Hi,
I have a bunch of Excel reports that I would like to
display on my company's intranet. The reports contain
priviledged information, however. My plan was to have a
page with a dropdown box so someone could pick the report
they need to view. This page can be secured with a
session object, etc. But what is to keep an unauthorized
person from accessing a file by typing http://serv1/excelrpt1.xls
Is there something I could configure in IIS? Set
permissions?
Thanks,
Rich 9  3708 
Either keep the excel file out of the website and stream it back with this
method, http://www.aspfaq.com/2276, or use NT authentication on the
directory with the files and make people log in to get them.
Ray at work
"Rich" <an*******@discussions.microsoft.com> wrote in message
news:01****************************@phx.gbl... Hi,
I have a bunch of Excel reports that I would like to
display on my company's intranet. The reports contain
priviledged information, however. My plan was to have a
page with a dropdown box so someone could pick the report
they need to view. This page can be secured with a
session object, etc. But what is to keep an unauthorized
person from accessing a file by typing
http://serv1/excelrpt1.xls
Is there something I could configure in IIS? Set
permissions?
Thanks,
Rich
Thank you for your response. I tried the code at http://www.aspfaq.com/2276
It definitely seems interesting. However, for this line
of the code
adoStream.Type = 1
I think it probably needs to be something different
because for this line: FPath = "c:\" & fn I made
it "c:\excelrpt1.xls". This brought up unreadable text.
Rather than trying adoStream.Type = 2 or 3 ... can the
adoStream read in an xls file? If so do you now the type
number or where I could get info on that?
Thanks again for your reply. I guess there is always NT
authentication, but that seems harder to control.
Rich -----Original Message-----
Either keep the excel file out of the website and stream
it back with thismethod, http://www.aspfaq.com/2276, or use NT
authentication on thedirectory with the files and make people log in to get
them.
Ray at work
"Rich" <an*******@discussions.microsoft.com> wrote in
messagenews:01****************************@phx.gbl... Hi,
I have a bunch of Excel reports that I would like to
display on my company's intranet. The reports contain
priviledged information, however. My plan was to have a
page with a dropdown box so someone could pick the
report they need to view. This page can be secured with a
session object, etc. But what is to keep an
unauthorized person from accessing a file by typing
http://serv1/excelrpt1.xls
Is there something I could configure in IIS? Set
permissions?
Thanks,
Rich
.
"Rich" <an*******@discussions.microsoft.com> wrote in message
news:0c****************************@phx.gbl... Thank you for your response. I tried the code at
http://www.aspfaq.com/2276
It definitely seems interesting. However, for this line
of the code
adoStream.Type = 1
Sorry, add this line to the top:
Response.ContentType ="application/vnd.ms-excel"
(There are two types:
adTypeBinary (1)
adTypeText (2)
Excel files should be returned binarily, I'd think.)
Thanks again for your reply. I guess there is always NT
authentication, but that seems harder to control.
I agree!
Ray at work
Thank you, again. Yes, that did the trick. Excel shows up
OK now. But as for the securing part (and I apologize for
my ignorance on this), here is the code that I tried, and
tried to make it not work (change the ServerVariables),
but that did not work:
<%
ref = lcase(Request.ServerVariables("HTTP_REFERER"))
'if instr(ref, lcase("myServer"))>0 then
if instr(ref, lcase("vtu"))>0 then
'fn = "okay.gif"
Response.ContentType ="application/vnd.ms-excel"
FPath = "C:\test1.xls"
Set adoStream = Server.CreateObject("ADODB.Stream")
adoStream.Open()
adoStream.Type = 1
adoStream.LoadFromFile(FPath)
Response.BinaryWrite adoStream.Read()
adoStream.Close: Set adoStream = Nothing
Response.End
else
'fn = "warning.gif"
response.write("not authorized")
end if
%>
May I ask how I could invoke the else part of the code
above? Thank you again for showing me how to use the
adoStream.
Rich -----Original Message-----
"Rich" <an*******@discussions.microsoft.com> wrote in
messagenews:0c****************************@phx.gbl... Thank you for your response. I tried the code at
http://www.aspfaq.com/2276
It definitely seems interesting. However, for this line
of the code
adoStream.Type = 1
Sorry, add this line to the top:
Response.ContentType ="application/vnd.ms-excel"
(There are two types:
adTypeBinary (1)
adTypeText (2)
Excel files should be returned binarily, I'd think.)
