0

I'm currently downloading a file from my Web API using a C# RestClient. This is my current code for returning a file from the Web API part: 

[HttpGet]
public HttpResponseMessage Generate()
{
var stream = new MemoryStream();
// processing the stream.

var result = new HttpResponseMessage(HttpStatusCode.OK)
{
    Content = new ByteArrayContent(stream.GetBuffer())
};
result.Content.Headers.ContentDisposition =
    new System.Net.Http.Headers.ContentDispositionHeaderValue("attachment")
{
    FileName = "CertificationCard.pdf"
};
result.Content.Headers.ContentType =
    new MediaTypeHeaderValue("application/octet-stream");

return result;
}

Taken from this: How to return a file (FileContentResult) in ASP.NET WebAPI

My question is then, how can i validate that the file is downloaded correctly - can i somehow provide an MD5 checksum on the ByteArray and check this in the RestClient, or is this complete unnecessary?

Community
  • 1
  • 1
MMM
  • 311
  • 5
  • 14
  • 30
  • See posting : http://stackoverflow.com/questions/10520048/calculate-md5-checksum-for-a-file – jdweng Jan 04 '17 at 10:25
  • 1
    You would generate a hash of the file, add it as a response header and verify when the download completes within the client. This would only make sense if you think there is a chance of corruption of the data within your stream or network issues outside the ability of TCP error correction to handle. How necessary this is is a judgement call, see http://serverfault.com/questions/692457/why-is-it-good-practice-to-compare-checksums-when-downloading-a-file – Alex K. Jan 04 '17 at 10:38
  • Thanks @AlexK. i ended up adding the MD5Hash in the headers, worked perfectly! :-) please leave this as an answer – MMM Jan 04 '17 at 11:57
  • _"or is this complete unnecessary?"_ - that depends on what exactly you're trying to prove. – CodeCaster Jan 04 '17 at 12:42
  • @CodeCaster i thought WebAPI might have some sort of way, handling this, so we would make sure that the file was properly delivered. – MMM Jan 04 '17 at 20:19
  • Still, _"the file was properly delivered"_ is not specific enough. Sure, you can add an MD5 checksum, but that still might not prove what you want to prove. – CodeCaster Jan 04 '17 at 21:15
  • @CodeCaster sorry about that! :-) I'm also mixing things up.. I would make sure that the file downloaded, is the same file as from the Web API, but we can thank the TCP protocol for that, and add the MD5 checksum, to make sure that they are the same, and that the site ain't compromised. – MMM Jan 05 '17 at 09:29

1 Answers1

2

You would generate a hash of the file, add it as a response header and verify when the download completes within the client.

This would only make sense if you think there is a chance of corruption of the data within your stream or network issues outside the ability of TCP error correction to handle.

How necessary this is is a judgement call, see Why is it good practice to compare checksums when downloading a file? for a discussion. (Considering the hash & data originate from the same place in the same response, the security considerations don't really apply)

Community
  • 1
  • 1
Alex K.
  • 171,639
  • 30
  • 264
  • 288