asked on

Internet Explorer immediately closes popup window that downloads file with content-disposition set as attachment.

Hello,

I currently have my web application setup to be able to serve files to the client. When the appropriate button is clicked to download a particular file, it sets a session variable and opens a pop-up window. This pop-up window is a .aspx file. The .aspx file grabs the file location based on the session variable, and then takes that file and serves it to the client with the provided code. The problem I believe is because of this line:

Response.AddHeader("Content-Disposition", "attachment; filename=" + fi.Name);

I believe IE is forcing the pop up closed because of security reasons, claiming that the file type is something other than .aspx which is what the page loading in the window is. If I comment out that line, the download works, except it doesn't give me the file I want, instead it has me download the .aspx file.

How can I get past this and have it so the window doesn't get forcibly closed so the download dialog box appears?

Also, this methodology works absolutely fine on a local intranet, which is also why it makes me believe it's a security reason that IE closes the window. Changing IE Security settings to resolve this issue is not an option.

Thank you for your assistance.

if (File.Exists(filePath))
            {
                FileInfo fi = new FileInfo(filePath);
 
                if (fi.Extension.ToLower() == ".msg")
                {
                    Response.ContentType = "application/outlook";
                }
                else if (fi.Extension.ToLower() == ".doc")
                {
                    Response.ContentType = "application/msword";
                }
                else if (fi.Extension.ToLower() == ".htm" || fi.Extension.ToLower() == ".html")
                {
                    Response.ContentType = "text/html";
                }
                else
                {
                    Response.ContentType = "application/octet-stream";
                }
 
                Response.AddHeader("Content-Disposition", "attachment; filename=" + fi.Name);
                Response.AddHeader("Content-Length", fi.Length.ToString());
                Response.TransmitFile(filePath);
            }

Open in new window

dacIT

You can use a file handler instead of ASPX. I don't know if this will help your security issue, but it's a much lighter web file since there's no GUI HTML sent to the user's browser. If you're just serving up a file, make an ashx page with all the file handling in it and write the file to the output response of the ashx. You can still use querystring and session variables with this type of file. Security features might respond better since they understand that this is a file handler, not a web page.

Gewgala

ASKER

Thank you, I will give that a shot right now.

Gewgala

ASKER

It does not appear that I am able to access session variables from within the .ashx file. Session variables that I have set in regular .aspx pages come back as null from within the .ashx.

Gewgala

ASKER

Ok I figured that part out, I have to implement System.Web.SessionState.IReadOnlySessionState (since I do not need to write to session variables from this file). Without that all session variables come back as null in a .ashx file. I will begin testing on a live site now to see if this solves my problem.

Gewgala

ASKER

This does not appear to work. IE still refuses to download the file. It downloads fine in Chrome, but IE is a relentless annoying POJ. This can't possibly be rocket science, file downloads happen on just about every single website, what am I doing wrong?

ASKER CERTIFIED SOLUTION

Gewgala

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial