Can I make the download dialog box appear without "save" option? - asp.net

I have a hyperlink to an executable like so: Run Now
I'm trying to make the download dialog box appear without the save function as it is to only run only on the user's computer.
Is there any way to manipulate the file download dialog box?
FYI: Running on Windows Server '03' - IIS.
Please no suggestions for a WCF program.

Okay I found it for anyone stumbling upon this conundrum in the future.
Add the following tag to your head section: <meta name="DownloadOptions" content="nosave" /> and the file download dialog box will not display the "save" option.
For the user to not open/run but save replace "nosave" with "noopen"

Not unless you have some control over a user's machine. If your application can run on limited resources, you might want to consider doing it in Silverlight.

IMO, having a website launching an executable is a pretty bad idea.... even worst if that website is open to the general public (not on intranet). I don't know what that app is doing but it sure is NOT, 1) cross browser, 2) cross platform, and 3) safe for your users.
If you are on intranet, you might get away with giving the full server path (on a shared drive) to the executable and change security settings on your in-house machines.
Other than that, you won't succeed in a open environment such as the Internet.

From your comments, if the user downloading the file is the issue, then there's no way to get around it, as they have to download the file in order to be able to run it.
There's any number of ways to get around whatever you could manage in browser, from proxies like Fiddler intercepting the data, or lower level things like packet sniffing. Or even simply going into the browser's temp/cache folder and copying the file out once it's running.
You could probably get around most laymen by having a program that they can download that registers a file extension with Windows. Then the file downloaded from this site would have the URL of the actual data obfuscated somehow (crypto/encoding/ROT-13/etc). The app would then go and grab the file. The initial program could even have whatever functionality provided by what you want to download, but it needs the downloaded key.
But this is moving into the area of DRM and security by obscurity. If an attacker wants your file, and it's on the Internet, they will get the file.

Related

Looking for a way to track a True Download of a file, not just the fact that they clicked on a file link

As I understand it, when a link to a file is clicked in the browser, the file is silently downloaded to a temporary directory on the computer. Then the prompt is displayed which shows Open, Save, Cancel... Then if the user clicks Save, they are prompted to save it somewhere, and finally the file is basically transferred to that location when confirmed.
Assuming that is correct, I'm looking for a way to determine if the user actually downloaded the file. So basically determine if they clicked the Save button.
The bit of research that I've done leads me to believe this is not possible, because there is no standardized way of capturing that event, however I could be wrong. And the only possible solution I can come up with is to create an actual client application. Any thoughts on that?
Also, if there are any other off the wall ideas, I'm open to those as well.
And in case it makes a difference, I'm working within an ASP.NET environment.
How about turning this whole problem around and audit the file that actually being downloaded. You can turn on file/folder auditing and capture onlyt the success and failures of the IIS process. Then correlate the audit event with the pieces parts in the IIS log to get the particulars of who actually downloaded the file.
Just my $0.02 YMMV

Saving a file download directly in predefined folder without confirmation

I'm trying to download a file using a servlet. If I make use of Content Disposition response Header,an open/save dialog box would appear. Is there a way that I could save the file directly to a folder instead of selecting the destination from the dialog box. I would need this approach since. the file is being downloaded from a batch rather than a webapp.
If it were possible, any arbitrary website would theoretically be able to silently write malware to visitor's disk without any notification. Would you as being the visitor appreciate it?
I don't think so.
It's fortunately not possible to write anything to visitor's disk without confirmation by standard HTTP/HTML means. The world wide web would have looked very different.
If you have really a hard head in this, then your best bet is creating a signed(!) Java applet for the job of file downloading and saving. You see this also often on those "large" websites as so-called "Download Managers" which can easily annoy endusers. Again, do this only if you have really a hard head in this.

"Open a file" located in a network share from an html page?

I've an ASP.Net MVC website which manage some business logic for an entreprise.
For one task, I've to make them edit a file(photoshop file). They have a samba access to it.
How can I make them OPEN this file(and not download a copy and work on the copy)? I need them to edit this file and save their changes directly in the original. And I need that it opens the file with the program associated with this file.
It's for a small group of administrators, so it's not a big deal if I need to put the website that generate those pages in trusted website or something like this.
I tried to put a <a href="file://D:\test.txt"/>test</a> but it doesn't seems to work.
How to do this? Is there a special way to generate this in asp.net?
I'm open to all suggestion.
It has to work at least with safari/mac, windows and other browser are bonus
EDIT
I made it works on IE(Security settings + indicating a network path), but most users which will use this will be on safari/firefox :/ any idea?
EDIT: What about putting an url like: myProtocol://someParametersForMyFile and having an application on the client machine able to load myProtocl links? Something like magnet links
Does anybody knows how it is called? I found this: http://www.macosxautomation.com/applescript/linktrigger/index.html But I'm not sure it can't open a any file
Try <a href="file:///D:/test.txt"/>test</a> for a local file. For a share on a remote machine use <a href="file://MyServerName/MyShareName/test.txt"/>test</a>.
I ended doing an applescript, which is capable of handle custom URL, then the applescript read the parameter in the url and does the appropriate copy.
Source: http://applescript.tv/linktrigger/

