.)
Where can I setup custom errors for directories in my application such as App_Code, App_Browsers, etc.? I already have customErrors configured in the web.config and that works as expected. For example,
http://www.mysite.com/bla.aspx > redirects to 404 page
but
http://www.mysite.com/App_Code/ > displays "The system cannot find the file specified."
There's no physical App_Code directory for my site. Is this something that I can change in IIS?
You are trying to server content from an Protected Folder... ??
I think you might need to allow access to these folders to get the nice errors you are looking for...
http://www.webdavsystem.com/server/documentation/hosting_iis_asp_net/protected_folders
That being said... there is a reason these folders are protected.
I would never put anything i needed IIS to serve in protected folders.
But there are always reasons to do do something? i have broke a few rules in my short lifespan :)
UPDATE:
Found this when i tried this locally: http://support.microsoft.com/kb/942047/
Looks like those reserved directories throw special 404's you might be able to get IIS to Target the 404.8 type... with out opening up serving to those directories
I believe you will need to set the error pages in IIS itself, as the requests you talk about never reach the ASP.NET application. The reason your first example works is because IIS recognises the .ASPX extension and forwards it to ASP.NET.
One way is to provide a redirect in the global.asax file:
void Application_Error(object sender, EventArgs e)
{
//uncomment this to narrow down 'helpful' microsoft messages
//HttpRequest request = ((HttpApplication)sender).Context.Request;
Exception ex = Server.GetLastError();
//ErrorManager is a custom error handling module
ErrorManager.ProcessError(ex);
Response.Redirect("~/error.aspx?error=" + HttpUtility.UrlEncode(ex.Message), true);
}
{ On a side note, I was getting an exception that I just couldn't track down - it just said 'file not found' but didn't say which file was missing. It turned out to be a broken image reference in a css file - breaking on line two of the code above helped identify the missing file }
Add a Wildcard Mapping to IIS to run ALL Requests through ASP.net, then you can use Global.asax to handle the error.
Taken from here:
Follow these steps to create a wildcard script map with IIS 6.0:
Right-click a website and select Properties
Select the Home Directory tab
Click the Configuration button
Select the Mappings tab
Click the Insert button (see Figure 4)
Paste the path to the aspnet_isapi.dll into the Executable field (you can copy this path from the script map for .aspx files)
Uncheck the checkbox labeled Verify that file exists
Click the OK button