Thanks again for your reply. I guess there is always NT
authentication, but that seems harder to control.
I agree!
Ray at work
.
OK. I think I'm getting this. I am supposed to call this
page from another page and set the ServerVariable at the
other page. I got thrown off by "YourDomainName" in the
example code". Silly me (I think :). -----Original Message-----
Thank you, again. Yes, that did the trick. Excel shows
upOK now. But as for the securing part (and I apologize
formy ignorance on this), here is the code that I tried, and
tried to make it not work (change the ServerVariables),
but that did not work:
<%
ref = lcase(Request.ServerVariables("HTTP_REFERER"))
'if instr(ref, lcase("myServer"))>0 then
if instr(ref, lcase("vtu"))>0 then
'fn = "okay.gif"
Response.ContentType ="application/vnd.ms-excel"
FPath = "C:\test1.xls"
Set adoStream = Server.CreateObject("ADODB.Stream")
adoStream.Open()
adoStream.Type = 1
adoStream.LoadFromFile(FPath)
Response.BinaryWrite adoStream.Read()
adoStream.Close: Set adoStream = Nothing
Response.End
else
'fn = "warning.gif"
response.write("not authorized")
end if
%>
May I ask how I could invoke the else part of the code
above? Thank you again for showing me how to use the
adoStream.
Rich
-----Original Message-----
"Rich" <an*******@discussions.microsoft.com> wrote in
messagenews:0c****************************@phx.gbl... Thank you for your response. I tried the code at
http://www.aspfaq.com/2276
It definitely seems interesting. However, for this
line of the code
adoStream.Type = 1
Sorry, add this line to the top:
Response.ContentType ="application/vnd.ms-excel"
(There are two types:
adTypeBinary (1)
adTypeText (2)
Excel files should be returned binarily, I'd think.)
Thanks again for your reply. I guess there is always
NT authentication, but that seems harder to control.
I agree!
Ray at work
.
.
Is this what you want to do? You're trying to prevent people from leaching
your Excel files? Or are you trying to protect them from unauthenticed
users or something? This all depends on what you're trying to protect the
files from.
Ray at work
"Rich" <an*******@discussions.microsoft.com> wrote in message
news:00****************************@phx.gbl... Thank you, again. Yes, that did the trick. Excel shows up
OK now. But as for the securing part (and I apologize for
my ignorance on this), here is the code that I tried, and
tried to make it not work (change the ServerVariables),
but that did not work:
<%
ref = lcase(Request.ServerVariables("HTTP_REFERER"))
'if instr(ref, lcase("myServer"))>0 then
if instr(ref, lcase("vtu"))>0 then
'fn = "okay.gif"
Response.ContentType ="application/vnd.ms-excel"
FPath = "C:\test1.xls"
Set adoStream = Server.CreateObject("ADODB.Stream")
adoStream.Open()
adoStream.Type = 1
adoStream.LoadFromFile(FPath)
Response.BinaryWrite adoStream.Read()
adoStream.Close: Set adoStream = Nothing
Response.End
else
'fn = "warning.gif"
response.write("not authorized")
end if
%>
May I ask how I could invoke the else part of the code
above? Thank you again for showing me how to use the
adoStream.
Rich
-----Original Message-----
"Rich" <an*******@discussions.microsoft.com> wrote in
messagenews:0c****************************@phx.gbl... Thank you for your response. I tried the code at
http://www.aspfaq.com/2276
It definitely seems interesting. However, for this line
of the code
adoStream.Type = 1
Sorry, add this line to the top:
Response.ContentType ="application/vnd.ms-excel"
(There are two types:
adTypeBinary (1)
adTypeText (2)
Excel files should be returned binarily, I'd think.)
Thanks again for your reply. I guess there is always NT
authentication, but that seems harder to control.
I agree!
Ray at work
.
Well, I am trying to prevent unauthorized people from
accessing the excel files through our intranet. What I am
thinking is that I could just have a plain htm file with a
submit form. The user submits their name (login ID, pwrd)
after selecting an excel file to view and calls the asp
which can open the excel file. The asp checks a database
for the name. If it finds the corresponding name,
name = request.Form("name")
....
If not isnull(check) Then
Response.ContenType = "application/vnd.ms-excel"
...
