Opening documents from asp.net fodler sturcture

Discussion in 'ASP .Net Security' started by TimmyG, Aug 18, 2003.

  1. TimmyG

    TimmyG Guest

    Hello all,

    We have an asp.net app protected with integrated security. Part of
    this application carries out document prodcution and management via a
    mixture of asp.net code and activex client controls.

    The problem occurs when trying to open documents / templates (ms word)
    from the folder structures under the asp.net app root.

    It is imporatnt that we open these documents in word itself and not
    through a browser window (as we automate from the client).

    When trying to open a doc / template we are presented with a netwrok
    log on box. I can only presume that this is happening because word is
    making the request to the web app to open the doc (we open directly
    from server). This would be becasue the dir structure is protected by
    the web config and iis settings. This is really not acceptale. We are
    using client impersonation and this obviously (and unsurprisingly)
    doesnt apply to requests made by word.

    Can anyone offer any solution to this problem i.e. impersonating from
    activex / word or maybe using a different web config for the doc
    subfolder?

    Obliged and out,
    TimmyG.
     
    TimmyG, Aug 18, 2003
    #1
    1. Advertising

  2. Hi Timmy,

    I don't think it is a good idea to use client impersonation, since it
    requires extra security settings on the client side. Could you provide more
    explanations on what you are trying to archive?

    Does it work if the control saves the document to hard drive, and then use
    Word to open it?

    Best regards,
    Lewis

    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    | From: (TimmyG)
    | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    | Subject: Opening documents from asp.net fodler sturcture
    | Date: 18 Aug 2003 05:12:51 -0700
    | Organization: http://groups.google.com/
    | Lines: 26
    | Message-ID: <>
    | NNTP-Posting-Host: 81.5.185.60
    | Content-Type: text/plain; charset=ISO-8859-1
    | Content-Transfer-Encoding: 8bit
    | X-Trace: posting.google.com 1061208772 8614 127.0.0.1 (18 Aug 2003
    12:12:52 GMT)
    | X-Complaints-To:
    | NNTP-Posting-Date: 18 Aug 2003 12:12:52 GMT
    | Path:
    cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!news-out.cwix.com!newsfeed.cwix.co
    m!nntp1.roc.gblx.net!nntp.gblx.net!nntp.gblx.net!priapus.visi.com!news-out.v
    isi.com!petbe.visi.com!news-out1.nntp.be!propagator2-sterling!news-in-sterli
    ng.newsfeed.com!tdsnet-transit!newspeer.tds.net!sn-xit-02!sn-xit-04!sn-xit-0
    1!sn-xit-09!supernews.com!postnews1.google.com!not-for-mail
    | Xref: cpmsftngxa06.phx.gbl
    microsoft.public.dotnet.framework.aspnet.security:6303
    | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    |
    | Hello all,
    |
    | We have an asp.net app protected with integrated security. Part of
    | this application carries out document prodcution and management via a
    | mixture of asp.net code and activex client controls.
    |
    | The problem occurs when trying to open documents / templates (ms word)
    | from the folder structures under the asp.net app root.
    |
    | It is imporatnt that we open these documents in word itself and not
    | through a browser window (as we automate from the client).
    |
    | When trying to open a doc / template we are presented with a netwrok
    | log on box. I can only presume that this is happening because word is
    | making the request to the web app to open the doc (we open directly
    | from server). This would be becasue the dir structure is protected by
    | the web config and iis settings. This is really not acceptale. We are
    | using client impersonation and this obviously (and unsurprisingly)
    | doesnt apply to requests made by word.
    |
    | Can anyone offer any solution to this problem i.e. impersonating from
    | activex / word or maybe using a different web config for the doc
    | subfolder?
    |
    | Obliged and out,
    | TimmyG.
    |
     
    Lewis Wang [MSFT], Aug 19, 2003
    #2
    1. Advertising

  3. Hi Tim,

    Based on my experience, Word doesn't provide interfaces for performing
    impersonation or authentication. Since the client side merge is handled an
    ActiveX control, the workaround would be downloading the ".dot" file to the
    client side before performing the merging.

    Since this issue mainly concerns IE client side authentication, it may be
    better answered in IE programming related newsgroup, such as
    <microsoft.public.windows.inetexplorer.ie55.programming>

    Hope this helps.

