Replacing page content w/ a dynamically created pdf at https

[Ryan Taylor]

Hi.

I have some code that dynamically generates a PDF and spits this content
directly to the web browser. I use HTMLDoc to create the Pdf's from html. So
the user can click on a button "Print PDF" and the current page magically
becomes a PDF file. This worked great until we moved the site to https. Now,
when the button is clicked, I get a warning that

This page contains both secure and nonsecure items.
Do you want to display the nonsecure items?

If I choose Yes, the PDF is displayed. No, and it isn't, as expected from
the dialog. However, The PDF is created within the context of the
application, and written to a Pdfs directory within the application path. I
do not want the users to receive this message

What might I be doing wrong?

Here is my code.

// When the user clicks the button, we are redirected to the page that
contains the PDF creation functions
// Pass the URL we are from so we not which page to create a PDF from
private void btnPrint_Click(object sender, System.EventArgs e)
{
string Url = "Response/ViewResponse.aspx&" +
Request.QueryString.ToString();
Response.Redirect("~/Pdfs/Pdf.aspx?CallingURL=" + Url);
}

// Call the creation and display functions
private void Page_Load(object sender, System.EventArgs e)
{
string callingURL = Request.Params["CallingURL"];
if(callingURL != null && callingURL != "")
{
string filename = PDFGenerator.CreatePDF(callingURL);
PDFGenerator.DisplayPDF(filename);
}
}

public class PDFGenerator
{
// Thanks to
// http://www.codeproject.com/aspnet/HTML2PDF.asp
// For the excellent example on how to use HTMLDOC in an ASP.NET
environment

public static string CreatePDF(string URL)
{
// file and path variables
string tempFile = "";
string filename = "";
string filepath = "";

try
{
// Create the temporary file names we need
tempFile = Path.GetTempFileName();
filename = Path.GetFileNameWithoutExtension(tempFile);
filepath = HttpContext.Current.Server.MapPath("~/Pdfs") + "\\";

// delete the file in the temp directory
File.Delete(tempFile);

// Execute the current page and get the output in a string
StringWriter pageResponse = new StringWriter();

// NOTE: It appears that Server.Execute executes the page but in the
context
// of the page that Server.Execute was called in. As such, any parameters
needed
// on called page, need to exist in the calling page.
HttpContext.Current.Server.Execute("~/" + URL, pageResponse);

// Create the html file for conversion
StreamWriter fileIO = File.CreateText(filepath + filename + ".html");
fileIO.WriteLine(pageResponse.ToString());
fileIO.Close();

// Execute hghtmldoc.exe to convert our html to PDF
System.Diagnostics.Process process = new System.Diagnostics.Process();
process.StartInfo.FileName =
ConfigurationSettings.AppSettings["HtmlDocInstallPath"];
process.StartInfo.Arguments = "--webpage --quiet --browserwidth
800 --right 1in --left 1in --size Letter -f " + filename + ".pdf " +
filename + ".html";
process.StartInfo.WorkingDirectory = filepath;
process.Start();
process.WaitForExit();
}
catch (Exception E)
{
string err = E.Message;
}
finally
{
// delete the html file
File.Delete(filepath + filename + ".html");
}

// return the pdf file
return (filepath + filename + ".pdf");
}

public static void DisplayPDF(string PDF)
{
// If the file exists
if(File.Exists(PDF))
{
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ContentType = "Application/pdf";
try
{
HttpContext.Current.Response.WriteFile(PDF);
HttpContext.Current.Response.Flush();
HttpContext.Current.Response.Close();
}
catch
{
HttpContext.Current.Response.ClearContent();
}
finally
{
File.Delete(PDF);
}
}
else
{
// Could not find file
}
}
}

 

[Ken Cox [Microsoft MVP]]

Hi Ryan,

Are there any empty href tags, images outside of the https directory, or
absolute URLs in the picture?

Hi.

I have some code that dynamically generates a PDF and spits this content
directly to the web browser. I use HTMLDoc to create the Pdf's from html.
So
the user can click on a button "Print PDF" and the current page magically
becomes a PDF file. This worked great until we moved the site to https.
Now,
when the button is clicked, I get a warning that

This page contains both secure and nonsecure items.
Do you want to display the nonsecure items?

If I choose Yes, the PDF is displayed. No, and it isn't, as expected from
the dialog. However, The PDF is created within the context of the
application, and written to a Pdfs directory within the application path.
I
do not want the users to receive this message

What might I be doing wrong?

