Parsing a local file

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a web app that needs to parse through a file that is located on the
client machine. I get the file string from a query string & then parse it.
It is working fine on my development box but when I put it out on the test
server the application is looking for the file on the server & not on the
client machine.

I am essentially taking the query string & using a stream reader to read the
file.

I'm sure i'm doing something whacky...so PLEASE set me straight!

Steve.
 
Browser security is going to prevent you from reading/writing
local files on the visitors PC. You are SOL unless you
write an ActiveX control, get the users to install it, and then
have them set their browser security settings to essentially
non-existant security.
 
I do have control over the clients....i mean I can have the clients give
access to aspnet to a specific folder, etc... would this help?
 
Ya.... a local file on the clients machine. I can't install anything to the
clients machine & the HTML file input control won't work either because we
don't want the users to search for the file...which is why it's getting
passed in the query string.

Any ideas?
 
Steve,
Ya.... a local file on the clients machine. I can't install anything to
the
clients machine & the HTML file input control won't work either because we
don't want the users to search for the file...which is why it's getting
passed in the query string.
Click to expand...
Microsoft has taken maybe hundreds of millions or more in this to make it
impossible to do what you want. You want an easy solution to do this.

Just my thought,

Cor
 
So is there no way to set the text for the File field? Even using Java
Script? Maybe hiding the file field & setting the text & then loading
that... I don't really care where I parse the file at...I could parse it
after I upload it...the main objective is to not allow the user to have to go
& select a file because the file is being passed by another application & our
users aren't very smart...we don't want them to try to find the file.

So how about some alternatives rather than Microsoft spending millions to
not allow programmers to do this.. which isn't very helpful.

Steve.
 
Think about the consequences of what you are asking.

How do I either read or write to a local file via a browser?
How do I upload a file via browser without the user explicitly doing so?

The security implications are astounding. Hackers would have (and have had)
a field day.

This is precisely why MS spent so much money (and apparently need
to spend more because their stuff still isn't as secure as it needs to be).

--
2004 and 2005 Microsoft MVP C#
Robbe Morris
http://www.robbemorris.com
http://www.masterado.net
 
A local application that our employees use starts the process.... this is
where i get the query string from. So the user is actually starting the
process & wants that file uploaded. I need the data within the file so that
I can write the information to our database. I have seen a few other cludgy
solutions to this same problem... javascript with a reference to an activeX
object.... send keys... and i have seen that many other people want to do the
same thing so it's not like i'm asking something that is completely off the
wall. I'm not asking to write the file...and i'm not asking to get a file
that the user doesn't know about...it's being sent in a query string from the
users machine.

In the real 'corporate' world there are plenty of users that you don't want
to even view a file system let alone select a file for upload. They have no
clue as to what a file even is let alone browsing through there system to
find a file.
 
Steve,
and i have seen that many other people want to do the
same thing so it's not like i'm asking something that is completely off
the
wall.
Click to expand...

You are right, however when there was only one, who succeeded in that, than
all Browser builders have again a big job to do. Stealing bankaccounts is
something that a lot of people want to do.

By the way, people asking this kind of questions are placing themselves in a
kind of suspected area whatever they say that the reason is.

Just my thought,

Cor
 
ok...so just to rest your paranoid mind, I work for a rather large insurance
broker. We have over 200 agents that use a product called FSC. FSC is a
rater for auto/home insurance. The product creates a temporary file that you
can pass to other applications for things like loading the data into other
systems like a agency management system. Our users barely know how to use
email & to ask them to go find a temporary file that is located in the Temp
directory under the Windows directory is just crazy. Which is why FSC has
built the functionality to pass the file to another application. Actually...
many applications do this... not just FSC. And maybe to your surprise they
aren't stealing bank accounts the users are actually initiating the process
and this is all controlled within the same network which is why on one of my
first messages I wrote that we control the desktop... i can set the
permissions... but I certainlyl don't want to set the permissions to allow
anyone access to the machine.

We are not the only Insurance broker who needs this type of functionality...
just about every Insurance Broker & Company needs this functionality because
our users just aren't that savy with the computer. It's much better to limit
our users so they can't make mistakes. Of course we could right a local and
instlal it to every machine...but then we will have the support costs
associated with installing the application on every desktop & then why in the
world do we have an intranet which was supposed to minimize those support
costs by producing applications that didn't need to be installed & could be
updated in 1 location.

I am quite surprised at my response here...I have had fairly good luck using
these message boards in the past... I have never been accused of stealing
bank accounts and if anyone from Microsoft wishes to find me they certainly
can with my registered version of MSDN. I have found work arounds to
this...but they certainly didn't come from this board. Only accusations of
stealing bank accounts & how it can't be done the way I initially ask.

