Secure binary files with ASP.NET and open PDF with Browser

[rodrigo]

Open Binary files with ASP.Net
Posted: 07-08-2003 05:47 PM
I am trying to protect PDF files with a form that asks the user to
enter name and password.
Basically I created two pages: login.aspx and openpdf.aspx.

Here is the problem.
After authentication, when the script redirects to openpdf.aspx, I
have to hit the refresh button in order for the PDF to open with my
local acrobat reader. PS: I have acrobat installed correctly. Then
after it opens it, I click back and try to access a pdf manually
typing http://localhost/pdf/test.pdf and it gives me this error with a
messy content.

The server block is not well formed.

Line 3570:är@
Line 3571:1³T÷ƒ<ȸѹm¸
µüa‘éÀ-ÿí߉MKvÇ€z«˜´(j-|ÑBL‡9÷ðÏ~×àô¢3ÿp.ÇQ3
Line 3572:xÔ­ê€GònÃ߶dÜ
ÇàN¸;¹|Ü›ü}áï6Ü÷'Ѷ$œ3'ÙqRý<%&§4ãS|qJ~œDzRÍ>ù"çÞ‹•x/Ã9×ÅÒf
ž|®Ê¸'y®Òj= kÍâٱ ]øý0¸'Õ!,£‹Ú£p~
†œ¥Ó³´qÎ0rNÝ<ÇçˆïüQððÙ—cž;ÖÞ¥¸Ë`|øº<˜\ø¾"äø^ò\e>´›ö¥Pë³ÆF<
?WŠÃO£cq|"€x™¯ª£¯iøoÐç›räM‰ö_¼a«{ý
"u| ©= Ø&RÿŠKâïæå¿š—Û6¤¿˜ÛßW$þdvÿƒ}ê÷öºßÙ*ß1?ÿšX߶¥½i¿{…#_â¬ú\ü–YŸÅ3Nmc}¾
Line 3573:§àË6ü>±Ó|d†ÿÀüþ¾)ü]"ú;¦ø_šì_³Ãü‚/±ã…ê9ûÔ³
Line 3574:Å3¶±§%êOl»OIœ'
ø<!=Žå19ãéGãc"½&É}/Üù>•3d,‹ÓmB¹ñ²=âE;ÕÏbW8{¼;Ô


Here's my web.config

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>

<httpHandlers>
<add verb="*" path="*.pdf" type="System.Web.UI.PageHandlerFactory" />
</httpHandlers>


<authentication mode="Forms">
<forms name="aspxauth" loginUrl="login.aspx" path="/" />
</authentication>

<authorization>
<deny users="?"/>
</authorization>


</system.web>
</configuration>


---------------------This is the validation in login.aspx
--------------------------

private bool ValidateUser(string uid, string passwd)
{
SqlConnection conn;
SqlCommand cmd;
SqlDataReader dr;
conn = new SqlConnection("your connection");
cmd = new SqlCommand("Select * from Sn_RegisteredUsers where
FirstName='" + uid + "'",conn);

conn.Open();
dr = cmd.ExecuteReader();
while (dr.Read())
{

if (string.Compare(dr["Pwd"].ToString(),passwd,false)==0)
{
conn.Close();
return true;
}
}
conn.Close();
return false;
}



if (ValidateUser(txtUserName.Value,txtUserPass.Value) )
{
FormsAuthenticationTicket tkt;
string cookiestr;
HttpCookie ck;
tkt = new FormsAuthenticationTicket(1, txtUserName.Value,
DateTime.Now, DateTime.Now.AddMinutes(30), chkPersistCookie.Checked,
"your custom data");
cookiestr = FormsAuthentication.Encrypt(tkt);
ck = new HttpCookie(FormsAuthentication.FormsCookieName, cookiestr);
if (chkPersistCookie.Checked)
ck.Expires=tkt.Expiration;
Response.Cookies.Add(ck);

string strRedirect;
//strRedirect = Request["ReturnUrl"];
if (strRedirect==null)
strRedirect = "openpdf.aspx";
Response.Redirect(strRedirect, true);
}
else
Response.Redirect("login.aspx", true);
}

---------------------------- |
-----------------------------------------

-----------------------This is the openpdf.aspx
code------------------------
<%@ Page Language="C#" %>
<script runat="server">
private void Page_Load(object sender, System.EventArgs e)
{
//Set the appropriate ContentType.
Response.ContentType = "Application/pdf";
//Get the physical path to the file.
string FilePath = MapPath("120-06.pdf");
//Write the file directly to the HTTP content output stream.
Response.WriteFile(FilePath);
Response.End();
}
</script>
------------------------------- |
---------------------------------------------------


I appreciate any help.

Rod