Here is my code.

// When the user clicks the button, we are redirected to the page that
contains the PDF creation functions
// Pass the URL we are from so we not which page to create a PDF from
private void btnPrint_Click(object sender, System.EventArgs e)
{
string Url = "Response/ViewResponse.aspx&" +
Request.QueryString.ToString();
Response.Redirect("~/Pdfs/Pdf.aspx?CallingURL=" + Url);
}

// Call the creation and display functions
private void Page_Load(object sender, System.EventArgs e)
{
string callingURL = Request.Params["CallingURL"];
if(callingURL != null && callingURL != "")
{
string filename = PDFGenerator.CreatePDF(callingURL);
PDFGenerator.DisplayPDF(filename);
}
}

public class PDFGenerator
{
// Thanks to
// http://www.codeproject.com/aspnet/HTML2PDF.asp
// For the excellent example on how to use HTMLDOC in an ASP.NET
environment

public static string CreatePDF(string URL)
{
// file and path variables
string tempFile = "";
string filename = "";
string filepath = "";

try
{
// Create the temporary file names we need
tempFile = Path.GetTempFileName();
filename = Path.GetFileNameWithoutExtension(tempFile);
filepath = HttpContext.Current.Server.MapPath("~/Pdfs") + "\\";

// delete the file in the temp directory
File.Delete(tempFile);

// Execute the current page and get the output in a string
StringWriter pageResponse = new StringWriter();

// NOTE: It appears that Server.Execute executes the page but in the
context
// of the page that Server.Execute was called in. As such, any
parameters
needed
// on called page, need to exist in the calling page.
HttpContext.Current.Server.Execute("~/" + URL, pageResponse);

// Create the html file for conversion
StreamWriter fileIO = File.CreateText(filepath + filename + ".html");
fileIO.WriteLine(pageResponse.ToString());
fileIO.Close();

// Execute hghtmldoc.exe to convert our html to PDF
System.Diagnostics.Process process = new System.Diagnostics.Process();
process.StartInfo.FileName =
ConfigurationSettings.AppSettings["HtmlDocInstallPath"];
process.StartInfo.Arguments = "--webpage --quiet --browserwidth
800 --right 1in --left 1in --size Letter -f " + filename + ".pdf " +
filename + ".html";
process.StartInfo.WorkingDirectory = filepath;
process.Start();
process.WaitForExit();
}
catch (Exception E)
{
string err = E.Message;
}
finally
{
// delete the html file
File.Delete(filepath + filename + ".html");
}

// return the pdf file
return (filepath + filename + ".pdf");
}

public static void DisplayPDF(string PDF)
{
// If the file exists
if(File.Exists(PDF))
{
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ContentType = "Application/pdf";
try
{
HttpContext.Current.Response.WriteFile(PDF);
HttpContext.Current.Response.Flush();
HttpContext.Current.Response.Close();
}
catch
{
HttpContext.Current.Response.ClearContent();
}
finally
{
File.Delete(PDF);
}
}
else
{
// Could not find file
}
}
}

 

[Ryan Taylor]

Hi Ken.

No, there are no images outside of the https directory. Even the PDF is
created within the https directory at runtime. Also, there are no absolute
URLs in the PDF. I think it has something to do with the way I am replacing
the page contents with the PDF. But I can not figure out what.

Hi Ryan,

Are there any empty href tags, images outside of the https directory, or
absolute URLs in the picture?

Hi.

I have some code that dynamically generates a PDF and spits this content
directly to the web browser. I use HTMLDoc to create the Pdf's from html.
So
the user can click on a button "Print PDF" and the current page magically
becomes a PDF file. This worked great until we moved the site to https.
Now,
when the button is clicked, I get a warning that

This page contains both secure and nonsecure items.
Do you want to display the nonsecure items?

If I choose Yes, the PDF is displayed. No, and it isn't, as expected from
the dialog. However, The PDF is created within the context of the
application, and written to a Pdfs directory within the application path.
I
do not want the users to receive this message

What might I be doing wrong?

Here is my code.

