Httphandler redirection to document -- GetCompiledPageInstance

[Martin]

Hi,

I have a number of documents stored on my web server and these documents
should not be servered to anybody unless the user is both authenticated and
authorized.
This authentication and authorization comes from a custom database.
To stop users simply requesting the documents directly I have written a http
handler to intercept requests for *.doc.

This works well and all of my requests are intercepted by the handler.
however I can't figure out how to actually give the requested file to a user
if they do have permission to view the file.
what I would like to do is seemlessly pass on the request for the document
to the application and have it handled as if the HttpHandler had not
intercepted the request in the first place.

I have looked at the method "PageParser.GetCompiledPageInstance" and used
in like so in the page

PageParser.GetCompiledPageInstance("/mywebapp/Documents/martin.doc",Request.MapPath("Documents/martin.doc"),ctx);

however, I am having no luck and there seems not a lot of info about
"GetCompiledPageInstance"

I would appreciate some advice if anybody could offer some.

many thanks in advance.

cheers

martin.

 

[hashimisayed]

I don't think you need to go to the extent of using custom handlers for
this. Your problem is that you have to server-up certain file types
(e.g., .doc, .pdf, .txt, etc). The browser can already do this for you,
all you have to do is stream the file to the browser. You also need to
make sure that only authenticate users can view files, which you can
handle with forms authentication. What I would do in this case is
create a web form page called FileViewer.aspx and have that page serve
up all my pages. Clients would call the page with a filename (or
filepath) parameter that looks like:

http://www.mycomp.com/app/fileviewer.aspx?filename=mydoc.doc

In the page_load method, you need to make sure the user is authenticate
prior to serving up any documents. There are alot of resources out
there for doing forms authentication. Here are a few:

http://www.devhood.com/tutorials/tutorial_details.aspx?tutorial_id=85
http://www.15seconds.com/issue/020220.htm
http://msdn.microsoft.com/library/d...html/cpconTheCookieAuthenticationProvider.asp

After you know the person can view the file, you can server up the page
by:

FileInfo fi = new FileInfo(filepath);
response.ClearContent();
response.ClearHeaders();
// for pdf file, for example
response.ContentType="application/pdf";
response.AddHeader("Content-disposition","inline;filename="+fi.Name);
response.AddHeader("Content-Length",fi.Length.ToString());
response.WriteFile(fi.FullName);
response.Flush();
response.End();


sayed

 

[garethdjames]

You can't use GetCompiledPageInstance on a doc type, its reserved for
aspx files.

why not open a reader on the doc file and write it out to the http
response stream

 

[Martin]

Hi Guys,

while both of your suggestions are appreciated, I was not actually asking
about my security model,
I was actally aking how to intercept a request for a document - do some work
on it - and then send it to the browser.
I will give you an example of why I don't want to use a file viewer or
stream the file.

Assume I have a document on the server called "martinsDocument.doc"
I am using forms authntication and the document is protected with forms
authentication, so I must authenticate through forms authentication
(FIRSTLY) to be able to see the document.

However, even through I can authenticate to the application (using forms
authentication) I am NOT authorized to view the file.
However because I can authenticate to the application forms authentication
alone will NOT stop me viewing the file, I can still type the URL of
"martinsDocument.doc" into the browser (eg
http://www.mydomain.com/martinsDocument.doc) authenticate (using forms
authentication) and I will be able to view the file.

But I do not want this senario to happen, which is why I am using a http
handler.
perhaps the security model is not great but thats another story and I have
to make it work.

so I do need my http handler to be able to intercept requests for the .doc
type and assuming the person is authroised to view the file then I would
like to send the entire file back to the browser, in exactly the manner as
if the handler had never intercepted the request.

If you can help, then please let me know.

cheers

martin.

 

[joekey]

hey

Hey i am having the same problem as yours ,
actually i want to intercept opening documents in sharepoint , i did this with httphandler , but i cannot block opening the document.
Do u know how??
than you

Hi,

I have a number of documents stored on my web server and these documents
should not be servered to anybody unless the user is both authenticated and
authorized.
This authentication and authorization comes from a custom database.
To stop users simply requesting the documents directly I have written a http
handler to intercept requests for *.doc.

This works well and all of my requests are intercepted by the handler.
however I can't figure out how to actually give the requested file to a user
if they do have permission to view the file.
what I would like to do is seemlessly pass on the request for the document
to the application and have it handled as if the HttpHandler had not
intercepted the request in the first place.

I have looked at the method "PageParser.GetCompiledPageInstance" and used
in like so in the page

PageParser.GetCompiledPageInstance("/mywebapp/Documents/martin.doc",Request.MapPath("Documents/martin.doc"),ctx);

however, I am having no luck and there seems not a lot of info about
"GetCompiledPageInstance"

I would appreciate some advice if anybody could offer some.

many thanks in advance.

cheers

martin.