I've been asked to implement a security requirement that we instruct browsers not to cache sensitive data. This is all fine for the ASPX content using the standard instructions:
However when I set these headers for PDF downloads, IE8 won't show the PDF (haven't tried other IE versions yet, kinda moot, I need it working on all of them, even IEfreaking6). Seems to work in firefox 4 beta, but I haven't double checked that it's definitely not caching it. Here is the abridged version of the code I'm using to serve the PDFs:
Response.Clear();
Response.ClearHeaders();
Response.ClearContent();
Response.Buffer = true;
//This stops the PDFs from being viewed :(
//Response.Expires = -1;
//Response.Cache.SetCacheability(HttpCacheability.NoCache);
//Response.Cache.SetNoStore();
Response.ContentType = mime;
Response.AddHeader("Content-Disposition", disposition);
Response.BinaryWrite(file);
Response.End();
Where in the case of PDFs the mime type is set to: private const string mimeTypePDF = "application/pdf"; The disposition is set to: var disposition = String.Format("{0};filename="{1}"", SendInline ? "inline" : "attachment", Path.GetFileName(filename));
I'm going to play-around a bit more, maybe forcing them to download as mimetype "application/octet-stream" might work, but that would stop the nice open PDF's in a new browser window from working. Has anyone had any success with preventing IE from caching PDFs from the server side and successfully displaying them?
Just to give a clear example about what happens. In one scenario user's can select a bunch of reports from a list, these are compiled into a PDF and the PDF is shown in a new browser window. With the caching enabled the browser window opens, but remains resolutely blank.
I am looking for code that linearize PDFs file. that show page-by-page into the user's browser, so the user doesn't have to wait for the whole document to download before starting to view it.
I have a page with a number of user controls, In one of my user controls I have a button event. I turn on output cache for the user control that has the button and vary by control using the ID property of a hidden field control in the user control. whenever I turn on the output cache my button event doesn't fire.
I am currently working on a project where I need to secure access to downloadable files. The solution I want to implement is to have two buttons next to each document. One that says Editable and the other read-only (depending on the users permission they will see one of these or both). The editable will work normally with the browser dialogue opening to say open / save the document. That is the easy part. The read-only button needs to open the document without caching anything (in temporary internet files) on the client's machine for security reasons or give the ability to save it to their local machine.
The best Idea I have for this is to convert the document to HTML on the fly and then redirect the user to this page. We can then turn caching off on the site so the HTML isn't cached (I know they can then right-click and save the HTML or copy the text,etc.. but that is deemed acceptable). Does anyone have an alternative solution than this (or have an easy way this can be achieved)? I don't want to install Office on the web server or pay heavily for a third-party tool like Aspose.
I am creating a web app to basically allow the user to select multiple files, specifically pdfs that have already been created on a network path, and print whichever ones they want. Can someone point me to the best way to accomplish this? I have done a lot of searching, with no good results so far.
I have multiple PDFs coming from a report generator and I want to merge them to a single document. The merging process must run in a web site or WCF web service environment (Framework 4.0, IIS 7.5). Is there a component, open source or commercial, to accomplish this?In my process I get the PDFs as streams. If I have the choice, I would prefer a merging method, working directly on these streams - without file representations.
I have been presented with a problem which requires me to print PDF files from a server as part of an ASP.NET web service.
The problem is further complicated by the fact that the PDF files I have to print can ONLY be printed using Adobe Reader (they were created using Adobe LiveCycle and have some strange protection in them).
This piece of code seems to do the trick in the Visual Studio development web server, but doesn't do anything when the site's running in IIS. I'm assuming this is probably some sort of permissions issue!?
Dim starter As ProcessStartInfo Dim Prc As Process ' Pass File Path And Arguments starter = New ProcessStartInfo("c:program files...AcroRd32.exe", "/t ""test.pdf"" ""Printer""") starter.CreateNoWindow = True starter.RedirectStandardOutput = True starter.UseShellExecute = False ' Start Adobe Process Prc = New Process() Prc.StartInfo = starter Prc.Start()
I am interested in learning how to set up a secure report server with which I can publish individualized reports to my constituents. I know that banks and brokerage firms can do this, but I am not sure how it is done. I want to publish documents for an academic institution (grades, bills, transcripts, etc). I know some ASP.net and I am pretty fleuent in Crystal Reports. I am considering using a product like pdf-explode to disseminate reports via email, but I would really like to learn how to set up a secure site for my constituents and have them view the reports there.
We have recently had some security issues with our web app where users have actually gone into the IE debugger tool and enabled a "Submit" button and saved data they shouldn't have. So...my question is....is their anyway to prevent this from happening?
I'm trying to disable a checkbox depending on whether an xml value contains the word disabled but I'm getting an error as follow. Does anyone know how I can accomplish this or see something wrong with how I'm doing it? The XML value is either blank or contains the word "DISABLED"
error:
System.InvalidCastException was unhandled by user code Message=Conversion from string "" to type 'Boolean' is not valid. Source=Microsoft.VisualBasic StackTrace:
My web app (asp VB 2005) uses Windows authentication. If the user isn't part of a specific AD security group they don't get to edit the data; instead I redirect the user to a read-only page.The program works fine in the IDE.I published the web app to my laptop and Disabled anonymous access. When I ran the program I got redirected to the read-only page. I added a write event to the application event log to see what was going on, and found that the WindowsPrincipal.Identity.Name contained my laptop's ID, not my user name.I reassert: anonymous access is disabled in IIS and the web.config file has Windows Authentication.
Can anyone shed some light on why DotNetNuke comes configured with request validation and event validation disabled? They're both off at the web.config level for a default install which seems to be a regressive approach. Are there any sound reasons for this and what is the functional impact on DotNetNuke if they're turned back on?
Obviously appropriate input validation should be happening in code anyway but the native .NET framework behaviour is always a nice fallback.
When there is only one page available, the Next and Previous links are rendered as so: <a disabled="disabled">Previous</a> I have not seen this disabled tag before, and presume it's coming from the datapager control which I won't be able to control. As usual, this is fine on FireFox but on IE7 the Previous and Next text does not render correctly - it is outlined (what I would expect disabled to look like to be honest - but looks a bit ugly in the page!)
i m using one disabled textbox in my page .it is looking disabled in mozilla firefox but looking like a simple textbox in IE. what to do to give it a disabled look in IE also.
I have a reportviewer that uses a dynamically generated RDLC (which means the RDLC is created at run-time through an XSL) to generate reports. I have no issue loading the report. My problem is with its toolbar. It is always disabled. I can't perform search, change the report size, or export the report to another file format.
I installed VS 08. and then installed Ajax extensions 1.0. I also downloaded ajax control toolkit and added to my toolbox. And I placed scriptmanager on the designer. Now when I am trying to add functionality to standard button via smart tag option. I see this option disabled. how can I enable it and have extenders in play.
I'm using some of the typical ASP.NET's Validation Controls in my website. Now I'm trying to disable the JavaScript in my browser to test my application and of course the Validation Controls no longer works. I think it's best to try to make them work using one of the solutions down here instead of reinvesting the wheel and build a validation layer for the page or my objects -Am I thinking right?-
What do you think of these options and why:
Include in clicked button's event a code to check if the page is valid and if not explicitly call the Page.Validate(); method Check if whether the JavaScript is enabled and if not I should call Page.Validate();
n a page with textbox control, lets say this textbox is disabled on server side page load.What would happen if a javascript tries to set visibility of the textbox to false ?dit:Can the textbox be hidden by javascript even though it's disabled ?