// When the user clicks the button, we are redirected to the page that
contains the PDF creation functions
// Pass the URL we are from so we not which page to create a PDF from
private void btnPrint_Click(object sender, System.EventArgs e)
{
string Url = "Response/ViewResponse.aspx&" +
Request.QueryString.ToString();
Response.Redirect("~/Pdfs/Pdf.aspx?CallingURL=" + Url);
}

// Call the creation and display functions
private void Page_Load(object sender, System.EventArgs e)
{
string callingURL = Request.Params["CallingURL"];
if(callingURL != null && callingURL != "")
{
string filename = PDFGenerator.CreatePDF(callingURL);
PDFGenerator.DisplayPDF(filename);
}
}

public class PDFGenerator
{
// Thanks to
// http://www.codeproject.com/aspnet/HTML2PDF.asp
// For the excellent example on how to use HTMLDOC in an ASP.NET
environment

public static string CreatePDF(string URL)
{
// file and path variables
string tempFile = "";
string filename = "";
string filepath = "";

try
{
// Create the temporary file names we need
tempFile = Path.GetTempFileName();
filename = Path.GetFileNameWithoutExtension(tempFile);
filepath = HttpContext.Current.Server.MapPath("~/Pdfs") + "\\";

// delete the file in the temp directory
File.Delete(tempFile);

// Execute the current page and get the output in a string
StringWriter pageResponse = new StringWriter();

// NOTE: It appears that Server.Execute executes the page but in the
context
// of the page that Server.Execute was called in. As such, any
parameters
needed
// on called page, need to exist in the calling page.
HttpContext.Current.Server.Execute("~/" + URL, pageResponse);

// Create the html file for conversion
StreamWriter fileIO = File.CreateText(filepath + filename + ".html");
fileIO.WriteLine(pageResponse.ToString());
fileIO.Close();

// Execute hghtmldoc.exe to convert our html to PDF
System.Diagnostics.Process process = new System.Diagnostics.Process();
process.StartInfo.FileName =
ConfigurationSettings.AppSettings["HtmlDocInstallPath"];
process.StartInfo.Arguments = "--webpage --quiet --browserwidth
800 --right 1in --left 1in --size Letter -f " + filename + ".pdf " +
filename + ".html";
process.StartInfo.WorkingDirectory = filepath;
process.Start();
process.WaitForExit();
}
catch (Exception E)
{
string err = E.Message;
}
finally
{
// delete the html file
File.Delete(filepath + filename + ".html");
}

// return the pdf file
return (filepath + filename + ".pdf");
}

public static void DisplayPDF(string PDF)
{
// If the file exists
if(File.Exists(PDF))
{
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ContentType = "Application/pdf";
try
{
HttpContext.Current.Response.WriteFile(PDF);
HttpContext.Current.Response.Flush();
HttpContext.Current.Response.Close();
}
catch
{
HttpContext.Current.Response.ClearContent();
}
finally
{
File.Delete(PDF);
}
}
else
{
// Could not find file
}
}
}

 

[Ryan Taylor]

Update.

So I replaced the display code to display just a .txt file with some garbage
message in it. The application still creates a PDF, but when it goes to
display it, the .txt file is displayed instead. So, it appears that
something about the PDF itself is causing the security warning. Another
"clue" is that I can navigate to the URL where the PDF is created,
https://mywebsite/pdfs/tmp342.pdf and it displays without the security
warning. I tried using Response.BinaryWrite() but I had the same problem.

Hi Ken.

No, there are no images outside of the https directory. Even the PDF is
created within the https directory at runtime. Also, there are no absolute
URLs in the PDF. I think it has something to do with the way I am replacing
the page contents with the PDF. But I can not figure out what.

Hi Ryan,

Are there any empty href tags, images outside of the https directory, or
absolute URLs in the picture?

Hi.

I have some code that dynamically generates a PDF and spits this content
directly to the web browser. I use HTMLDoc to create the Pdf's from html.
So
the user can click on a button "Print PDF" and the current page magically
becomes a PDF file. This worked great until we moved the site to https.
Now,
when the button is clicked, I get a warning that

This page contains both secure and nonsecure items.
Do you want to display the nonsecure items?

If I choose Yes, the PDF is displayed. No, and it isn't, as expected from
the dialog. However, The PDF is created within the context of the
application, and written to a Pdfs directory within the application path.
I
do not want the users to receive this message

What might I be doing wrong?

Here is my code.

