Reading and Writing Files from outside the web structure by Jeff G.

Reading and Writing Files from outside the web structure.In many cases you may have files that you dont want Joe Blow Web User to have access to when they visit your site. If these files are for clients only, you dont want somebody to be able to "hack" your pages an ...

Contributed by aspfree
Rating:

/ 4
September 11, 2000

Rate this Article:
MEH MEH++

SEARCH ASP FREE

In many cases you may have files that you dont want Joe Blow Web User to have access to when they visit your site.
If these files are for clients only, you dont want somebody to be able to "hack" your pages and find out directory or
filename structure.

The only real way to secure these files is to store them outside the web directory.

"Doesn't this defeat the purpose of sharing files over the web", you say?"

Normally it probably would but in this case its the perfect( well almost ) scenario for securing your files.
The method I use for securing files is by using a Component to read the binary file from a directory and then write it back to the web browser.

There is also a link on the Microsoft Knowledge Base about this where I got the idea from.

http://support.microsoft.com/support/kb/articles/Q193/9/98.ASP

The MEAT of the Article
Ok now I will show you the code on how to do this amazing feat.

<%

'On Error Resume Next
If Not Response.isClientConnected Then
Response.end
End If
Response.buffer = true

'Specify a MIME type such as "text/html", "image/gif" or "application/pdf"
Response.contenttype = "application/msword"

'Useful in cases for unknown file types
'Response.contenttype = "application/octet-stream"

'Custom server component
Set objBinFile = Server.CreateObject("ASPBinFile.clsASPBinFile")

'Beware of cases of file name in case some systems differentiate them
mFile = "c:\inetpub\wwwroot\test\serverop.doc"

mStream = objBinFile.BinFileRead(mFile)
Response.Addheader "Content-Disposition", "inline; filename=" & "ado.pdf"

'Response.Addheader "Content-Disposition", "inline; filename=" & "serverop.doc"
Response.CacheControl = "public"

Response.binarywrite mstream
Set objBinFile = Nothing
Response.End

%>

As you can see the code is very small. Now there are a few things I need to point out here, just so everyone understands this.

You need to set your MIME type so that the browser knows what kind of file this is. If you are serving multiple kinds of files I would write a case statement to handle all the MIME types and for the CASE ELSE you can use octet-stream.

Octet-Stream is the catch-all datatype. If you look in your web server's properties under MIME types you will likely see a long list with MIME types and their associated applications. For Octet-Stream you will see all or *. This is because octet-stream is the straight binary and will just let you download or open the file. Kind of like writing it straight to the browser.

mFile is the variable you will need to set the path in. What I would do here is hardcode the main path into your asp page and then just Response.Write your filename into the page.

You will also need to create your instance of the BinaryRead/Write object I have created.

Below I have also included the code for the Component I wrote to handle the Binary Read portion of this article. This is a simple ActiveX Dll. Just open VB and name the Project File - ASPBinFile and the Class File - clsASPBinFile. You should be rocking and good to go after this.

Option Explicit
Function BinFileRead(ByVal inFileSpec As String) As Variant
     On Error GoTo errHandler
     Dim mHandle
     Dim lngFileLen As Long
     Dim arrData() As Byte

     mHandle = FreeFile
     Open inFileSpec For Binary Access Read As #mHandle

     lngFileLen = FileLen(inFileSpec)
     ReDim arrData(lngFileLen)

     Get #mHandle, , arrData
     Close #mHandle

     BinFileRead = arrData
     Exit Function

errHandler:
End Function

I have also included a compiled version of the dll and the source project files.
I hope this helps.