Solved

Internet Explorer immediately closes popup window that downloads file with content-disposition set as attachment.

Posted on 2009-05-18
6
926 Views
Last Modified: 2013-12-17
Hello,

I currently have my web application setup to be able to serve files to the client.  When the appropriate button is clicked to download a particular file, it sets a session variable and opens a pop-up window.  This pop-up window is a .aspx file.  The .aspx file grabs the file location based on the session variable, and then takes that file and serves it to the client with the provided code.  The problem I believe is because of this line:

Response.AddHeader("Content-Disposition", "attachment; filename=" + fi.Name);

I believe IE is forcing the pop up closed because of security reasons, claiming that the file type is something other than .aspx which is what the page loading in the window is.  If I comment out that line, the download works, except it doesn't give me the file I want, instead it has me download the .aspx file.

How can I get past this and have it so the window doesn't get forcibly closed so the download dialog box appears?

Also, this methodology works absolutely fine on a local intranet, which is also why it makes me believe it's a security reason that IE closes the window.  Changing IE Security settings to resolve this issue is not an option.

Thank you for your assistance.

if (File.Exists(filePath))

            {

                FileInfo fi = new FileInfo(filePath);

 

                if (fi.Extension.ToLower() == ".msg")

                {

                    Response.ContentType = "application/outlook";

                }

                else if (fi.Extension.ToLower() == ".doc")

                {

                    Response.ContentType = "application/msword";

                }

                else if (fi.Extension.ToLower() == ".htm" || fi.Extension.ToLower() == ".html")

                {

                    Response.ContentType = "text/html";

                }

                else

                {

                    Response.ContentType = "application/octet-stream";

                }

 

                Response.AddHeader("Content-Disposition", "attachment; filename=" + fi.Name);

                Response.AddHeader("Content-Length", fi.Length.ToString());

                Response.TransmitFile(filePath);

            }

Open in new window

0
Comment
Question by:Gewgala
  • 5
6 Comments
 
LVL 7

Expert Comment

by:dacIT
ID: 24415791
You can use a file handler instead of ASPX. I don't know if this will help your security issue, but it's a much lighter web file since there's no GUI HTML sent to the user's browser. If you're just serving up a file, make an ashx page with all the file handling in it and write the file to the output response of the ashx. You can still use querystring and session variables with this type of file. Security features might respond better since they understand that this is a file handler, not a web page.
0
 
LVL 7

Author Comment

by:Gewgala
ID: 24416116
Thank you, I will give that a shot right now.
0
 
LVL 7

Author Comment

by:Gewgala
ID: 24416291
It does not appear that I am able to access session variables from within the .ashx file.  Session variables that I have set in regular .aspx pages come back as null from within the .ashx.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 7

Author Comment

by:Gewgala
ID: 24416372
Ok I figured that part out, I have to implement System.Web.SessionState.IReadOnlySessionState (since I do not need to write to session variables from this file).  Without that all session variables come back as null in a .ashx file.  I will begin testing on a live site now to see if this solves my problem.
0
 
LVL 7

Author Comment

by:Gewgala
ID: 24424597
This does not appear to work.  IE still refuses to download the file.  It downloads fine in Chrome, but IE is a relentless annoying POJ.  This can't possibly be rocket science, file downloads happen on just about every single website, what am I doing wrong?
0
 
LVL 7

Accepted Solution

by:
Gewgala earned 0 total points
ID: 24477898
I figured out a solution for this, instead of forcing the file to download I just point the URL to the html file and allow the user to do a File > Save, specifically for those files that are problemmatic for me and had to be opened up in a popup to begin with.  This question can be closed.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Introduction (All good things must come to an end (http://en.wikipedia.org/wiki/All_Good_Things...)) The original MySQL API (http://php.net/manual/en/book.mysql.php) has gone away, deprecated by PHP in Version 5.5, and removed from PHP in all curre…
Introduction A frequently used term in Object-Oriented design is "SOLID" which is a mnemonic acronym that covers five principles of OO design.  These principles do not stand alone; there is interplay among them.  And they are not laws, merely princ…
This video teaches users how to migrate an existing Wordpress website to a new domain.
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now