// When the user clicks the button, we are redirected to the page that
contains the PDF creation functions
// Pass the URL we are from so we not which page to create a PDF from
private void btnPrint_Click(object sender, System.EventArgs e)
{
string Url = "Response/ViewResponse.aspx&" +
Request.QueryString.ToString();
Response.Redirect("~/Pdfs/Pdf.aspx?CallingURL=" + Url);
}

// Call the creation and display functions
private void Page_Load(object sender, System.EventArgs e)
{
string callingURL = Request.Params["CallingURL"];
if(callingURL != null && callingURL != "")
{
string filename = PDFGenerator.CreatePDF(callingURL);
PDFGenerator.DisplayPDF(filename);
}
}

public class PDFGenerator
{
// Thanks to
// http://www.codeproject.com/aspnet/HTML2PDF.asp
// For the excellent example on how to use HTMLDOC in an ASP.NET
environment

public static string CreatePDF(string URL)
{
// file and path variables
string tempFile = "";
string filename = "";
string filepath = "";

try
{
// Create the temporary file names we need
tempFile = Path.GetTempFileName();
filename = Path.GetFileNameWithoutExtension(tempFile);
filepath = HttpContext.Current.Server.MapPath("~/Pdfs") + "\\";

// delete the file in the temp directory
File.Delete(tempFile);

// Execute the current page and get the output in a string
StringWriter pageResponse = new StringWriter();

// NOTE: It appears that Server.Execute executes the page but in the
context
// of the page that Server.Execute was called in. As such, any
parameters
needed
// on called page, need to exist in the calling page.
HttpContext.Current.Server.Execute("~/" + URL, pageResponse);

// Create the html file for conversion
StreamWriter fileIO = File.CreateText(filepath + filename + ".html");
fileIO.WriteLine(pageResponse.ToString());
fileIO.Close();

// Execute hghtmldoc.exe to convert our html to PDF
System.Diagnostics.Process process = new System.Diagnostics.Process();
process.StartInfo.FileName =
ConfigurationSettings.AppSettings["HtmlDocInstallPath"];
process.StartInfo.Arguments = "--webpage --quiet --browserwidth
800 --right 1in --left 1in --size Letter -f " + filename + ".pdf " +
filename + ".html";
process.StartInfo.WorkingDirectory = filepath;
process.Start();
process.WaitForExit();
}
catch (Exception E)
{
string err = E.Message;
}
finally
{
// delete the html file
File.Delete(filepath + filename + ".html");
}

// return the pdf file
return (filepath + filename + ".pdf");
}

public static void DisplayPDF(string PDF)
{
// If the file exists
if(File.Exists(PDF))
{
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ContentType = "Application/pdf";
try
{
HttpContext.Current.Response.WriteFile(PDF);
HttpContext.Current.Response.Flush();
HttpContext.Current.Response.Close();
}
catch
{
HttpContext.Current.Response.ClearContent();
}
finally
{
File.Delete(PDF);
}
}
else
{
// Could not find file
}
}
}

 

[Ryan Taylor]

Update 2.

I do not get this warning message in Firefox 1.0.

Update.

So I replaced the display code to display just a .txt file with some garbage
message in it. The application still creates a PDF, but when it goes to
display it, the .txt file is displayed instead. So, it appears that
something about the PDF itself is causing the security warning. Another
"clue" is that I can navigate to the URL where the PDF is created,
https://mywebsite/pdfs/tmp342.pdf and it displays without the security
warning. I tried using Response.BinaryWrite() but I had the same problem.

Hi Ken.

No, there are no images outside of the https directory. Even the PDF is
created within the https directory at runtime. Also, there are no absolute
URLs in the PDF. I think it has something to do with the way I am replacing
the page contents with the PDF. But I can not figure out what.

Hi Ryan,

Are there any empty href tags, images outside of the https directory, or
absolute URLs in the picture?


Hi.

I have some code that dynamically generates a PDF and spits this content
directly to the web browser. I use HTMLDoc to create the Pdf's from html.
So
the user can click on a button "Print PDF" and the current page magically
becomes a PDF file. This worked great until we moved the site to https.
Now,
when the button is clicked, I get a warning that

This page contains both secure and nonsecure items.
Do you want to display the nonsecure items?

If I choose Yes, the PDF is displayed. No, and it isn't, as expected from
the dialog. However, The PDF is created within the context of the
application, and written to a Pdfs directory within the application path.
I
do not want the users to receive this message

What might I be doing wrong?

Here is my code.

