• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2242
  • Last Modified:

Can I avoid "Protected view" when streaming Excel documents to the client from ASP.NET?

Hi!

We have an ASP.NET application which dynamically generates Excel documents and streams them to the client, using Response.WriteFile, see code below. Note that the document is deleted once the file has been written to the client. Thus, no documents are ever left on the server.

However, my client's users has now all upgraded to Office 2010, and now the documents will open in "Protected View". In order to edit the document, the user has to click "Enable editing" first. This is considered unacceptable for the users.
The reason that this happens is that streamed documents are placed in the Temporary Internet files, and this is considered a "potentially unsafe location". And documents in such locations are opened in protected view. I am just hoping there is some way to work around this.

Theoretically, I could place the document in a folder which is accessible from the client, and redirect to the document.
This solution is not an option, however. Firstly, since the document would be left on the server, it could be accessible for other users, which is a problem since the documents may contain confidential data.
There are other reasons why this is not a vialable option.

An other theoretical workaround would be to ask all users to disable the setting "Enable protected view for files located in potentially unsafe locations". Naturally, this is not an option either.

So, in short, is there anyway to avoid the documents to be opened in "Protected view" while using the streaming technique described below?

            Response.Buffer = true;
            Response.Clear();
            Response.AddHeader("Pragma", "no-cache");
            Response.Expires = 0;
            Response.AddHeader("Content-Type", contentType);
            Response.AddHeader("Content-Disposition", "attachment; filename=" + proposedFilename);
            Response.WriteFile(dstFullPathName);
            Response.Flush();
            Response.Close();
            File.Delete(dstFullPathName);
            HttpContext.Current.ApplicationInstance.CompleteRequest();

Open in new window

0
gunman69
Asked:
gunman69
2 Solutions
 
BlueComputeCommented:
Basically, no, unfortunately, but depending on your environment you might be able to get close enough.
If internet explorer's the client the users are using, and the only on they're using, it wouldn't be unreasonable to untick "Enable protected view for files located in potentially unsafe locations" on the basis that they'll still get protected view for files that came from the "internet", but your files can come from either the "Trusted Sites" zone or the "Intranet" zone (if the users are local). The reason I say only if IE's their only internet client, is other clients don't tag the downloaded files with zone information in the same way, so they'd be vulnerable to threats from files downloaded with other browsers.
My testing shows a file downloaded from the internet with Firefox doesn't open in protected view anyway though, so I don't imagine it's much difference.
Long and short of it - it looks like for anything other than intranet and trusted zones, the settings "Do not open files from the Internet zone in Protected View" and "Do not open files in unsafe locations in Protected View" do much the same as each other.
0
 
gyettonCommented:
I agree with the previous comment, it is a pain, but you need remind the customer that downloading files from the internet can be a dangerous thing to do and MS are trying to help keep you safe.
0
 
gunman69Author Commented:
It is a pain indeed, but I guess I just have to accept it.

Actually, I did get around a bit of the problem by changing
Response.AddHeader("Content-Disposition", "attachment; filename=" + proposedFilename);
to
Response.AddHeader("Content-Disposition", "inline; filename=" + proposedFilename);

It did actually make Excel open the document without protected view, but other strange things happened.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now