Repost: Save file on Server - with a twist.

[Mr Gordonz]

Hi All,

I am reposting this because I need some guidance/advice fairly quickly.

I currently have the following setup for saving a file on the server:

The user runs a VB app on his/her PC. Among other things, the app
prompts the user to select a file (or files). The app then uploads the
file(s) to the web server (effectively pushing the files up). In addition,
the app calls an aspx page and passes the file name (and a few other
bits of data) to the page as query strings. The page then writes the
data to the database. But the user never sees the page - it all happens
"behind the scenes".

Here is what I want to do:

I want to modify the aspx so it pulls the file from the client, as well as
the other things it currently does. The VB app would simply pass all the
relevant info to the page, and the page would do all the work. To prevent
someone calling the page without using the VB app, the app passes an
encrypted string that the page uses to verify that the page has been called
legitimately.

I know I can do this very easily by using a HTML <input type="file">
control. But I don't want to do this because I don't want the user to
ever see the page - the user still needs to use the VB app, I just want
to shift control of the file transfer from the app to the aspx page.

If this presents a security risk, or if it can't be done, I would be
grateful
if someone could explain why.

Cheers,

MG

 

[Marc Hoeppner]

Hi,

I would recommend using a Web Services instead of an ASPX page. You can
easily call your own web service with all the parameters and the file data
from your VB app, at least if you use VB.NET. If you still use VB6, then the
ASPX way may be easier. In this case you still have to use <input
type=file...>, but you can implement the page so that it only allows POSTs
(PageLoad: if(IsPostBack==false) Response.End() or something similar like
that).

Best regards,

Marc Höppner
NeoGeo

 

[Mr Gordonz]

Hi Marc,

The VB app is indeed VB6, and I have never created a Web Service. I did
actually try the following in the pageload event of the page:

1. Dim txtFilePath As String = Trim(Request.QueryString("FilePath"))
2. Dim myControl As HtmlControls.HtmlInputFile = New
HtmlControls.HtmlInputFile()
3. myControl.Value = txtFilePath
4. Dim strFileName = myControl.PostedFile.FileName
5. myControl.PostedFile.SaveAs(strServerPath & "\media\" & strFileName)

But it didn't like line 3 - the error I got is: Object reference not set to
an instance of an object.

How can I use a <input type=file> control if it is never seen by the user?
I have done a lot research into how this control works, and everything I
have read says that the value property of the control can't be set
programmatically (for security reasons). There must be a way for a page to
pull a file off a client computer without the user having to actually see
the page??

Cheers,

MG



Hi,

I would recommend using a Web Services instead of an ASPX page. You can
easily call your own web service with all the parameters and the file data
from your VB app, at least if you use VB.NET. If you still use VB6, then the
ASPX way may be easier. In this case you still have to use <input
type=file...>, but you can implement the page so that it only allows POSTs
(PageLoad: if(IsPostBack==false) Response.End() or something similar like
that).

Best regards,

Marc Höppner
NeoGeo

 

[Hans Kesting]

Why first request an empty page?
You don't want to GET an empty page, you want to POST a filled page.
See if you can work out how the "browser" response is encoded
and send that (filename, other bits, file data).

Hans Kesting