// When the user clicks the button, we are redirected to the page that
contains the PDF creation functions
// Pass the URL we are from so we not which page to create a PDF from
private void btnPrint_Click(object sender, System.EventArgs e)
{
string Url = "Response/ViewResponse.aspx&" +
Request.QueryString.ToString();
Response.Redirect("~/Pdfs/Pdf.aspx?CallingURL=" + Url);
}

// Call the creation and display functions
private void Page_Load(object sender, System.EventArgs e)
{
string callingURL = Request.Params["CallingURL"];
if(callingURL != null && callingURL != "")
{
string filename = PDFGenerator.CreatePDF(callingURL);
PDFGenerator.DisplayPDF(filename);
}
}

public class PDFGenerator
{
// Thanks to
// http://www.codeproject.com/aspnet/HTML2PDF.asp
// For the excellent example on how to use HTMLDOC in an ASP.NET
environment

public static string CreatePDF(string URL)
{
// file and path variables
string tempFile = "";
string filename = "";
string filepath = "";

try
{
// Create the temporary file names we need
tempFile = Path.GetTempFileName();
filename = Path.GetFileNameWithoutExtension(tempFile);
filepath = HttpContext.Current.Server.MapPath("~/Pdfs") + "\\";

// delete the file in the temp directory
File.Delete(tempFile);

// Execute the current page and get the output in a string
StringWriter pageResponse = new StringWriter();

// NOTE: It appears that Server.Execute executes the page but in the
context
// of the page that Server.Execute was called in. As such, any
parameters
needed
// on called page, need to exist in the calling page.
HttpContext.Current.Server.Execute("~/" + URL, pageResponse);

// Create the html file for conversion
StreamWriter fileIO = File.CreateText(filepath + filename + ".html");
fileIO.WriteLine(pageResponse.ToString());
fileIO.Close();

// Execute hghtmldoc.exe to convert our html to PDF
System.Diagnostics.Process process = new System.Diagnostics.Process();
process.StartInfo.FileName =
ConfigurationSettings.AppSettings["HtmlDocInstallPath"];
process.StartInfo.Arguments = "--webpage --quiet --browserwidth
800 --right 1in --left 1in --size Letter -f " + filename + ".pdf " +
filename + ".html";
process.StartInfo.WorkingDirectory = filepath;
process.Start();
process.WaitForExit();
}
catch (Exception E)
{
string err = E.Message;
}
finally
{
// delete the html file
File.Delete(filepath + filename + ".html");
}

// return the pdf file
return (filepath + filename + ".pdf");
}

public static void DisplayPDF(string PDF)
{
// If the file exists
if(File.Exists(PDF))
{
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ContentType = "Application/pdf";
try
{
HttpContext.Current.Response.WriteFile(PDF);
HttpContext.Current.Response.Flush();
HttpContext.Current.Response.Close();
}
catch
{
HttpContext.Current.Response.ClearContent();
}
finally
{
File.Delete(PDF);
}
}
else
{
// Could not find file
}
}
}

 

[Ken Cox [Microsoft MVP]]

Is it possible that the ASPNET account doesn't have sufficient read
permissions in that PDF directory where the file is being created?

Update.

So I replaced the display code to display just a .txt file with some
garbage
message in it. The application still creates a PDF, but when it goes to
display it, the .txt file is displayed instead. So, it appears that
something about the PDF itself is causing the security warning. Another
"clue" is that I can navigate to the URL where the PDF is created,
https://mywebsite/pdfs/tmp342.pdf and it displays without the security
warning. I tried using Response.BinaryWrite() but I had the same problem.

Hi Ken.

No, there are no images outside of the https directory. Even the PDF is
created within the https directory at runtime. Also, there are no
absolute
URLs in the PDF. I think it has something to do with the way I am replacing
the page contents with the PDF. But I can not figure out what.

Hi Ryan,

Are there any empty href tags, images outside of the https directory,
or
absolute URLs in the picture?


Hi.

I have some code that dynamically generates a PDF and spits this content
directly to the web browser. I use HTMLDoc to create the Pdf's from html.
So
the user can click on a button "Print PDF" and the current page magically
becomes a PDF file. This worked great until we moved the site to https.
Now,
when the button is clicked, I get a warning that

This page contains both secure and nonsecure items.
Do you want to display the nonsecure items?

If I choose Yes, the PDF is displayed. No, and it isn't, as expected from
the dialog. However, The PDF is created within the context of the
application, and written to a Pdfs directory within the application path.
I
do not want the users to receive this message

What might I be doing wrong?

Here is my code.

