Solved

Can I avoid "Protected view" when streaming Excel documents to the client from ASP.NET?

Posted on 2013-01-17
3
1,635 Views
Last Modified: 2013-01-23
Hi!

We have an ASP.NET application which dynamically generates Excel documents and streams them to the client, using Response.WriteFile, see code below. Note that the document is deleted once the file has been written to the client. Thus, no documents are ever left on the server.

However, my client's users has now all upgraded to Office 2010, and now the documents will open in "Protected View". In order to edit the document, the user has to click "Enable editing" first. This is considered unacceptable for the users.
The reason that this happens is that streamed documents are placed in the Temporary Internet files, and this is considered a "potentially unsafe location". And documents in such locations are opened in protected view. I am just hoping there is some way to work around this.

Theoretically, I could place the document in a folder which is accessible from the client, and redirect to the document.
This solution is not an option, however. Firstly, since the document would be left on the server, it could be accessible for other users, which is a problem since the documents may contain confidential data.
There are other reasons why this is not a vialable option.

An other theoretical workaround would be to ask all users to disable the setting "Enable protected view for files located in potentially unsafe locations". Naturally, this is not an option either.

So, in short, is there anyway to avoid the documents to be opened in "Protected view" while using the streaming technique described below?

            Response.Buffer = true;
            Response.Clear();
            Response.AddHeader("Pragma", "no-cache");
            Response.Expires = 0;
            Response.AddHeader("Content-Type", contentType);
            Response.AddHeader("Content-Disposition", "attachment; filename=" + proposedFilename);
            Response.WriteFile(dstFullPathName);
            Response.Flush();
            Response.Close();
            File.Delete(dstFullPathName);
            HttpContext.Current.ApplicationInstance.CompleteRequest();

Open in new window

0
Comment
Question by:gunman69
3 Comments
 
LVL 14

Accepted Solution

by:
BlueCompute earned 250 total points
ID: 38789050
Basically, no, unfortunately, but depending on your environment you might be able to get close enough.
If internet explorer's the client the users are using, and the only on they're using, it wouldn't be unreasonable to untick "Enable protected view for files located in potentially unsafe locations" on the basis that they'll still get protected view for files that came from the "internet", but your files can come from either the "Trusted Sites" zone or the "Intranet" zone (if the users are local). The reason I say only if IE's their only internet client, is other clients don't tag the downloaded files with zone information in the same way, so they'd be vulnerable to threats from files downloaded with other browsers.
My testing shows a file downloaded from the internet with Firefox doesn't open in protected view anyway though, so I don't imagine it's much difference.
Long and short of it - it looks like for anything other than intranet and trusted zones, the settings "Do not open files from the Internet zone in Protected View" and "Do not open files in unsafe locations in Protected View" do much the same as each other.
0
 
LVL 4

Assisted Solution

by:gyetton
gyetton earned 250 total points
ID: 38795186
I agree with the previous comment, it is a pain, but you need remind the customer that downloading files from the internet can be a dangerous thing to do and MS are trying to help keep you safe.
0
 

Author Comment

by:gunman69
ID: 38813344
It is a pain indeed, but I guess I just have to accept it.

Actually, I did get around a bit of the problem by changing
Response.AddHeader("Content-Disposition", "attachment; filename=" + proposedFilename);
to
Response.AddHeader("Content-Disposition", "inline; filename=" + proposedFilename);

It did actually make Excel open the document without protected view, but other strange things happened.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

In case Office 2010 has not been deployed in your environment, this article may be quite useful. In our office, we wanted a way to deploy Microsoft Office Professional Plus 2010 through an automated batch file via logon script. This article is docum…
PaperPort has a feature called the "Send To Bar". It provides a convenient, drag-and-drop interface for using other installed software, such as Microsoft Office. However, this article shows that the latest Office 2016 apps (installed with an Office …
This Micro Tutorial will demonstrate on a Mac how to change the sort order for chart legend values and decrpyt the intimidating chart menu.
This Micro Tutorial will demonstrate how to use a scrolling table in Microsoft Excel using the INDEX function.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now