Parsing a local file

A local application that our employees use starts the process.... this is
where i get the query string from. So the user is actually starting the
process & wants that file uploaded. I need the data within the file so that
I can write the information to our database. I have seen a few other cludgy
solutions to this same problem... javascript with a reference to an activeX
object.... send keys... and i have seen that many other people want to do the
same thing so it's not like i'm asking something that is completely off the
wall. I'm not asking to write the file...and i'm not asking to get a file
that the user doesn't know about...it's being sent in a query string from the
users machine.

In the real 'corporate' world there are plenty of users that you don't want
to even view a file system let alone select a file for upload. They have no
clue as to what a file even is let alone browsing through there system to
find a file.

"Robbe Morris [C# MVP]" wrote:

You still haven't really explained why you need to read/write/upload
a file from their machine without them knowing?

What is in the file that you need a browser to have access to?

--
2004 and 2005 Microsoft MVP C#
Robbe Morris
http://www.robbemorris.com
http://www.masterado.net

"Steve" <St***@discussi ons.microsoft.c om> wrote in message
news:1A******** *************** ***********@mic rosoft.com...

Ya.... a local file on the clients machine. I can't install anything to
the
clients machine & the HTML file input control won't work either because we
don't want the users to search for the file...which is why it's getting
passed in the query string.

Any ideas?

"Robbe Morris [C# MVP]" wrote:

Nothing to do with ASP.NET. You'd have to lower each of
their security settings in the browser to the lowest level possible.
Even then, the browser might not enable you to do this.

Why is it that you need to read/write a local file? Perhaps
you can achieve your goal another way.

--
2004 and 2005 Microsoft MVP C#
Robbe Morris
http://www.robbemorris.com
http://www.masterado.net/home/listings.aspx

"Steve" <St***@discussi ons.microsoft.c om> wrote in message
news:8C******** *************** ***********@mic rosoft.com...
>I do have control over the clients....i mean I can have the clients give
> access to aspnet to a specific folder, etc... would this help?
>
> "Steve" wrote:
>
>> I have a web app that needs to parse through a file that is located on
>> the
>> client machine. I get the file string from a query string & then
>> parse
>> it.
>> It is working fine on my development box but when I put it out on the
>> test
>> server the application is looking for the file on the server & not on
>> the
>> client machine.
>>
>> I am essentially taking the query string & using a stream reader to
>> read
>> the
>> file.
>>
>> I'm sure i'm doing something whacky...so PLEASE set me straight!
>>
>> Steve.

Steve,

and i have seen that many other people want to do the
same thing so it's not like i'm asking something that is completely off
the
wall.

You are right, however when there was only one, who succeeded in that, than
all Browser builders have again a big job to do. Stealing bankaccounts is
something that a lot of people want to do.

By the way, people asking this kind of questions are placing themselves in a
kind of suspected area whatever they say that the reason is.

Just my thought,

Cor

ok...so just to rest your paranoid mind, I work for a rather large insurance
broker. We have over 200 agents that use a product called FSC. FSC is a
rater for auto/home insurance. The product creates a temporary file that you
can pass to other applications for things like loading the data into other
systems like a agency management system. Our users barely know how to use
email & to ask them to go find a temporary file that is located in the Temp
directory under the Windows directory is just crazy. Which is why FSC has
built the functionality to pass the file to another application. Actually...
many applications do this... not just FSC. And maybe to your surprise they
aren't stealing bank accounts the users are actually initiating the process
and this is all controlled within the same network which is why on one of my
first messages I wrote that we control the desktop... i can set the
permissions... but I certainlyl don't want to set the permissions to allow
anyone access to the machine.

We are not the only Insurance broker who needs this type of functionality.. .
just about every Insurance Broker & Company needs this functionality because
our users just aren't that savy with the computer. It's much better to limit
our users so they can't make mistakes. Of course we could right a local and
instlal it to every machine...but then we will have the support costs
associated with installing the application on every desktop & then why in the
world do we have an intranet which was supposed to minimize those support
costs by producing applications that didn't need to be installed & could be
updated in 1 location.

