Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 958
  • Last Modified:

Internet Explorer immediately closes popup window that downloads file with content-disposition set as attachment.

Hello,

I currently have my web application setup to be able to serve files to the client.  When the appropriate button is clicked to download a particular file, it sets a session variable and opens a pop-up window.  This pop-up window is a .aspx file.  The .aspx file grabs the file location based on the session variable, and then takes that file and serves it to the client with the provided code.  The problem I believe is because of this line:

Response.AddHeader("Content-Disposition", "attachment; filename=" + fi.Name);

I believe IE is forcing the pop up closed because of security reasons, claiming that the file type is something other than .aspx which is what the page loading in the window is.  If I comment out that line, the download works, except it doesn't give me the file I want, instead it has me download the .aspx file.

How can I get past this and have it so the window doesn't get forcibly closed so the download dialog box appears?

Also, this methodology works absolutely fine on a local intranet, which is also why it makes me believe it's a security reason that IE closes the window.  Changing IE Security settings to resolve this issue is not an option.

Thank you for your assistance.

if (File.Exists(filePath))
            {
                FileInfo fi = new FileInfo(filePath);
 
                if (fi.Extension.ToLower() == ".msg")
                {
                    Response.ContentType = "application/outlook";
                }
                else if (fi.Extension.ToLower() == ".doc")
                {
                    Response.ContentType = "application/msword";
                }
                else if (fi.Extension.ToLower() == ".htm" || fi.Extension.ToLower() == ".html")
                {
                    Response.ContentType = "text/html";
                }
                else
                {
                    Response.ContentType = "application/octet-stream";
                }
 
                Response.AddHeader("Content-Disposition", "attachment; filename=" + fi.Name);
                Response.AddHeader("Content-Length", fi.Length.ToString());
                Response.TransmitFile(filePath);
            }

Open in new window

0
Gewgala
Asked:
Gewgala
  • 5
1 Solution
 
dacITCommented:
You can use a file handler instead of ASPX. I don't know if this will help your security issue, but it's a much lighter web file since there's no GUI HTML sent to the user's browser. If you're just serving up a file, make an ashx page with all the file handling in it and write the file to the output response of the ashx. You can still use querystring and session variables with this type of file. Security features might respond better since they understand that this is a file handler, not a web page.
0
 
GewgalaAuthor Commented:
Thank you, I will give that a shot right now.
0
 
GewgalaAuthor Commented:
It does not appear that I am able to access session variables from within the .ashx file.  Session variables that I have set in regular .aspx pages come back as null from within the .ashx.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
GewgalaAuthor Commented:
Ok I figured that part out, I have to implement System.Web.SessionState.IReadOnlySessionState (since I do not need to write to session variables from this file).  Without that all session variables come back as null in a .ashx file.  I will begin testing on a live site now to see if this solves my problem.
0
 
GewgalaAuthor Commented:
This does not appear to work.  IE still refuses to download the file.  It downloads fine in Chrome, but IE is a relentless annoying POJ.  This can't possibly be rocket science, file downloads happen on just about every single website, what am I doing wrong?
0
 
GewgalaAuthor Commented:
I figured out a solution for this, instead of forcing the file to download I just point the URL to the html file and allow the user to do a File > Save, specifically for those files that are problemmatic for me and had to be opened up in a popup to begin with.  This question can be closed.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now