Solved

Can I avoid "Protected view" when streaming Excel documents to the client from ASP.NET?

Posted on 2013-01-17
3
1,802 Views
Last Modified: 2013-01-23
Hi!

We have an ASP.NET application which dynamically generates Excel documents and streams them to the client, using Response.WriteFile, see code below. Note that the document is deleted once the file has been written to the client. Thus, no documents are ever left on the server.

However, my client's users has now all upgraded to Office 2010, and now the documents will open in "Protected View". In order to edit the document, the user has to click "Enable editing" first. This is considered unacceptable for the users.
The reason that this happens is that streamed documents are placed in the Temporary Internet files, and this is considered a "potentially unsafe location". And documents in such locations are opened in protected view. I am just hoping there is some way to work around this.

Theoretically, I could place the document in a folder which is accessible from the client, and redirect to the document.
This solution is not an option, however. Firstly, since the document would be left on the server, it could be accessible for other users, which is a problem since the documents may contain confidential data.
There are other reasons why this is not a vialable option.

An other theoretical workaround would be to ask all users to disable the setting "Enable protected view for files located in potentially unsafe locations". Naturally, this is not an option either.

So, in short, is there anyway to avoid the documents to be opened in "Protected view" while using the streaming technique described below?

            Response.Buffer = true;
            Response.Clear();
            Response.AddHeader("Pragma", "no-cache");
            Response.Expires = 0;
            Response.AddHeader("Content-Type", contentType);
            Response.AddHeader("Content-Disposition", "attachment; filename=" + proposedFilename);
            Response.WriteFile(dstFullPathName);
            Response.Flush();
            Response.Close();
            File.Delete(dstFullPathName);
            HttpContext.Current.ApplicationInstance.CompleteRequest();

Open in new window

0
Comment
Question by:gunman69
3 Comments
 
LVL 14

Accepted Solution

by:
BlueCompute earned 250 total points
ID: 38789050
Basically, no, unfortunately, but depending on your environment you might be able to get close enough.
If internet explorer's the client the users are using, and the only on they're using, it wouldn't be unreasonable to untick "Enable protected view for files located in potentially unsafe locations" on the basis that they'll still get protected view for files that came from the "internet", but your files can come from either the "Trusted Sites" zone or the "Intranet" zone (if the users are local). The reason I say only if IE's their only internet client, is other clients don't tag the downloaded files with zone information in the same way, so they'd be vulnerable to threats from files downloaded with other browsers.
My testing shows a file downloaded from the internet with Firefox doesn't open in protected view anyway though, so I don't imagine it's much difference.
Long and short of it - it looks like for anything other than intranet and trusted zones, the settings "Do not open files from the Internet zone in Protected View" and "Do not open files in unsafe locations in Protected View" do much the same as each other.
0
 
LVL 4

Assisted Solution

by:gyetton
gyetton earned 250 total points
ID: 38795186
I agree with the previous comment, it is a pain, but you need remind the customer that downloading files from the internet can be a dangerous thing to do and MS are trying to help keep you safe.
0
 

Author Comment

by:gunman69
ID: 38813344
It is a pain indeed, but I guess I just have to accept it.

Actually, I did get around a bit of the problem by changing
Response.AddHeader("Content-Disposition", "attachment; filename=" + proposedFilename);
to
Response.AddHeader("Content-Disposition", "inline; filename=" + proposedFilename);

It did actually make Excel open the document without protected view, but other strange things happened.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Freeze panes is an option within all variants of Excel to enable parts of a sheet to remain stationary when the cursor is in another part of the sheet. This is a very useful feature which is overlooked or under used.
Some code to ensure data integrity when using macros within Excel. Also included code that helps secure your data within an Excel workbook.
Learn how to create and modify your own paragraph styles in Microsoft Word. This can be helpful when wanting to make consistently referenced styles throughout a document or template.
This Micro Tutorial will demonstrate how to create pivot charts out of a data set. I also added a drop-down menu which allows to choose from different categories in the data set and the chart will automatically update.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question