Script in .ASP to create new page on server - asp-classic

I want to make an ASP script that can create a new page on the webserver and tell it what content that will be in the new .asp file.
How can i do that? :)

What you want to do is not to create a new page for each request. Instead you want to pre-create an ASP page that dynamically ouputs the a file based on the input of the user.
In your example of uploading a file to display. What you probably want to do is store the uploaded file somewhere and then create another ASP page that reads in the uploaded file and displays it using Response.binarywrite or response.write. Don't create a new ASP page for each uploaded file.
So for the sake of example, you would create an ASP script called "DisplayUploadedFile.asp" the code inside it would read in the file (wherever you are storing it on the server (for example in a DB) and then write it back out. The users would hit the same page regardless of which uploaded file they wanted to see with a parameter telling the script which to display. For example DisplayUploadedFile.asp?fileID=12
CAUTION: It is extremely dangerous security-wise to let users upload content that is displayed to other users. Don't do this unless you understand at a very high level what steps are necessary to make this functionality secure. Based on your question, I think it might be prudent to get a more senior programmer to review your solution before you publish it.

Related

How to display show message to user after Response.close?

In my asp.net web application i have to convert resx file to excelfile and then i should provide an option to download the converted file. I have done the download function using response.Addheader method. Now i wanted to display statics to the user of how many keys are converted from resx file to excel file.
I have placed an label to display no of keys migrated but the code is not exceuted after response.end. Pls help me to get this done
Thanks
Rm
Short answer is that you cannot send some output once the response has closed.
Now to achieve what you want to do, you have to emit statistics along with link to download the actual excel file. For example,
Convert the file and store results into file system. You should use some random key (such as guid) for generating the file name.
Output statistics that you want to show to the user.
In the same output, emit a start-up java-script that would redirect the browser to the url that will download the file generated in step1 - the file name key will useful for creating such URL.
In rare cases where JS doesn't work or re-direct takes more time, The output from #2 should also contain a link that will allow user to download the file manually (the link will be accompanied with some friendly message)

Flash uploader and ASP.net MVC

I have a flash upload component I want to use to upload multiple files. I'm using it in a MVC app and what I want to happen is that the user picks the files they want to upload, it uploads them and then displays a page showing all the files they have uploaded so they can add a description and select where to save them, and then save the files.
At the moment when files are uploaded the flash component calls a controller to process the files, this bit works fine, I can get the uploaded files and do what I like with them. The problem is is that I cannot just redirect to a View once the controllers done its work, because its the flash component calling the controller, not the page and so nothing happens when you try and do that.
I had attempted to save the files in the session and then forward the user on completion of the upload using some code in the flash actionscript, this however does not work, the session always turns up null. I had also considered actually saving the files to a temp location and then on the displaying page just listing all files in the temp location, but this is then going to involve saving the files twice, once to the temp directory and then to the actual place the user wants to put them, which I assume will be slow.
Any thoughts on the best way to do this?
Is your site using cookie based authentication? If so then the flash uploader needs to include the authentication cookie when uploading otherwise the upload will be seen as coming from a new user - this would explain your null values in the session state. If you are unable to get flash to post the cookie then you'll have to identify the user within the upload URL.
You should keep session state to a minimum or even better not use is at all so storing large amounts of data such as images in it is a bad idea.
With our applications we save all uploaded files to the database and then give them a unique Guid that is then used to retrieved/display them later. Within the database images could be associated with a user and in your case be marked as just uploaded so that when you redirect the user to the additional information page you know which images to display.
but this is then going to involve
saving the files twice, once to the
temp directory and then to the actual
place the user wants to put them
In relation to where the files are saved on the server you should not be allowing the user to determine where the files are saved.

