Security problem with PdfViewer Load-Method

Hi Matthias,

Thank you for contacting Syncfusion support. We will validate this problem and update you on August 30, 2022.

Regards,

Arun kumar

Hi Matthias,

We are facing some difficulty in validating the reported issue. However, we will provide more details on September 01, 2022

Regards,

Arun kumar

 Hi Matthias,

Kindly refer to the below documentation link to resolve your issue and you can achieve this requirement using the AjaxRequestSettings API. Kindly try this and let us know if you have any concerns about this.

UG documentation:  https://ej2.syncfusion.com/angular/documentation/pdfviewer/how-to/include-authorization-token/

Regard,

Arun kumar

Thanks for your answer.

I tried to implement it, but had some troubles. 

Also is the example you send me for Angular, but we are using ASP.Net WebForms.

I attach a small sample project which shows how we are using the pdfviewer at the moment.

Could you perhaps have a look and tell me how to implement it in this sample project?

Thank you very much.

Regard 
Matthias

Hi Matthias,

In EJ1 PDF Viewer, there is no API for security purposes. However, In EJ2 PDF Viewer, we have exposed the API as ajaxRequestSettings, in that we can add the tokens in AJAX request headers using this API and we can add the anti-forgery token to the AJAX request on the server side for security purposes and we have improved the performance and various feature support in our EJ2 PDF Viewer control. So, we suggest you use the latest version of our EJ2 PDF Viewer control for better performance. We have shared the UG documentation links for your reference. And online web service is only for demo purposes. If you want to upgrade EJ2 control, you need both client and server projects. EJ2 PDF Viewer control is both client (Angular, React, Vue, Typescript, JavaScript) and server-side (Asp.Net Core, Asp.Net MVC) oriented. PDF viewer control processes the PDF document on the server-side and sends the processed PDF data to the client using the web service to render the PDF document and for further operations in PDF viewer. So, we suggest you create your own web service and provide that URL in the client-side application for further processing.

For more information, please refer to the below links  

JavaScript:  

https://ej2.syncfusion.com/javascript/documentation/pdfviewer/getting-started/

ajaxRequestSettings API:

https://ej2.syncfusion.com/javascript/documentation/api/pdfviewer/ajaxRequestSettings/

Core: 

https://www.syncfusion.com/kb/10346/how-to-create-pdf-viewer-web-service-application-in-asp-net-core

https://www.syncfusion.com/kb/11063/how-to-create-the-pdf-viewer-web-service-application-in-net-core-3-0-and-above-version

Demo:  https://ej2.syncfusion.com/javascript/demos/#/material/pdfviewer/default.html

Regards,

Arun kumar

Hi Arun Kumar,

the basic example with ej2 PdfViewer is running, but i need to set the documentPath in Codebehind, which was possible with ej1, like this code.

--------------------------
<body>
<form id="form1" runat="server">
     <div class="control">
            <ej:PdfViewer id="PdfViewer1" runat="server" style="width: 100%" PdfService="Local"></ej:PdfViewer>
      </div>
</form>
<script></script>
</body>

public partial class PdfViewer : System.Web.UI.Page
{
      protected void Page_Load(object sender, EventArgs e)
      {
Syncfusion.Licensing.SyncfusionLicenseProvider.RegisterLicense("...");
      
      PdfViewer1.ServiceUrl = "../../api/PdfViewer";
      string datenString = Convert.ToBase64String(File.ReadAllBytes(HttpContext.Current.Server.MapPath("~/App_Data/sample.pdf")));
      PdfViewer1.DocumentPath = "data:application/pdf;base64," + datenString;
      }
}
--------------------------

Is this also possible for ej2? I searched but didnt find anything.
Is this possible in combination of ej2 and Asp.Net Webforms? 
All the examples i find for ej2 are either Asp.Net Core or Asp.Net MVC. Does ej2 support Asp.Net Webforms?

Regards 
Matthias

Hi Matthias,

Query: How can I set the document path in EJ2 code behind?

In EJ2, we can load the document by placing it in the data folder and utilizing the name property in the document path. For your reference, we have shared the code snippet, screenshot, and sample below and let us know if the solution provided is helpful to you

Code Snippet:

Screenshot:

Sample: https://www.syncfusion.com/downloads/support/directtrac/general/ze/EJ21019198335.zip

Regards,

Arun kumar

Hi Arun Kumar,

we cant store our pdf document in the data folder. In our application the pdf-document is stored in a session variable.
Is there a way with ej2 to set the documentPath from a variable, like this code?

            byte[] datenArr = DataManager.Druckunterlagen?.DocumentPdf?.Daten;
            if (datenArr != null)
            {
                string datenString = Convert.ToBase64String(datenArr);
                PdfViewerSync.DocumentPath = "data:application/pdf;base64," + datenString;
            }

Do you perhaps have an example with ASP.Net Webforms? Cause this is what we use... We dont use ASP.Net Core and we wont switch to it.

Regars 

Hi Matthias,

Thank you for the update.

We are analyzing the reported issue and we will update the further details regarding the reported query tomorrow Oct 04, 2022.

Regards,

Visvesvar K V 

Hi Matthias,

We have provided a simple sample to set the document Path code behind,

Sample: https://www.syncfusion.com/downloads/support/directtrac/general/ze/EJ1Sample-507042309.zip

Steps to set the document path in code behind:

• Add the pdf in the App_Data folder
• Provide the document name in the document path as in the screenshot.

And kindly revert to us, if you have any concern on this.

Regards,
CCM Karthik

Hello,

the last example you send me is with EJ1? You told me there is no API for security purposes in EJ1?

1. We need to work with ASP.Net Webforms
2. We need to add a security token to the pdf load method
3. We need to load the pdf document from a session variable in code behind?

Hi Matthias,

We suspect that this can be achieved in EJ2 but not in EJ1. We are checking the feasibility to achieve this in EJ2. So, we need some more time to investigate this to prepare a sample and will provide further details on or before October 14, 2022. Appreciate your patience.

Regards,

CCM Karthik

Hi Matthias,

Kindly refer the details for the respective queries

Regards,

CCM Karthik

Hi,

I tried to implement the example in our project, but have some troubles/error messages.

Do you have any hint for me what could be the reason?

Attached is our example project.

Regards

In the given sample you are installing the EJ1 server library packages in the controller, but client-side you are using the EJ2 component packages that cause the error. We have shared a modified sample with the EJ2 server library controller for your reference.

Sample: https://www.syncfusion.com/downloads/support/directtrac/general/ze/WebformEJ2-684022777.zip

Try the above sample and revert us with the modified sample if still facing any issues on your end.