0

I am working on asp.net and i have to download pdf file from page. I wrote the following code, it download well but type of file become "file".

Response.Clear()
Response.ContentType = "application/octet-stream"
Response.AppendHeader("Content-Disposition", "filename=" + UnderProcessArticle_RadComboBox.SelectedValue) 
Response.TransmitFile(Server.MapPath("~\Articles\" + UnderProcessArticle_RadComboBox.SelectedValue + ".pdf"))

I want that when file download it would be in .pdf extention.what channging i should do????

Hien Nguyen
  • 24,551
  • 7
  • 52
  • 62
Ubaid
  • 77
  • 10
  • You know if someone modified the value of that combo box, they could potentially request any file they want? Directory traversal attack. – mason May 02 '19 at 15:48
  • 2
    Anyways, why don't you use the proper MIME type for a PDF? `application/pdf` – mason May 02 '19 at 15:48
  • this is admin page ,only admin can access...but how i can solve this if want do such scenerio publically. – Ubaid May 02 '19 at 15:52
  • 1
    You forgot to add ".pdf" to the `filename=` part. And the string concatenation operator in VB is `&`, not `+`. – Andrew Morton May 02 '19 at 15:53
  • When a user selects a file to download, you should verify that they do indeed have access to that file. Rather than selecting them by filename, you might assign an ID to each file, then check what ID's the user should have access to. If they do have access, then retrieve the path to the file from your database. The important thing is that you can't trust user input. – mason May 02 '19 at 15:56
  • yess..thankyou..it was the problem...+ is also working well in vb for concatenation – Ubaid May 02 '19 at 15:57
  • hi, Also to add on how about you append the file name with Content-type. For example store content-type and append content-type with the end of the filename while you are saving. This way no matter which file type you save it will save the respective file accordingly example: .pdf , .jpg , png etc., – Suraj Revankar May 02 '19 at 15:57
  • i say just help that + is also working well in vb ..and what is the difference between + and & in vb..@AndrewMorton – Ubaid May 02 '19 at 16:13
  • @Ubaid [Ampersand vs plus for concatenating strings in VB.NET](https://stackoverflow.com/q/3006153/1115360). – Andrew Morton May 02 '19 at 19:27

1 Answers1

0

You must ensure the header Content Type returned is the correct one, so for pdf you cannot use application/octet-stream.

If you what to get the correct type from the file name use System.Web.MimeMapping

the bellow example is in C#, but I think you will understand..

response.Content.Headers.ContentType =
 new MediaTypeHeaderValue(MimeMapping.GetMimeMapping(fileName));
Rui Caramalho
  • 455
  • 8
  • 16