I am quite surprised at my response here...I have had fairly good luck using
these message boards in the past... I have never been accused of stealing
bank accounts and if anyone from Microsoft wishes to find me they certainly
can with my registered version of MSDN. I have found work arounds to
this...but they certainly didn't come from this board. Only accusations of
stealing bank accounts & how it can't be done the way I initially ask.

Just fyi.... some people... i would guess most people out here are actually
here because they need help either in there process or code not because they
want to steal something. So being Mr. Police man just wastes peoples time
out here. If you don't know the solution...then don't respond. If you are
the Microsoft Message Board Police...then look up my account & give me a call
before accusing me publicly of stealing bank accounts.

Steve

"Cor Ligthert" wrote:

Steve,

and i have seen that many other people want to do the
same thing so it's not like i'm asking something that is completely off
the
wall.

You are right, however when there was only one, who succeeded in that, than
all Browser builders have again a big job to do. Stealing bankaccounts is
something that a lot of people want to do.

By the way, people asking this kind of questions are placing themselves in a
kind of suspected area whatever they say that the reason is.

Just my thought,

Cor

Steve,

Did I said that you are trying to steal bank accounts.

The method you ask for is the first step to make that possible.

That is wherefore more and more access to the disk of the user is closed.

With JavaScript you could never do it, and with VBS for the web Microsoft
had to turn that off long ago. That is not because Microsoft, however
general rules for Browswer builders W3C.

You can screem as hard as you do, however they will not turn that back for
you

Just my thought,

Cor

lol...ok...so once more... I don't have to do it the way i initially asked...
i was looking for work arounds to my problem. I'm sure microsoft isn't going
to change code for 1 person.

Boy..you sure are helpful. After I wrote a long elaborate email stating my
intentions & saying how people are looking for suggestions to there problems
you still come back with a message that does absolutely no good & helps in no
way.

Thanks for your thoughts...but they were a complete waste of my time. And I
would say that you accused me of stealing bank accounts & that I was suspect
just because I asked the question. fyi...to scream on message boards you
type in all caps.... just a helpful tip.

Steve.

"Cor Ligthert" wrote:

Steve,

Did I said that you are trying to steal bank accounts.

The method you ask for is the first step to make that possible.

That is wherefore more and more access to the disk of the user is closed.

With JavaScript you could never do it, and with VBS for the web Microsoft
had to turn that off long ago. That is not because Microsoft, however
general rules for Browswer builders W3C.

You can screem as hard as you do, however they will not turn that back for
you

Just my thought,

Cor

Steve,

I did not say that you were trying to steal bankaccounts. You said many
people want this functionality. And than I said that there are a lot of
people who want this functionality to steal bankaccounts.

You did not ask for an solution in this thread. You wanted your solution
because the whole world needs that.

Why don't you do it as everybody else. One HTML input file control on your
page and use that to get the file, than you can sent after an acknowledge.
Probably you can even combine that with some more work. I have seen some
pages for that on MSDN.

However you are right I spent to much time in this thread.

Cor

Steve a écrit :

ok...so just to rest your paranoid mind

<snip>

1) There is no such thing as "Microsoft Message Board Police" around
here, except for the most patent spams. Be assured that your message
won't be erased, stamped or placed under NSA surveillance ;-)

2) Nobody is accusing you from stealing bank accounts. People are
explaining you that the possiblity you ask is a dangerous security hole
that could afford to do such a thing, and that is why it is best left
forbidden.

3) Try to think from a security point of view : I do not know you,
neither anyone in this newsgroup. Therefore, as far as I am concerned,
your explanation concerning your work could be a fairy tale and you
could be just another wanabee-hacker (I am not accusing you of anything
here : I am just trying to explain you the "security-first" mind you
should have when dealing with Internet apps). It's not a matter of
being paranoid : it's a matter of professionnal responsability when
exposing company critical information to the outside world (which
happens pretty much as soon as you put it on an HTTP network).

