Solved

Can I avoid "Protected view" when streaming Excel documents to the client from ASP.NET?

Posted on 2013-01-17
3
1,716 Views
Last Modified: 2013-01-23
Hi!

We have an ASP.NET application which dynamically generates Excel documents and streams them to the client, using Response.WriteFile, see code below. Note that the document is deleted once the file has been written to the client. Thus, no documents are ever left on the server.

However, my client's users has now all upgraded to Office 2010, and now the documents will open in "Protected View". In order to edit the document, the user has to click "Enable editing" first. This is considered unacceptable for the users.
The reason that this happens is that streamed documents are placed in the Temporary Internet files, and this is considered a "potentially unsafe location". And documents in such locations are opened in protected view. I am just hoping there is some way to work around this.

Theoretically, I could place the document in a folder which is accessible from the client, and redirect to the document.
This solution is not an option, however. Firstly, since the document would be left on the server, it could be accessible for other users, which is a problem since the documents may contain confidential data.
There are other reasons why this is not a vialable option.

An other theoretical workaround would be to ask all users to disable the setting "Enable protected view for files located in potentially unsafe locations". Naturally, this is not an option either.

So, in short, is there anyway to avoid the documents to be opened in "Protected view" while using the streaming technique described below?

            Response.Buffer = true;
            Response.Clear();
            Response.AddHeader("Pragma", "no-cache");
            Response.Expires = 0;
            Response.AddHeader("Content-Type", contentType);
            Response.AddHeader("Content-Disposition", "attachment; filename=" + proposedFilename);
            Response.WriteFile(dstFullPathName);
            Response.Flush();
            Response.Close();
            File.Delete(dstFullPathName);
            HttpContext.Current.ApplicationInstance.CompleteRequest();

Open in new window

0
Comment
Question by:gunman69
3 Comments
 
LVL 14

Accepted Solution

by:
BlueCompute earned 250 total points
ID: 38789050
Basically, no, unfortunately, but depending on your environment you might be able to get close enough.
If internet explorer's the client the users are using, and the only on they're using, it wouldn't be unreasonable to untick "Enable protected view for files located in potentially unsafe locations" on the basis that they'll still get protected view for files that came from the "internet", but your files can come from either the "Trusted Sites" zone or the "Intranet" zone (if the users are local). The reason I say only if IE's their only internet client, is other clients don't tag the downloaded files with zone information in the same way, so they'd be vulnerable to threats from files downloaded with other browsers.
My testing shows a file downloaded from the internet with Firefox doesn't open in protected view anyway though, so I don't imagine it's much difference.
Long and short of it - it looks like for anything other than intranet and trusted zones, the settings "Do not open files from the Internet zone in Protected View" and "Do not open files in unsafe locations in Protected View" do much the same as each other.
0
 
LVL 4

Assisted Solution

by:gyetton
gyetton earned 250 total points
ID: 38795186
I agree with the previous comment, it is a pain, but you need remind the customer that downloading files from the internet can be a dangerous thing to do and MS are trying to help keep you safe.
0
 

Author Comment

by:gunman69
ID: 38813344
It is a pain indeed, but I guess I just have to accept it.

Actually, I did get around a bit of the problem by changing
Response.AddHeader("Content-Disposition", "attachment; filename=" + proposedFilename);
to
Response.AddHeader("Content-Disposition", "inline; filename=" + proposedFilename);

It did actually make Excel open the document without protected view, but other strange things happened.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you how to use shortcut menus in the Access run-time environment.
Some code to ensure data integrity when using macros within Excel. Also included code that helps secure your data within an Excel workbook.
This Micro Tutorial will demonstrate how to create pivot charts out of a data set. I also added a drop-down menu which allows to choose from different categories in the data set and the chart will automatically update.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now