From VB to Modern C#: A Simple Guide to PCI-Compliant File Downloads

From VB to Modern C#: A Simple Guide to PCI-Compliant File Downloads

Weixiang Zhang

What We Were Trying to Do

We needed to let users download ATM transaction data as Excel and CSV files. The catch? We're dealing with sensitive financial data, so everything needs to be PCI compliant (secure). Here's how we went from the old way to a modern, secure solution in just 1.5 hours.

The Old Way vs. The New Way

Let's compare approaches:

Old VB-Style Approach:

' This is how it used to be done:
1. Make a temporary file on the server
2. Save the data to that file
3. Read the file back
4. Send it to the user
5. Try to delete the temporary file
6. Hope nothing went wrong!

Problems with this:

  • Temporary files could contain sensitive data
  • Files might not get deleted properly
  • Security risks everywhere
  • Lots of cleanup code needed

Our New C# Way:

// Modern approach - everything stays in memory!
using var package = new ExcelPackage();
var worksheet = package.Workbook.Worksheets.Add("ATM Data");
worksheet.Cells["A1"].Value = "Report ID";
// Add more data...

// Send directly to user - no files saved anywhere!
return File(package.GetAsByteArray(), 
    "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", 
    "atm_data.xlsx");

Benefits:

  • No temporary files created
  • Data never touches the disk
  • Automatically cleans up after itself
  • Much more secure

How It Works (In Plain English)

Think of it like this:

  1. We create a virtual Excel file in computer memory (like RAM)
  2. Add our data to this virtual file
  3. Stream it directly to the user's browser
  4. Everything disappears from memory when done

It's like writing on a magic whiteboard that erases itself after showing the content to the user.

The Important Parts

1. Setting Up the Structure:

// This tells other developers what our code will do
public interface IDataAccess
{
    // Get the data we want to export
    Task<IEnumerable<dynamic>> GetExportData(int fiId, ExportParameters parameters);
    // Keep track of who downloaded what
    Task LogExport(ExportLog log);
}

2. Handling Special Cases:

// Make sure numbers like '0123' don't lose their leading zeros
worksheet.Cells["B:B"].Style.Numberformat.Format = "@";

Making It Secure (PCI Compliance)

Our solution is secure because:

  • Nothing is ever saved to disk
  • All data stays in memory temporarily
  • Uses HTTPS for secure downloads
  • Tracks who downloads what
  • Cleans up automatically

Future Plans

Right now we're using EPPlus (which needs a commercial license), but we could switch to:

  • ClosedXML (free)
  • NPOI (free)
  • Our own CSV generator

What We Learned

  1. Modern C# makes security easier
  2. Less code often means more secure code
  3. Memory-only operations are faster and safer
  4. You don't need temporary files anymore

Next Steps

We're planning to add a Windows Service to watch for new files and process them automatically. But that's a story for another day!

Remember: Whether you come from VB or are learning C#, the key is understanding that modern approaches can make your code both simpler AND more secure. Sometimes the easiest solution is the best one!

Understanding .NET Worker Services: The Complete Guide

Understanding .NET Worker Services: The Complete Guide
Understanding Modern .NET Worker Services

Understanding Modern .NET Worker Services