This said, there are probably many workarounds to your problem : For
example, can FSC be configured to copy the temp file to a network
share, where it would be accessible to the server?

Arnaud
MVP - VC

Thank you Arnaud for at least trying to offer a suggestion. That's all I was
after... I know there are no Microsoft Police... i was just making a point
that people out here are after suggestions to there problems. FSC only
offers the ability to pass a string with a path & file name...no ability to
copy or move the file.

I was only asking for suggestions to my problem... in my first message, I
stated that I was probably doing something whacky....so please set me
straight. I have no idea how that turned into, "Stealing bankaccounts is
something that a lot of people want to do. By the way, people asking this
kind of questions are placing themselves in a kind of suspected area whatever
they say that the reason is."

From Cor Lighthert.

fyi,

http://4umi.com/web/javascript/filteread.htm for those of you dealing with
this issue in a corprate intranet. I have also seen some sendkeys
solutions..both are a bit cheesy but if they work around the problem then it
suits the business needs.

Steve.

"ad******@c lub-internet.fr" wrote:

Steve a écrit :

ok...so just to rest your paranoid mind

<snip>

1) There is no such thing as "Microsoft Message Board Police" around
here, except for the most patent spams. Be assured that your message
won't be erased, stamped or placed under NSA surveillance ;-)

2) Nobody is accusing you from stealing bank accounts. People are
explaining you that the possiblity you ask is a dangerous security hole
that could afford to do such a thing, and that is why it is best left
forbidden.

3) Try to think from a security point of view : I do not know you,
neither anyone in this newsgroup. Therefore, as far as I am concerned,
your explanation concerning your work could be a fairy tale and you
could be just another wanabee-hacker (I am not accusing you of anything
here : I am just trying to explain you the "security-first" mind you
should have when dealing with Internet apps). It's not a matter of
being paranoid : it's a matter of professionnal responsability when
exposing company critical information to the outside world (which
happens pretty much as soon as you put it on an HTTP network).

This said, there are probably many workarounds to your problem : For
example, can FSC be configured to copy the temp file to a network
share, where it would be accessible to the server?

Arnaud
MVP - VC

The browser is always going to be a problem for you.

You should probably consider writing a .NET windows service to install
on their PCs. It would use a SystemFileWatch er to sit and wait
on new files being created by this other application. Upon
receiving the event, your windows service could upload
the file to your web site and pass the machine name or
even the windows id associated with the file.

You'll need to give some thought as to the way you
want to associate your web site user accounts with the
upload files from your service. 99.9% of the time, the
local file should be uploaded to your web server prior
to the user ever logging onto the web site.

--
2004 and 2005 Microsoft MVP C#
Robbe Morris
http://www.robbemorris.com
http://www.masterado.net

"Steve" <St***@discussi ons.microsoft.c om> wrote in message
news:45******** *************** ***********@mic rosoft.com...

Thank you Arnaud for at least trying to offer a suggestion. That's all I
was
after... I know there are no Microsoft Police... i was just making a point
that people out here are after suggestions to there problems. FSC only
offers the ability to pass a string with a path & file name...no ability
to
copy or move the file.

I was only asking for suggestions to my problem... in my first message, I
stated that I was probably doing something whacky....so please set me
straight. I have no idea how that turned into, "Stealing bankaccounts is
something that a lot of people want to do. By the way, people asking this
kind of questions are placing themselves in a kind of suspected area
whatever
they say that the reason is."

From Cor Lighthert.

fyi,

http://4umi.com/web/javascript/filteread.htm for those of you dealing
with
this issue in a corprate intranet. I have also seen some sendkeys
solutions..both are a bit cheesy but if they work around the problem then
it
suits the business needs.

Steve.

