I would like admins to be able to upload pdf files to a unique directory that contains a webconfig file that only allows admins to view the pdfs.
When the pdf is ready to release to the public the admin would flag it appropriately and the codebehind would modify the webconfig so it is public.
I need this to function at runtime.
My thought was to have a template directory with a private webconfig. Web the admin uploads a pdf it will copy the template directory and webconfig to a new location then insert the pdf. After it is ready to release the admin sets a flag and the code changes the webconfig to public. Again all at runtime.
The important point here is that the path to the pdf never changes once it is uploaded.
I have found code to copy directories and modify a webconfig. The problem is copying a webconfig file from one location to another during runtime.
example webconfig (private)
<configuration>
<system.web>
<authorization>
<allow roles="private" />
<deny users ="*" />
</authorization>
</system.web>
</configuration>
example webconfig (public)
<configuration>
<system.web>
<authorization>
<allow roles="public" />
<deny users ="*" />
</authorization>
</system.web>
</configuration>
CodePudding user response:
I'd recommend using a DB in order to manage this private/public flag. However if you need to use a web.config file for this you can look at the System.IO namespace which allows you to edit and move files around. Just be careful using it as it allows you to do a lot of things to files/folders. See for ex.
And by using a database, then it is MUCH easier to upload and catagorize files by each customer (if that's what you want).
And then a simple flag or setting in the database row controls if the file is read for the users to see (or download).
In above, if you cick on the PDF file preview, then I download the (stream) the file to the user.
The code is much like this:
Dim btnLink As ImageButton
btnLink = sender
Dim strInternalFile = btnLink.Attributes("iFile")
Dim binFile() As Byte
Dim strConType As String = ""
If File.Exists(strInternalFile) Then
strConType = MimeMapping.GetMimeMapping(strInternalFile)
binFile = File.ReadAllBytes(strInternalFile)
Response.ContentType = strConType
Response.AppendHeader("Content-Disposition", "attachment; filename=" Path.GetFileName(strInternalFile))
Response.BinaryWrite(binFile)
'Response.WriteFile(strWebUrl)
Response.End()
so the above just downloads the file to the users browser.
As noted, if static links are required, and thus files are not dished out on a "per user" or "per logon", then you could sill have a landing page that shows "ready" documents" or "list of available documents" as a URL, but some type of UI or grid display like above would then display, and then a user click on some button to "download" the file would then occur.
I don't think trying to hack away at web config going to make sense. How will that work with multiple users? And a page already loaded will cache those settings. All in all, trying to mess with web config, and working in a multi-user environment I don't think would work.
Toss in caching issues, and all kinds of other things? If there are some files the users are to see or not see? Then provide a UI, and not simple URL's to the files - this will HUGE increase security of the site anyway.
and then a database system becomes the management system for the users - not some web config that going to not really provide any kind of per user controls over that process anyway. Even if you always create some new folder based even on user logon "ID", then having to build some administers page(s) in which you need a easy way to turn on, or allow the user to get and see some files is now some UI and interaction by software that can simple "update" a flag or setting in a database.
I just don't see how a viable workflow can occur by trying to mess with web.config, and I not even sure that already cached pages etc. would work correctly anyway.
I would not go down that road - it just too much of a hack approach here.
And I also added a extra column to the database with a GUID column. So I can provide a URL with a GUID that points to the file. I take the GUID from the URL, fetch the one row, and now I can check that file owner by ALSO having stored the User_ID in that database row. So, now logged on users ONLY can get at their OWN files that belong to them. And of course its then trival to add "admin approved" flag or what not to show/allow the files to be used and seen by that one user.