Else
Response.redirect(login.htm)
End If
something like this. Kinda basic. I suppose I could set
a session object, if the session object is not null, and
name is in db then... Truth is, I know how to do this in
jsp, still kinda new to asp and the web server at the
workplace happens to be IIS. So I need to learn asp.
Does the above plan look doable for a quicky (not real
sophisticated) page to view the excel reports with some
degree of security? -----Original Message-----
Is this what you want to do? You're trying to prevent
people from leachingyour Excel files? Or are you trying to protect them from
unauthenticedusers or something? This all depends on what you're
trying to protect thefiles from.
Ray at work
"Rich" <an*******@discussions.microsoft.com> wrote in
messagenews:00****************************@phx.gbl... Thank you, again. Yes, that did the trick. Excel shows
up OK now. But as for the securing part (and I apologize
for my ignorance on this), here is the code that I tried,
and tried to make it not work (change the ServerVariables),
but that did not work:
<%
ref = lcase(Request.ServerVariables("HTTP_REFERER"))
'if instr(ref, lcase("myServer"))>0 then
if instr(ref, lcase("vtu"))>0 then
'fn = "okay.gif"
Response.ContentType ="application/vnd.ms-excel"
FPath = "C:\test1.xls"
Set adoStream = Server.CreateObject("ADODB.Stream")
adoStream.Open()
adoStream.Type = 1
adoStream.LoadFromFile(FPath)
Response.BinaryWrite adoStream.Read()
adoStream.Close: Set adoStream = Nothing
Response.End
else
'fn = "warning.gif"
response.write("not authorized")
end if
%>
May I ask how I could invoke the else part of the code
above? Thank you again for showing me how to use the
adoStream.
Rich
>-----Original Message-----
>
>"Rich" <an*******@discussions.microsoft.com> wrote in
message >news:0c****************************@phx.gbl...
>> Thank you for your response. I tried the code at
>>
>> http://www.aspfaq.com/2276
>>
>> It definitely seems interesting. However, for this
line >> of the code
>>
>> adoStream.Type = 1
>
>Sorry, add this line to the top:
>Response.ContentType ="application/vnd.ms-excel"
>
>(There are two types:
>adTypeBinary (1)
>adTypeText (2)
>
>Excel files should be returned binarily, I'd think.)
>
>
>
>>
>> Thanks again for your reply. I guess there is
always NT >> authentication, but that seems harder to control.
>
>I agree!
>
>Ray at work
>
>
>.
>
.
If you can do this in jsp, you can do it in ASP. Understanding the concept
is all it takes. After that, it's just a matter of learning how to
code-monkey in a different language. But, yes, what I suggest is dropping
the Excel file idea for the time being, and just work on creating a page
that would determine whether or not a person is authorized to *do
something*. AFter you have that worked out, worrry about what that
something is, which would be the Excel streaming thing. A real basic
sample:
page1.asp:
<form method="post" action="page2.asp">
<input name="txtUsername">
<input name="txtPassword" type="password">
<input type="submit">
page2.asp:
<%
sUsername = Request.Form("txtUsername")
sPassword = Request.Form("txtPassword")
If sUsername = "Rich" and sPassword = "snakeline" Then
Session("LoggedIn") = True
Else
Response.Redirect "page1.asp"
%>
<a href="page3.asp">Click here to get the file.</a>
page3.asp:
<%
If Session("LoggedIn") Then
'''your code to return Excel file
Else
Response.Write "You're not authorized to this file."
End If
%>
Ray at work
"Rich" <an*******@discussions.microsoft.com> wrote in message
news:01****************************@phx.gbl... Well, I am trying to prevent unauthorized people from
accessing the excel files through our intranet. What I am
thinking is that I could just have a plain htm file with a
submit form. The user submits their name (login ID, pwrd)
after selecting an excel file to view and calls the asp
which can open the excel file. The asp checks a database
for the name. If it finds the corresponding name,
name = request.Form("name")
...
If not isnull(check) Then
Response.ContenType = "application/vnd.ms-excel"
...
Else
Response.redirect(login.htm)
End If
something like this. Kinda basic. I suppose I could set
a session object, if the session object is not null, and
name is in db then... Truth is, I know how to do this in
jsp, still kinda new to asp and the web server at the
workplace happens to be IIS. So I need to learn asp.
Does the above plan look doable for a quicky (not real
sophisticated) page to view the excel reports with some
degree of security?