Deleting Application Temp File from ASP.Net

I have a WebPage where I am giving the option to to Export the Form data to PDF. I am creating the PDF at run time and store the PDF in a "PDF" folder which is under my application directory. After creating the PDF with the SessionID name I Call following function to show the PDF file in the new browser window:
ResponseHelper.Redirect(Response, "~/PDF/" + Session.SessionID + ".pdf", "_Blank", "");
This PDF contains the private information related to the logged in user. Therefore, I want a way to delete this PDF file once it is shown in the browser to the user. This is because the IIS server allows whole development team to view this folder which is a security risk, and we can't disallow user to view this folder on the server.
Therefore, if I could delete this file as soon as it is loaded in the browser could be a solution of this security risk.
Can anyone suggest some better ways of deleting this file as soon as possbile from the application?
Thanks,
Praveen
what i guess is you are creating PDF file on runtime using Itext and then you save that PDF file in temp directory to show it to user... why don't you use
Response.WriteFile(PDFFILE);
this will write the whole file on the stream without saving it in temp folder.
One way is to write an ashx handler which streams the pdf to the browser, then deletes it when done.
Another, and much better way, is to simply build the PDF in memory (NOT using session) and stream it as soon as it's ready.
UPDATE
I'm doing this with a slightly modified version of iTextSharp. Basically, iTextSharp performed all of it's operations in memory, then saved the file to disk. I changed this to return the memory stream. All the code is already there, it was really just a line or two that had to change.
Then, I used a response.binarywrite to push the stream directly to the browser. viola! no files on disk.
An ashx handler is just like an aspx page, only it has one entry point and doesn't do all of the page processing garbage. It's light weight and communicates back to the browser by response.write calls.

ASP.NET FileUpload control not working inside Wizard control

I have a Wizard control with one of the pages containing a FileUpload control. I want to access the file stream at the point of the final page of the wizard but this doesn't seem to work.
As far as I can see, you can only access the file stream for the posted file on the postback which occurs immediately after the control has been used. As the file will ultimately be put into a DB record I could save it at this point, but I'd rather avoid this if possible.
Does anyone know of a workaround for this problem?
I've not used this control myself but as it's based around the HTML standard INPUT control I think you are stuck with having to receive the file on the post-back that processes that control.
The difficulty in circumventing this would be around how to pull the file from the client system when you are effectively sandboxed from the local filesystem, hence the need for the upload control.
I would suggest that you store the file into your DB blob (or as a temp file on the filesystem, probably need a unique filename; I find a GUID works nicely) and then use the Session object to retain that reference to the end of the process. The only other alternative I can think of that doesn't involve major work would be to move the file upload to the last page of your wizard.
You could have the displaying of your individual wizard stages managed client-side using CSS/jQuery rather than keep POSTing back to the server? That way, your only POST (resulting in the upload) will be at the end of the Wizard.

ASP.NET File uploading-dynamic file names

I have a web page where i have an ASP.NET file upload control to upload files from client machine to Server.Now i want to do the uploading n number of times.Ex : I want to upload 100 files from my local pc to server.The 100 file names i can read from an excel file in my program.But is there any way to assign this file to the file upload control ?
No, as a security feature, FilUpload controls do not allow you to set what to download (imagine if you sign on to a website, and it is set to upload a passwords file or something).
Now there is probably another control, or a way to code around this, buut the FileUpload control will not allow it.
I would recommend using the jQuery Multifile Uploader which would take care of a UI (if you need one). And the actual uploads with Free ASP Uploads which takes care of the actual file transfer. Though it sounds like you are tkaing care of the programs programatically, so you can skip the multifule and just work with free asp upload.
You'll have to make your own Flash object or something to accomplish this, the basic HTML/ASP.Net controls won't let you do what you're looking for.
This will require creating some kind of an active or installable control. In order to get around the security hole of doing this, you're ultimately going to have to be able to execute code on the machine to select and upload the file.
And at that point, you're platform specific, so...
I would strongly suggest that instead of trying to have a web site automatically upload files for you, that you make a WinForms utility to accomplish this task and upload the files wherever you need, communicate with the web site over web services, etc.
This is a security restriction, you cant script the file selection of an upload box as it would allow hackers to write scripts to steal files off your computer.
You could use this silverlight upload utility which is my list of "things to use when I get the chance".
It has a nice UI and supports uploading many files at once. I originally tracked it down doing some research for a photography website that we were quoting for but that project fell through.
Anyway the project can be found here:
http://www.michielpost.nl/Silverlight/MultiFileUploader/
It also has full source code included so even if the control's developers abandon it you still have the choice to edit it yourself.

Resources