// When the user clicks the button, we are redirected to the page
that
contains the PDF creation functions
// Pass the URL we are from so we not which page to create a PDF from
private void btnPrint_Click(object sender, System.EventArgs e)
{
string Url = "Response/ViewResponse.aspx&" +
Request.QueryString.ToString();
Response.Redirect("~/Pdfs/Pdf.aspx?CallingURL=" + Url);
}

// Call the creation and display functions
private void Page_Load(object sender, System.EventArgs e)
{
string callingURL = Request.Params["CallingURL"];
if(callingURL != null && callingURL != "")
{
string filename = PDFGenerator.CreatePDF(callingURL);
PDFGenerator.DisplayPDF(filename);
}
}

public class PDFGenerator
{
// Thanks to
// http://www.codeproject.com/aspnet/HTML2PDF.asp
// For the excellent example on how to use HTMLDOC in an ASP.NET
environment

public static string CreatePDF(string URL)
{
// file and path variables
string tempFile = "";
string filename = "";
string filepath = "";

try
{
// Create the temporary file names we need
tempFile = Path.GetTempFileName();
filename = Path.GetFileNameWithoutExtension(tempFile);
filepath = HttpContext.Current.Server.MapPath("~/Pdfs") + "\\";

// delete the file in the temp directory
File.Delete(tempFile);

// Execute the current page and get the output in a string
StringWriter pageResponse = new StringWriter();

// NOTE: It appears that Server.Execute executes the page but in
the
context
// of the page that Server.Execute was called in. As such, any
parameters
needed
// on called page, need to exist in the calling page.
HttpContext.Current.Server.Execute("~/" + URL, pageResponse);

// Create the html file for conversion
StreamWriter fileIO = File.CreateText(filepath + filename + ".html");
fileIO.WriteLine(pageResponse.ToString());
fileIO.Close();

// Execute hghtmldoc.exe to convert our html to PDF
System.Diagnostics.Process process = new System.Diagnostics.Process();
process.StartInfo.FileName =
ConfigurationSettings.AppSettings["HtmlDocInstallPath"];
process.StartInfo.Arguments = "--webpage --quiet --browserwidth
800 --right 1in --left 1in --size Letter -f " + filename + ".pdf " +
filename + ".html";
process.StartInfo.WorkingDirectory = filepath;
process.Start();
process.WaitForExit();
}
catch (Exception E)
{
string err = E.Message;
}
finally
{
// delete the html file
File.Delete(filepath + filename + ".html");
}

// return the pdf file
return (filepath + filename + ".pdf");
}

public static void DisplayPDF(string PDF)
{
// If the file exists
if(File.Exists(PDF))
{
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ContentType = "Application/pdf";
try
{
HttpContext.Current.Response.WriteFile(PDF);
HttpContext.Current.Response.Flush();
HttpContext.Current.Response.Close();
}
catch
{
HttpContext.Current.Response.ClearContent();
}
finally
{
File.Delete(PDF);
}
}
else
{
// Could not find file
}
}
}

 

[Ryan Taylor]

It's unlikely. When I run the same application in FireFox I am not getting
the security warning. So it seems like it is something that is browser
dependent.

Is it possible that the ASPNET account doesn't have sufficient read
permissions in that PDF directory where the file is being created?

Update.

So I replaced the display code to display just a .txt file with some
garbage
message in it. The application still creates a PDF, but when it goes to
display it, the .txt file is displayed instead. So, it appears that
something about the PDF itself is causing the security warning. Another
"clue" is that I can navigate to the URL where the PDF is created,
https://mywebsite/pdfs/tmp342.pdf and it displays without the security
warning. I tried using Response.BinaryWrite() but I had the same problem.

Hi Ken.

No, there are no images outside of the https directory. Even the PDF is
created within the https directory at runtime. Also, there are no
absolute
URLs in the PDF. I think it has something to do with the way I am replacing
the page contents with the PDF. But I can not figure out what.

Hi Ryan,

Are there any empty href tags, images outside of the https directory,
or
absolute URLs in the picture?


Hi.

I have some code that dynamically generates a PDF and spits this content
directly to the web browser. I use HTMLDoc to create the Pdf's from
html.
So
the user can click on a button "Print PDF" and the current page
magically
becomes a PDF file. This worked great until we moved the site to https.
Now,
when the button is clicked, I get a warning that

This page contains both secure and nonsecure items.
Do you want to display the nonsecure items?

