ARCHIVES: June 2011

Securing Files In ASP.NET, Preventing Direct Access From Browsers

Tri Nguyen | June 20, 2011 | ADD COMMENT

Preventing Direct File Access

Assuming any file in the "secure" folder, http://www.website.com/files/secure/, is protected and may only be accessed by authorized user. This mean, if we place a "test.pdf" file inside the secure folder, it cannot be accessed when user types "http://www.website.com/files/secure/test.pdf" in the browser. To achieve that, we need to add the following handler in the Web.Config file.

<system.web>
   <httpHandlers>
      <add verb="*" path="files/secure/*.*" type="System.Web.HttpForbiddenHandler"/>
   </httpHandlers>
</system.web>

Delivering Files To Authorized Users

The handler above instructs ASP.NET to return 403 Error when user attempts to access any file inside the "secure" folder. Therefore, in order to grant user access to the secured files, we need a dynamic page that will read the file content and flush out into the response stream, e.g. http://www.website.com/file.aspx?id=12345, where 12345 is the identification for "test.pdf" file. There a number of things that we can check in file.aspx page before granting access to users such as login, expiration date, etc. The following is a quick demo written in VB.NET:

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load

   Me.Response.Clear()

   Dim strFileId as String = Me.Request.QueryString("id").ToString()

   If(strFileId.length > 0) Then
     
      If (System.IO.File.Exists(Server.MapPath("files/secure/test.pdf")) Then

         Me.Response.ContentType = "application/x-pdf"

         Dim arrBytes As Byte() = System.IO.File.ReadAllBytes(Server.MapPath("files/secure/test.pdf"))

         If (arrBytes IsNot Nothing And arrBytes.Length > 0) Then

            Me.Response.OutputStream.Write(arrBytes, 0, arrBytes.Length)

         Else

            Me.Response.Write("File Not Found")

         End If

      Else

         Me.Response.Write("File Not Found")

      End If

   Else

      Me.Response.Write("File Not Found")

   End If

   Me.Response.End()
  
End Sub

If anyone has a different idea of handling this kind of data processing, I would love to hear them. Once again, thank you for visiting.

Sending Text Message From Your E-mail

Tri Nguyen | June 13, 2011 | ADD COMMENT

Generally, Text Messaging System is very much similar to any other E-mail Systems, in term structures and data processes. In fact, I think it's legitimate to consider it as a modified version of an E-mail system. Perhaps, that is the reason why our mobile number also comes in a form of E-mail, which not many people are aware about the fact that our mobile number is really a disguised version of an E-mail.

The following is a list of some of the major carriers in the United States and their mobile E-mail addresses. If your carrier is not listed, try to Google it. You'll be surprise to see more information than you've intended to find.

Carrier Email
T-Mobile [10-digit phone number]@tmomail.net
AT&T [10-digit phone number]@txt.att.net
Sprint [10-digit phone number]@messaging.sprintpcs.com
Verizon [10-digit phone number]@vtext.com

I also implemented a simple mail form to demonstrate this process. See Our Demo

Share on Facebook - Two Simple Methods

Tri Nguyen | June 08, 2011 | ADD COMMENT
Method 1:
http://www.facebook.com/sharer.php?u=http://www.tringuyen.info

In the example above, all we have to do is specifying the link that we want to share. Facebook API will pick up the default page title, description, and image automatically. If default image is not specified in the header, then first image will be used.
View Demo 1

Method 2:

http://www.facebook.com/sharer.php?s=100&p[title]=TRINGUYEN.INFO%20-%20A%20Developer%20Journal&p[url]=http://tringuyen.info&p[summary]=Click%20Here%20to%20visit%20TriNGUYEN.INFO%20-%20A%20developer%20journal&p[images][0]=http://tringuyen.info/images/fb_icon.jpg

The second example allows us to fully customize all 4 properties: page title, share link, summary, image. This example is useful when adding share links to a list of entries such as blog entries or news items. If we use the first example above to share a list of items, then all share entries will look the same, which basically will make the shared content look boring and ineffective.
View Demo 2

Free Phone Call To The United States and Canada Using Gmail Accounts

Tri Nguyen | June 05, 2011 | ADD COMMENT

If you don't see the "Call phone" option after logging into your Gmail account, that mean you have not signed up for Google Voice account. In such case, there is no need to worry, you can easily sign up at http://www.gmail.com/call/.

I have been using this feature for quite sometime now, and I really enjoy it. It's very convenience, especially when my cell phone had weak signal or when I forgot to bring my phone. More importantly, it allows love ones outside the United States to make unlimited phone call to United States and Canada for FREE!

SQL Split Function

Tri Nguyen | June 05, 2011 | ADD COMMENT
The following is my simplified version of the SQL Split Function:
ALTER FUNCTION fnSplit
(
    @strInput nvarchar(1000),
    @delimiter nvarchar(1)
)

RETURNS @table table
(
    id int identity(1,1),
    value nvarchar(100)
)

AS

BEGIN

    While (Charindex(@delimiter,@strInput)>0)
    Begin
        Insert Into @table (value)
        Select
            value = ltrim(rtrim(Substring(@strInput,1,Charindex(@delimiter,@strInput)-1)))

        Set @strInput = Substring(@strInput,Charindex(@delimiter,@strInput)+1,len(@strInput))
    End
   
    Insert Into @table (value)
    Select value = ltrim(rtrim(@strInput))

    Return
END;

Usage

SELECT * 
FROM fnSplit('ASP.NET, PHP, SQL, MySQL, JQuery, Javascript, HTML',',')

Output

id          value                                                                                               
-----------------------
1           ASP.NET                                                                                             
2           PHP                                                                                                 
3           SQL                                                                                                 
4           MySQL                                                                                               
5           JQuery                                                                                              
6           Javascript                                                                                          
7           HTML