1

I've got a legacy flash app (no access to the source) that when it completes it opens a pdf in a new window automatically.

Is there some way to prevent this one file at this one specific location from opening (again, keeping in mind I cant edit the flash)

So it opens to http://site.com/Files/Video/Completion.pdf directly in the browser, no handler or anything to change.

Improve this question

2 Answers 2

Reset to default
4

You can drop a web.config in that folder which will prevent the files from being accessed unless they are in a specific role:

<configuration>
    <system.web>
        <authorization>
           <allow roles="WHATEVER-ALLOWED-ROLES"/>
           <deny users="*"/>
        </authorization>
    </system.web>
</configuration>

If you only want to lock down that specific file you can wrap that <system.web> with <location path="filepath-and-name">

This will likely require you to add the following handler to your root web.config in the "handlers" section, as usually IIS will serve up the file before ASP.NET touches it. This will make PDFs go through ASP.NET which can then handle the Role restrictions from above:

<add name="PDFHandler-Integrated" path="*.pdf" verb="GET" type="System.Web.StaticFileHandler" modules="ManagedPipelineHandler" requireAccess="Script" preCondition="integratedMode" />
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Ahhh okay good call...guess I'm SOL here then gonna have to lock the file.
This works. However, in our website, if a user logs in, then later logs out but doesn't close the browser, the pdf file can still be accessed, even when I use Firebug to delete all the browser cookies shown. Also, if I only close the browser tab, but don't close the browser, I can still access the file. If I clear my browser cache though, or close the browser, then I can't access the pdf file until I log in. This is one of the reasons why banks and credit card company sites strongly suggest closing your browser after logging out.
@BryanHepburn yeah you can probably play with caching on the server/in the code to prevent that from happening.
0

You could lock the file down on the web server or delete it? If you can't alter the source you can't prevent the window.open from happening, but you can prevent the delivery.

Improve this answer

1 Comment

Yeah, the window.open has me stuck :/ What about this though...could I somehow file to a page which just closes itself in js :) I guess I'd have to what send pdfs though the IIS pipe then?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.