-----Original Message-----
Is this what you want to do? You're trying to prevent
people from leachingyour Excel files? Or are you trying to protect them from
unauthenticedusers or something? This all depends on what you're
trying to protect thefiles from.
Ray at work
"Rich" <an*******@discussions.microsoft.com> wrote in
messagenews:00****************************@phx.gbl... Thank you, again. Yes, that did the trick. Excel shows up OK now. But as for the securing part (and I apologize for my ignorance on this), here is the code that I tried, and tried to make it not work (change the ServerVariables),
but that did not work:
<%
ref = lcase(Request.ServerVariables("HTTP_REFERER"))
'if instr(ref, lcase("myServer"))>0 then
if instr(ref, lcase("vtu"))>0 then
'fn = "okay.gif"
Response.ContentType ="application/vnd.ms-excel"
FPath = "C:\test1.xls"
Set adoStream = Server.CreateObject("ADODB.Stream")
adoStream.Open()
adoStream.Type = 1
adoStream.LoadFromFile(FPath)
Response.BinaryWrite adoStream.Read()
adoStream.Close: Set adoStream = Nothing
Response.End
else
'fn = "warning.gif"
response.write("not authorized")
end if
%>
May I ask how I could invoke the else part of the code
above? Thank you again for showing me how to use the
adoStream.
Rich
>-----Original Message-----
>
>"Rich" <an*******@discussions.microsoft.com> wrote in
message
>news:0c****************************@phx.gbl...
>> Thank you for your response. I tried the code at
>>
>> http://www.aspfaq.com/2276
>>
>> It definitely seems interesting. However, for this line >> of the code
>>
>> adoStream.Type = 1
>
>Sorry, add this line to the top:
>Response.ContentType ="application/vnd.ms-excel"
>
>(There are two types:
>adTypeBinary (1)
>adTypeText (2)
>
>Excel files should be returned binarily, I'd think.)
>
>
>
>>
>> Thanks again for your reply. I guess there is always NT >> authentication, but that seems harder to control.
>
>I agree!
>
>Ray at work
>
>
>.
>
.
Again, thank you very much for this example. It is
perfect. And I humbly confess that my proficiency in jsp
is actually not much higher than asp except that I have a
bunch of textbooks for jsp already (just haven't used jsp
in the work environment). I should take a class in asp,
but looking at aspx (too many classes to keep up - need to
take vb7, c#). Hope you don't mind me learning asp on the
fly :).
Many thanks,
Rich -----Original Message-----
If you can do this in jsp, you can do it in ASP.
Understanding the conceptis all it takes. After that, it's just a matter of
learning how tocode-monkey in a different language. But, yes, what I
suggest is droppingthe Excel file idea for the time being, and just work on
creating a pagethat would determine whether or not a person is
authorized to *dosomething*. AFter you have that worked out, worrry about
what thatsomething is, which would be the Excel streaming thing.
A real basicsample:
page1.asp:
<form method="post" action="page2.asp">
<input name="txtUsername">
<input name="txtPassword" type="password">
<input type="submit">
page2.asp:
<%
sUsername = Request.Form("txtUsername")
sPassword = Request.Form("txtPassword")
If sUsername = "Rich" and sPassword = "snakeline" Then
Session("LoggedIn") = True
Else
Response.Redirect "page1.asp"
%>
<a href="page3.asp">Click here to get the file.</a>
page3.asp:
<%
If Session("LoggedIn") Then
'''your code to return Excel file
Else
Response.Write "You're not authorized to this file."
End If
%>
Ray at work
"Rich" <an*******@discussions.microsoft.com> wrote in
messagenews:01****************************@phx.gbl... Well, I am trying to prevent unauthorized people from
accessing the excel files through our intranet. What I
am thinking is that I could just have a plain htm file
with a submit form. The user submits their name (login ID,
pwrd) after selecting an excel file to view and calls the asp
which can open the excel file. The asp checks a
database for the name. If it finds the corresponding name,
name = request.Form("name")
...
If not isnull(check) Then
Response.ContenType = "application/vnd.ms-excel"
...
Else
Response.redirect(login.htm)
End If
something like this. Kinda basic. I suppose I could
set a session object, if the session object is not null, and
name is in db then... Truth is, I know how to do this
in jsp, still kinda new to asp and the web server at the
workplace happens to be IIS. So I need to learn asp.