    Best regards,
    Lewis

    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    | From: (TimmyG)
    | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    | Subject: Re: Opening documents from asp.net fodler sturcture
    | Date: 19 Aug 2003 07:43:11 -0700
    | Organization: http://groups.google.com/
    | Lines: 125
    | Message-ID: <>
    | References: <>
    <>
    | NNTP-Posting-Host: 81.5.185.60
    | Content-Type: text/plain; charset=ISO-8859-1
    | Content-Transfer-Encoding: 8bit
    | X-Trace: posting.google.com 1061304191 10909 127.0.0.1 (19 Aug 2003
    14:43:11 GMT)
    | X-Complaints-To:
    | NNTP-Posting-Date: 19 Aug 2003 14:43:11 GMT
    | Path:
    cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onlin
    e.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!sn-xit-03!sn-xit-06!sn-
    xit-08!sn-xit-09!supernews.com!postnews1.google.com!not-for-mail
    | Xref: cpmsftngxa06.phx.gbl
    microsoft.public.dotnet.framework.aspnet.security:6321
    | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    |
    | Hi Lewis,
    |
    | I am aware of the security settings required for client impersonation
    | and they are of no concern to us (whereas maximum security is).
    |
    | The process is pretty much a web enabled document production system
    | based around word templates stored on the server that are merged on
    | the client and uploaded for saving.
    |
    | The client side merge is handled via an active x control.
    |
    | The process needs to be as seamless as possible hence i am opening the
    | templates directly from the sevrer and then saving locally (to avoid a
    | download dialog).
    |
    | The templates are stored in a sub folder under the web app route.
    |
    | The problem occurs when the active x control attempts to open the
    | template.
    |
    | Code as follows:
    |
    | //Open word on client
    | Set myWord = CreateObject("Word.Application")
    |
    | //Open template from server location
    | myWord.Documents.Open("http://myserver/approot/templates/template.dot",
    | blah)
    |
    | The line above causes a network log in dialog to be displayed (if
    | filled in corretly everything runs fine).
    |
    | As far as i can gather this is beacuse IIS / asp.net cannot
    | authenticate the request from word as being from the same client that
    | IE is impersonating. This is of course not greatly surprising.
    |
    | I was wondering about the possibilites of hosting word in IE but am
    | unsure of whether i can carryout the required processing via active x
    | if word is hosted in this way (but that's for another group).
    |
    | Equally interesting is that a log in dialog is displayed when opening
    | the template; this suggests that word (or active x or whatever) is
    | able to authenticate itself against the server and hints that this
    | maybe possible via code, but how?
    |
    | I cannot see that forms auth would operate any differently in this
    | circumstance because surely a request from word would be equally
    | 'unauthenticated' and the app would try and redirect to the forms
    | login page. Surely one cannot only open templates in this way with
    | completely anonymous security on IIS / aspnet?
    |
    | The more i write the more i think this may be the wrong group as the
    | intricasies are pretty clear. Nevertheless any help would be greatly
    | appreciated.
    |
    | Obliged and out,
    | TimmyG.
    |
    | (Lewis Wang [MSFT]) wrote in message
    news:<>...
    | > Hi Timmy,
    | >
    | > I don't think it is a good idea to use client impersonation, since it
    | > requires extra security settings on the client side. Could you provide
    more
    | > explanations on what you are trying to archive?
    | >
    | > Does it work if the control saves the document to hard drive, and then
    use
    | > Word to open it?
    | >
    | > Best regards,
    | > Lewis
    | >
    | > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    | >
    | > --------------------
    | > | From: (TimmyG)
    | > | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    | > | Subject: Opening documents from asp.net fodler sturcture
    | > | Date: 18 Aug 2003 05:12:51 -0700
    | > | Organization: http://groups.google.com/
    | > | Lines: 26
    | > | Message-ID: <>
    | > | NNTP-Posting-Host: 81.5.185.60
    | > | Content-Type: text/plain; charset=ISO-8859-1
    | > | Content-Transfer-Encoding: 8bit
    | > | X-Trace: posting.google.com 1061208772 8614 127.0.0.1 (18 Aug 2003
    | > 12:12:52 GMT)
    | > | X-Complaints-To:
    | > | NNTP-Posting-Date: 18 Aug 2003 12:12:52 GMT
    | > | Path:
    | >
    cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!news-out.cwix.com!newsfeed.cwix.co
    | >
    m!nntp1.roc.gblx.net!nntp.gblx.net!nntp.gblx.net!priapus.visi.com!news-out.v
    | >
    isi.com!petbe.visi.com!news-out1.nntp.be!propagator2-sterling!news-in-sterli
    | >
    ng.newsfeed.com!tdsnet-transit!newspeer.tds.net!sn-xit-02!sn-xit-04!sn-xit-0
    | > 1!sn-xit-09!supernews.com!postnews1.google.com!not-for-mail
    | > | Xref: cpmsftngxa06.phx.gbl
    | > microsoft.public.dotnet.framework.aspnet.security:6303
    | > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    | > |
    | > | Hello all,
    | > |
    | > | We have an asp.net app protected with integrated security. Part of
    | > | this application carries out document prodcution and management via a
    | > | mixture of asp.net code and activex client controls.
    | > |
    | > | The problem occurs when trying to open documents / templates (ms word)
    | > | from the folder structures under the asp.net app root.
    | > |
    | > | It is imporatnt that we open these documents in word itself and not
    | > | through a browser window (as we automate from the client).
    | > |
    | > | When trying to open a doc / template we are presented with a netwrok
    | > | log on box. I can only presume that this is happening because word is
    | > | making the request to the web app to open the doc (we open directly
    | > | from server). This would be becasue the dir structure is protected by
    | > | the web config and iis settings. This is really not acceptale. We are
    | > | using client impersonation and this obviously (and unsurprisingly)
    | > | doesnt apply to requests made by word.
    | > |
    | > | Can anyone offer any solution to this problem i.e. impersonating from
    | > | activex / word or maybe using a different web config for the doc
    | > | subfolder?
    | > |
    | > | Obliged and out,
    | > | TimmyG.
    | > |
    |
     
    Lewis Wang [MSFT], Aug 21, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?TWFyaw==?=

    opening and saving word documents in asp.net

    =?Utf-8?B?TWFyaw==?=, Aug 20, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    578
    =?Utf-8?B?TWFyaw==?=
    Aug 20, 2004
  2. =?Utf-8?B?cmljaGk=?=
    Replies:
    3
    Views:
    3,473
    =?Utf-8?B?cmljaGk=?=
    Nov 18, 2004
  3. =?Utf-8?B?S2FubmFuLlYgW01DU0QubmV0XQ==?=

    Printing PDF documents without actually opening them.....

    =?Utf-8?B?S2FubmFuLlYgW01DU0QubmV0XQ==?=, Apr 26, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    837
    Kevin Spencer
    Apr 26, 2005
  4. dew

    Opening Word Documents

    dew, Feb 7, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    502
  5. Replies:
    1
    Views:
    482
    Juan T. Llibre
    Oct 18, 2006
Loading...

Share This Page