"ad******@c lub-internet.fr" wrote:

Steve a écrit :

> ok...so just to rest your paranoid mind

<snip>

1) There is no such thing as "Microsoft Message Board Police" around
here, except for the most patent spams. Be assured that your message
won't be erased, stamped or placed under NSA surveillance ;-)

2) Nobody is accusing you from stealing bank accounts. People are
explaining you that the possiblity you ask is a dangerous security hole
that could afford to do such a thing, and that is why it is best left
forbidden.

3) Try to think from a security point of view : I do not know you,
neither anyone in this newsgroup. Therefore, as far as I am concerned,
your explanation concerning your work could be a fairy tale and you
could be just another wanabee-hacker (I am not accusing you of anything
here : I am just trying to explain you the "security-first" mind you
should have when dealing with Internet apps). It's not a matter of
being paranoid : it's a matter of professionnal responsability when
exposing company critical information to the outside world (which
happens pretty much as soon as you put it on an HTTP network).

This said, there are probably many workarounds to your problem : For
example, can FSC be configured to copy the temp file to a network
share, where it would be accessible to the server?

Arnaud
MVP - VC

Thanks for the info robbe... ya..i am ending up having to write a local app
that will just send the file to a webservice & the local app will spawn the
web page.

Thanks for the thoughts.

Steve.

"Robbe Morris [C# MVP]" wrote:

The browser is always going to be a problem for you.

You should probably consider writing a .NET windows service to install
on their PCs. It would use a SystemFileWatch er to sit and wait
on new files being created by this other application. Upon
receiving the event, your windows service could upload
the file to your web site and pass the machine name or
even the windows id associated with the file.

You'll need to give some thought as to the way you
want to associate your web site user accounts with the
upload files from your service. 99.9% of the time, the
local file should be uploaded to your web server prior
to the user ever logging onto the web site.

--
2004 and 2005 Microsoft MVP C#
Robbe Morris
http://www.robbemorris.com
http://www.masterado.net

"Steve" <St***@discussi ons.microsoft.c om> wrote in message
news:45******** *************** ***********@mic rosoft.com...

Thank you Arnaud for at least trying to offer a suggestion. That's all I
was
after... I know there are no Microsoft Police... i was just making a point
that people out here are after suggestions to there problems. FSC only
offers the ability to pass a string with a path & file name...no ability
to
copy or move the file.

I was only asking for suggestions to my problem... in my first message, I
stated that I was probably doing something whacky....so please set me
straight. I have no idea how that turned into, "Stealing bankaccounts is
something that a lot of people want to do. By the way, people asking this
kind of questions are placing themselves in a kind of suspected area
whatever
they say that the reason is."

From Cor Lighthert.

fyi,

http://4umi.com/web/javascript/filteread.htm for those of you dealing
with
this issue in a corprate intranet. I have also seen some sendkeys
solutions..both are a bit cheesy but if they work around the problem then
it
suits the business needs.

Steve.

"ad******@c lub-internet.fr" wrote:

Steve a écrit :
> ok...so just to rest your paranoid mind

<snip>

1) There is no such thing as "Microsoft Message Board Police" around
here, except for the most patent spams. Be assured that your message
won't be erased, stamped or placed under NSA surveillance ;-)

2) Nobody is accusing you from stealing bank accounts. People are
explaining you that the possiblity you ask is a dangerous security hole
that could afford to do such a thing, and that is why it is best left
forbidden.

3) Try to think from a security point of view : I do not know you,
neither anyone in this newsgroup. Therefore, as far as I am concerned,
your explanation concerning your work could be a fairy tale and you
could be just another wanabee-hacker (I am not accusing you of anything
here : I am just trying to explain you the "security-first" mind you
should have when dealing with Internet apps). It's not a matter of
being paranoid : it's a matter of professionnal responsability when
exposing company critical information to the outside world (which
happens pretty much as soon as you put it on an HTTP network).

This said, there are probably many workarounds to your problem : For
example, can FSC be configured to copy the temp file to a network
share, where it would be accessible to the server?

Arnaud
MVP - VC