Skip to main content

Password Protected File Validation for(.doc/.docx/.xls/.xlsx/.pdf) file types

Password Protected File Validation for(.doc/.docx/.xls/.xlsx/.pdf) file types

Image result for file upload icon

protected void btnUpload_Click(object sender, EventArgs e)
        {
            //Check if File Upload control has file or not
            if (FileUpload1.HasFile)
            {
                //Get Uploaded file bytes
                var bytes = FileUpload1.FileBytes;

                //Get Uploaded File Extension
                FileInfo objFileInfo = new FileInfo(FileUpload1.FileName);
                string StrFileExt = objFileInfo.Extension.ToUpper();
               
                //Based on the File extension call appropriate user defined method.
                //For PDF file type
                if (StrFileExt == ".PDF")
                {
                    //Upload and save file in server temp folder
                    var newfilename = DateTime.Now.GetHashCode() + FileUpload1.FileName;
                    FileUpload1.SaveAs(System.Web.Hosting.HostingEnvironment.MapPath("~/UploadedFiles/" + newfilename));
                    //Validate Password Protected PDF.
                    if (IsPasswordProtectedPDF(newfilename))
                    {
                        ShowMsg(true);
                    }
                    else
                    {
                        ShowMsg(false);
                    }
                }
                //For Word and Excel file types
                else if ((StrFileExt == ".DOC") || (StrFileExt == ".DOCX") || (StrFileExt == ".XLS") || (StrFileExt == ".XLSX"))
                {
                    if (IsPassworded(bytes))
                    {
                        ShowMsg(true);
                    }
                    else
                    {
                        ShowMsg(false);
                    }
                }
                //Show msg on invalid file upload
                else
                {
                    lblmsg.Text = "Invalid file format!!!";
                    lblmsg.ForeColor = System.Drawing.Color.Red;
                }
            }
        }

public static bool IsPasswordProtectedPDF(string strNewFileName)
        {
            try
            {
                PdfDocument document = PdfReader.Open(System.Web.Hosting.HostingEnvironment.MapPath("~/UploadedFiles/" + strNewFileName), "1234");
                return false;
            }
            catch (PdfReaderException)
            {
                return true;
            }
        }
       
        public void ShowMsg(bool status)
        {
            if (status)
            {
                lblmsg.Text = "Yes, It's password protected!!";
                lblmsg.ForeColor = System.Drawing.Color.Red;
            }
            else
            {
                lblmsg.Text = "No, It's not password protected!!";
                lblmsg.ForeColor = System.Drawing.Color.Green;
            }
        }
        public static bool IsPassworded(byte[] bytes)
        {
            var prefix = Encoding.Default.GetString(bytes.Take(2).ToArray());

            if (prefix == "ÐÏ")
            {
                //Office format.

                //Flagged with password
                if (bytes.Skip(0x20c).Take(1).ToArray()[0] == 0x2f) return true; //XLS 2003
                if (bytes.Skip(0x214).Take(1).ToArray()[0] == 0x2f) return true; //XLS 2005
                if (bytes.Skip(0x20B).Take(1).ToArray()[0] == 0x13) return true; //DOC 2005

                if (bytes.Length < 2000) return false; //Guessing false
                var start = Encoding.Default.GetString(bytes.Take(2000).ToArray()); //DOC/XLS 2007+
                start = start.Replace("\0", " ");
                if (start.Contains("E n c r y p t e d P a c k a g e")) return true;
                return false;
            }

            //Unknown.
            return false;
        }        

Comments

Popular posts from this blog

Product/Application/ Software Security Testing

Product/Application/ Software Security Testing Application Security testing is the process to find security issues or security vulnerability in the application using automated and manual security scanner tools and share the identified issues or risk with development or application team. Process will remain mostly same in all the different types of application security scan. Before initiating security scan, its always good to identify the boundary and scope of your security testing.  Below are the few example of which we can consider as Application or software. ( Scope for Application Security Testing) Web Application, Portal. Web API. Desktop Software / Thick Client. Mobile Application. Web Services.  Plug in, Add-On The goal of application security is to secure the application and prevent the unwanted damaged. The process of performing security scan or audit is know as ASA (Application Security Assessment). Generally there are three types of ASA, SAST, DAST...

Improve SQL Server database design and performance

Improve SQL Server database design and performance http://www.dotnet-tricks.com/Tutorial/sqlserver/bM6H260812-Tips-to-improve-SQL-Server-performance.html