If I choose Yes, the PDF is displayed. No, and it isn't, as expected
from
the dialog. However, The PDF is created within the context of the
application, and written to a Pdfs directory within the application
path.
I
do not want the users to receive this message

What might I be doing wrong?

Here is my code.

// When the user clicks the button, we are redirected to the page
that
contains the PDF creation functions
// Pass the URL we are from so we not which page to create a PDF from
private void btnPrint_Click(object sender, System.EventArgs e)
{
string Url = "Response/ViewResponse.aspx&" +
Request.QueryString.ToString();
Response.Redirect("~/Pdfs/Pdf.aspx?CallingURL=" + Url);
}

// Call the creation and display functions
private void Page_Load(object sender, System.EventArgs e)
{
string callingURL = Request.Params["CallingURL"];
if(callingURL != null && callingURL != "")
{
string filename = PDFGenerator.CreatePDF(callingURL);
PDFGenerator.DisplayPDF(filename);
}
}

public class PDFGenerator
{
// Thanks to
// http://www.codeproject.com/aspnet/HTML2PDF.asp
// For the excellent example on how to use HTMLDOC in an ASP.NET
environment

public static string CreatePDF(string URL)
{
// file and path variables
string tempFile = "";
string filename = "";
string filepath = "";

try
{
// Create the temporary file names we need
tempFile = Path.GetTempFileName();
filename = Path.GetFileNameWithoutExtension(tempFile);
filepath = HttpContext.Current.Server.MapPath("~/Pdfs") + "\\";

// delete the file in the temp directory
File.Delete(tempFile);

// Execute the current page and get the output in a string
StringWriter pageResponse = new StringWriter();

// NOTE: It appears that Server.Execute executes the page but in
the
context
// of the page that Server.Execute was called in. As such, any
parameters
needed
// on called page, need to exist in the calling page.
HttpContext.Current.Server.Execute("~/" + URL, pageResponse);

// Create the html file for conversion
StreamWriter fileIO = File.CreateText(filepath + filename + ".html");
fileIO.WriteLine(pageResponse.ToString());
fileIO.Close();

// Execute hghtmldoc.exe to convert our html to PDF
System.Diagnostics.Process process = new System.Diagnostics.Process();
process.StartInfo.FileName =
ConfigurationSettings.AppSettings["HtmlDocInstallPath"];
process.StartInfo.Arguments = "--webpage --quiet --browserwidth
800 --right 1in --left 1in --size Letter -f " + filename + ".pdf " +
filename + ".html";
process.StartInfo.WorkingDirectory = filepath;
process.Start();
process.WaitForExit();
}
catch (Exception E)
{
string err = E.Message;
}
finally
{
// delete the html file
File.Delete(filepath + filename + ".html");
}

// return the pdf file
return (filepath + filename + ".pdf");
}

public static void DisplayPDF(string PDF)
{
// If the file exists
if(File.Exists(PDF))
{
HttpContext.Current.Response.ClearContent();
HttpContext.Current.Response.ClearHeaders();
HttpContext.Current.Response.ContentType = "Application/pdf";
try
{
HttpContext.Current.Response.WriteFile(PDF);
HttpContext.Current.Response.Flush();
HttpContext.Current.Response.Close();
}
catch
{
HttpContext.Current.Response.ClearContent();
}
finally
{
File.Delete(PDF);
}
}
else
{
// Could not find file
}
}
}

 

[jaismili]

Hi Ryan,

I want to create a similar functionality as you have mentioned, creation
of a printable pdf dynamically using c#
According to your post, I downloaded htmldoc trail version for now.
I went through the code you have given and tried to use the same, just
changing some parameters here and there.But I am not able to generate
the pdf.
I had a few questions, as I am not very well versed with c#.net
programming.I would really appreciate if you could give me some help
regarding this.

1.Do I need to configure htmldoc with IIS?
2.Do I need to use any other name space in particular other than
system.io, system.diagnostics and system.configuration?
3.According to what I understood, I created a page pdf.aspx which is
called on the click event of the print button on querydata.aspx. And on
the page load of the pdf.aspx wrote the code which you have posted, to
call the pdfgenerator and displaypdf. Is this right?
4.What is "Htmldocinstallpath" in your program? Is it the path where
htmldoc exe is present?
5.I think, Pdfs is a folder where you store the pdf files generated.Is
this folder in the root directory or just any folder on the local
machine.
6.Also, do I need to give any security permissions, rights etc to the
folder?

I would really be thankful if you could help me with this.

Thanks again.