Just fyi.... some people... i would guess most people out here are actually
here because they need help either in there process or code not because they
want to steal something. So being Mr. Police man just wastes peoples time
out here. If you don't know the solution...then don't respond. If you are
the Microsoft Message Board Police...then look up my account & give me a call
before accusing me publicly of stealing bank accounts.

Steve
 
Steve,

Did I said that you are trying to steal bank accounts.

The method you ask for is the first step to make that possible.

That is wherefore more and more access to the disk of the user is closed.

With JavaScript you could never do it, and with VBS for the web Microsoft
had to turn that off long ago. That is not because Microsoft, however
general rules for Browswer builders W3C.

You can screem as hard as you do, however they will not turn that back for
you

Just my thought,

Cor
 
lol...ok...so once more... I don't have to do it the way i initially asked...
i was looking for work arounds to my problem. I'm sure microsoft isn't going
to change code for 1 person.

Boy..you sure are helpful. After I wrote a long elaborate email stating my
intentions & saying how people are looking for suggestions to there problems
you still come back with a message that does absolutely no good & helps in no
way.

Thanks for your thoughts...but they were a complete waste of my time. And I
would say that you accused me of stealing bank accounts & that I was suspect
just because I asked the question. fyi...to scream on message boards you
type in all caps.... just a helpful tip.

Steve.
 
Steve,

I did not say that you were trying to steal bankaccounts. You said many
people want this functionality. And than I said that there are a lot of
people who want this functionality to steal bankaccounts.

You did not ask for an solution in this thread. You wanted your solution
because the whole world needs that.

Why don't you do it as everybody else. One HTML input file control on your
page and use that to get the file, than you can sent after an acknowledge.
Probably you can even combine that with some more work. I have seen some
pages for that on MSDN.

However you are right I spent to much time in this thread.

Cor
 
Steve a écrit :
ok...so just to rest your paranoid mind
Click to expand...

<snip>

1) There is no such thing as "Microsoft Message Board Police" around
here, except for the most patent spams. Be assured that your message
won't be erased, stamped or placed under NSA surveillance ;-)

2) Nobody is accusing you from stealing bank accounts. People are
explaining you that the possiblity you ask is a dangerous security hole
that could afford to do such a thing, and that is why it is best left
forbidden.

3) Try to think from a security point of view : I do not know you,
neither anyone in this newsgroup. Therefore, as far as I am concerned,
your explanation concerning your work could be a fairy tale and you
could be just another wanabee-hacker (I am not accusing you of anything
here : I am just trying to explain you the "security-first" mind you
should have when dealing with Internet apps). It's not a matter of
being paranoid : it's a matter of professionnal responsability when
exposing company critical information to the outside world (which
happens pretty much as soon as you put it on an HTTP network).

This said, there are probably many workarounds to your problem : For
example, can FSC be configured to copy the temp file to a network
share, where it would be accessible to the server?

Arnaud
MVP - VC
 
Thank you Arnaud for at least trying to offer a suggestion. That's all I was
after... I know there are no Microsoft Police... i was just making a point
that people out here are after suggestions to there problems. FSC only
offers the ability to pass a string with a path & file name...no ability to
copy or move the file.

I was only asking for suggestions to my problem... in my first message, I
stated that I was probably doing something whacky....so please set me
straight. I have no idea how that turned into, "Stealing bankaccounts is
something that a lot of people want to do. By the way, people asking this
kind of questions are placing themselves in a kind of suspected area whatever
they say that the reason is."

From Cor Lighthert.

fyi,

http://4umi.com/web/javascript/filteread.htm for those of you dealing with
this issue in a corprate intranet. I have also seen some sendkeys
solutions..both are a bit cheesy but if they work around the problem then it
suits the business needs.

Steve.
 
The browser is always going to be a problem for you.

You should probably consider writing a .NET windows service to install
on their PCs. It would use a SystemFileWatcher to sit and wait
on new files being created by this other application. Upon
receiving the event, your windows service could upload
the file to your web site and pass the machine name or
even the windows id associated with the file.

You'll need to give some thought as to the way you
want to associate your web site user accounts with the
upload files from your service. 99.9% of the time, the
local file should be uploaded to your web server prior
to the user ever logging onto the web site.

--
2004 and 2005 Microsoft MVP C#
Robbe Morris
http://www.robbemorris.com
http://www.masterado.net
 
Thanks for the info robbe... ya..i am ending up having to write a local app
that will just send the file to a webservice & the local app will spawn the
web page.

Thanks for the thoughts.

Steve.
 
Back
Top