Scott Hanselman

Getting a BASE64'ed Adobe Acrobat PDF file out of a Soap Envelope with Classic ASP

October 11, '04 Comments [0] Posted in ASP.NET | TechEd | Web Services | XML
Sponsored By

UPDATE: Simon Fell caught me in the midst of evil, as he rightfully points out that when one bypasses a SOAP Stack and "does their own thing" as I have here, I must perform the SOAP Processing Rules.  I've update the code below, changes in RED. 

NOTE: In the interest of correctness, I've included namespace qualification in the NEW code.

A fellow emailed me wanting to get a PDF file out of a SOAP Envelope and write it directly out to the browser using Classic ASP.  Here's the code I used:

<%
Set m_Doc = Server.CreateObject("MSXML2.DOMDocument.4.0")
m_Doc.async = false
m_Doc.ValidateOnParse = false
'This could come from whereever, ADO, a file, another Web Service.
m_Doc.Load Server.MapPath(".") + "
\\soapresponse.txt
m_Doc.setProperty "SelectionNamespaces", "xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/' xmlns:def='http://localhost/'"

'There's nothing that I DO understand, so if there's anything I must, I'm screwed.
Set oHeader = m_Doc.selectNodes("//soap:Envelope/soap:Header/*[@soap:mustUnderstand = '1']")
If (Not oHeader Is Nothing) Then
   If (oHeader.Length > 0) Then
      Response.Write("Crap! I can't continue! What to do?")
      Response.End
   End If
End If

'Yes, it's a // XPath, but that's the LEAST of our problems before we get into microperf
Set oNode = m_Doc.selectSingleNode("//def:GetImageAsBase64Result")
'This is the Magic that makes it possible.  Otherwise you'll get a string.
oNode.dataType = "bin.base64"
Response.ContentType="application/pdf"
Response.AddHeader "Content-Disposition", "filename=whatever.pdf"
Response.BinaryWrite oNode.nodeTypedValue
%>

This is given a SOAP Response like this:

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<GetImageAsBase64Response xmlns="
http://localhost/">
<GetImageAsBase64Result>JVBERi0xLjI SNIP....etc...

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Superman is dead, world mourns

October 11, '04 Comments [2] Posted in Musings
Sponsored By

 

Truly a great man who was dealt a massive blow and took it with stride.  I'm inspired not to complain about my own chronic illness when faced with Christopher Reeve's strength.

- Scott Hanselman, 10/10/2004 11:14pm

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

ASP.NET Security Vulnerability

October 8, '04 Comments [0] Posted in ASP.NET | HttpModule
Sponsored By

This has been blogged about over and over.  This is another case where if you had UrlScan or any decent security url filter installed on your box, you'd be fine.  Certainly it's a problem in ASP.NET, and Microsoft has an HttpModule to fix it.  This means you can install this once and get the fix on all your systems, rather than adding it in the BeginRequest of the Global.asax.cs.

One interesting note, if you're confirming the user's Security Principal and Identity (WindowsPrincipal, FormsIdentity) via code, or are using a custom Principal (as I do as a best practice) your code will catch this problem even if ASP.NET Form's Authentication's AuthorizationModule didn't.

1) Updated http://www.microsoft.com/security/incident/aspnet.mspx with new information about the reported vulnerability.  This should help clear up some of the confusion we've seen about what is affected by this.  To be super clear, all ASP.NET applications, on ALL OS's should follow the guidance provided.

2) A new HTTP Module mitigation best practice.  This is in the form of an MSI installer that will help protect all ASP.NET applications on a Web server.  This MSI installer will place a binary into the GAC and update the machine.config file for ASP.NET.  You can find download information at http://www.microsoft.com/downloads/details.aspx?FamilyID=da77b852-dfa0-4631-aaf9-8bcc6c743026&displaylang=en

You can also download the MSI directly at http://download.microsoft.com/download/4/6/1/461433d5-cbac-4721-85cb-c5a514fd0049/VPModule.msi

3) Detailed guidance about the HTTP Module, how the MSI works, and how to deploy it.  You can find this KB Article at http://support.microsoft.com/?kbid=887289

 

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Google SMS launches

October 8, '04 Comments [3] Posted in Musings
Sponsored By

Wow…on a Blackberry this is WAY faster and more useful than the WAP browser.  I did a Google 97229 and found my local Target. :) 

Google SMSHow cool is this: With the new Google SMS service, you can do basic Google queries from any SMS-capable phone (which is darn near all of them) by sending text messages to 46645 (GOOGL).  Results usually come within a minute, and are text-based only - no links or other craziness that could screw up an SMS.  So far, you can get local business listings, product prices and comparisons, dictionary definitions, and more is planned soon (or already there and they just haven’t told us about it yet).  So, for instance, enter something like “Starbucks 10016” and you’ll get a response with nearest place to get burnt-tasting, overpriced coffee.  Well, near us, anyway, unless you change the “10016.”  Give it a go and let us know how it works for you.  So far our results have been positive.
[Engadget]

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Addressing a PDF at the Page Level with an URL

October 7, '04 Comments [0] Posted in Musings
Sponsored By

Here's one of those "I figured it must be possible but never tried" kind of things.

You can address a page in a PDF like this.  You can also have named bookmarks/destinations:

<a href="http://www.mydomain.com/myPDF.pdf#page=6">Link text</a>

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.