Does the above plan look doable for a quicky (not real
sophisticated) page to view the excel reports with some
degree of security?
>-----Original Message-----
>Is this what you want to do? You're trying to prevent
people from leaching >your Excel files? Or are you trying to protect them
from unauthenticed >users or something? This all depends on what you're
trying to protect the >files from.
>
>Ray at work
>
>"Rich" <an*******@discussions.microsoft.com> wrote in
message >news:00****************************@phx.gbl...
>> Thank you, again. Yes, that did the trick. Excel
shows up >> OK now. But as for the securing part (and I
apologize for >> my ignorance on this), here is the code that I tried,
and >> tried to make it not work (change the
ServerVariables), >> but that did not work:
>>
>> <%
>> ref = lcase(Request.ServerVariables("HTTP_REFERER"))
>> 'if instr(ref, lcase("myServer"))>0 then
>> if instr(ref, lcase("vtu"))>0 then
>> 'fn = "okay.gif"
>> Response.ContentType ="application/vnd.ms-excel"
>> FPath = "C:\test1.xls"
>> Set adoStream = Server.CreateObject("ADODB.Stream")
>> adoStream.Open()
>> adoStream.Type = 1
>> adoStream.LoadFromFile(FPath)
>> Response.BinaryWrite adoStream.Read()
>> adoStream.Close: Set adoStream = Nothing
>> Response.End
>> else
>> 'fn = "warning.gif"
>> response.write("not authorized")
>> end if
>>
>> %>
>>
>> May I ask how I could invoke the else part of the
code >> above? Thank you again for showing me how to use the
>> adoStream.
>>
>> Rich
>>
>> >-----Original Message-----
>> >
>> >"Rich" <an*******@discussions.microsoft.com> wrote
in >> message
>> >news:0c****************************@phx.gbl...
>> >> Thank you for your response. I tried the code at
>> >>
>> >> http://www.aspfaq.com/2276
>> >>
>> >> It definitely seems interesting. However, for
this line >> >> of the code
>> >>
>> >> adoStream.Type = 1
>> >
>> >Sorry, add this line to the top:
>> >Response.ContentType ="application/vnd.ms-excel"
>> >
>> >(There are two types:
>> >adTypeBinary (1)
>> >adTypeText (2)
>> >
>> >Excel files should be returned binarily, I'd think.)
>> >
>> >
>> >
>> >>
>> >> Thanks again for your reply. I guess there is
always NT >> >> authentication, but that seems harder to control.
>> >
>> >I agree!
>> >
>> >Ray at work
>> >
>> >
>> >.
>> >
>
>
>.
>
. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Dan |
last post by:
Hello,
I am trying to read and write to an Excel file via my Java applet. I
have done so successfully on several simple Excel files that simply
had data cells without many complicated equations...
|
by: no one |
last post by:
I need to find a way to upload an Excel file into an MS SQL database
using a web control front end. I have my ASP.Net control (using C#)
uploading a file to a directory, but the server people now...
|
by: Jason Smith |
last post by:
I have recently designed an application in Ms Access with the
folllowing security:
1) Database is split into a front-end / backend with linked tables
2) All modules are password protected
3)...
|
by: Franck |
last post by:
Hi,
I'm using an xls file through my web service to print out a pdf file
from which I returned path.
In this way, got a macro in my XLS file which do the print out.
Testing it from the xls file...
|
by: Vishal |
last post by:
Hello,
I have a dataset with some content. I can convert this
dataset in a csv format which is then stored in a
stringwriter. Now I want this be open via excel, so I set
the contenttype...
|
by: Rich Ulichny |
last post by:
Not sure if this is correct newsgroup but I figured I had to start
somewhere.
We need to build a Web based application to allow users to choose an Excel
file from their hard drive (or other...
|
by: Trond Hindenes |
last post by:
Hello all,
I am working on a application for analyzing data from a SQL Server
Database using vb.net. THe application will mostly be web-based,
although we migt use some Windows Forms for some of...
|
by: Skijor |
last post by:
I just finished writing my first php script that manipulates a simple
shopping cart on a mySql database. I started with an example I found
on the web. The example hardcodes the database server,...
|
by: Looch |
last post by:
Was hoping I could get some insight on this. I added a text box and
command button to a web page and added the code in the .vb file to
open an existing Excel file based on what was typed in the...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
| |