Browse Files Server-side in ASP.NET

I'm creating an ASP.NET web application to schedule tasks on our server from a remote location using a .NET Wrapper for Scheduled Tasks. However, I'm stuck.
The user needs to be able to browse the file system on the server to retrieve a "file to run" for the new task that the user's creating in this application. I need to get the filepath/filename and pass it into the .NET wrapper.
I've tried using HTMLInputFile, but I haven't found a way to make that work for me.
Any help is appreciated.
Thanks
Update:
For this project, we've decided to simply list the executables in a dropdown box that would be available to users since they don't really need total access to the file system, just for security's sake.
HTMLInputFile is used to browse the client's file system and upload a file to the server. It isn't used to browse the server's file system.
You will need something quite different. You will need some server side code to display the server side folder structure to the user via the browser.
There is an example of a basic implementation of this here.
Update:
With that sample, the path that you replace "yourfolderHere" with needs to be a virtual path, rather than an absolute path. So for example "C:\Inetpub\wwwroot\uploads" won't work, but "uploads" will work.
I hope it goes without saying that there are serious security issues to think about when implementing something like this.
The HTMLInputFile will only work on the client-side machine.
You need to write a filesystem browser in ASPX/HTML that browses on the server-side.
Shouldn't be that hard to do.
You can't use the <input type="file" tag
This brings up a client-side dialog that browses the client machine.
As far as I am aware you need to create your own 'browser'.
eg You could use the My.Computer.Filesystem classes to retrieve a list of files in a folder and show those on the webpage. The user then selects the relevant file and posts a response back to the server.
You can use System.IO.Directory to get directories and files. These can be displayed in a number of ways. A simple browser / file selection should be possible in less than 50 lines of code.
Also be aware that you may need to grant extra permissions to the user that your web app runs as so the file system is accessible.
There are also various security implications around this, so don't grant access to everything unless you really need this.

How would you allow users to edit attachments in a web application?

We have created a web application, using ASP.NET, that allows users to upload documents and attach them to business entities, like customers, contacts and so on.
The application runs on the intranet and all files are uploaded through the web application into a shared folder on the server.
I would like, right from the web page, for the user to open the actual file, edit it and then save the changes back to the original location. This is a piece of cake in a Windows environment, I'm just wondering what, if any, is the best way to handle this in a web environment?
The files are usually Word documents, Excel documents and images.
Clarification
We would display all the attachments in a list format. We would like it so that the user would click on an edit link and the file would be opened in the appropriate application, for example, Microsoft Word or Microsoft Excel. I think the file associations in Windows would already handle this. We are just trying to save our user the time to download the original file, make their changes, delete the old file, and the upload the new file.
SharePoint does this by exposing FrontPage extensions which Word and Excel know how to deal with.
If you want to look at a commercial product for ASP.NET that allows you to edit images with AJAX (no need for installed software), I work for a company that has one (Atalasoft)
WebDAV is probably what you want. (Free)
If all your client computers are Windows, map a shared folder on the server to the same drive letter on every client and use the file:// format.
Let's say you share \ServerName\ShareName to H: on every client's computer, the you can make the link as file://h:\pat_to_the_file_under_your_share\fileName.doc
If not every one of the client's computers are in Windows, then you might try to make your links as follows (not sure if ot works):
file://\ServerName\ShareName\pat_to_the_file_under_your_share\fileName.doc
I'm trying to do something with using file:// instead of http:// but it's real sporadic based on the browser. Seems to work fine in IE, okay in Firefox, and goes nowhere in Chrome.
Looks like I may just be stuck with downloading, editing, and re-uploading the document.
It sounds like you want something similar t eRoom, where the browser works in conjunction with a component that intercepts a stream from http, stores it in a temp folder, then fires up Word or Excel and allows you to edit the stream.
You may have to create a component that will intervene and create a temporary local copy of the file.
This tool should do what you need.
http://www.dlitools.com/dlitools/dlitoolsHome.nsf/0FA6B8B31F831F468525736B0001C606/4BBD7E8684EA8DB78525754E006C63A3?OpenDocument

Resources