By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
434,969 Members | 2,360 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 434,969 IT Pros & Developers. It's quick & easy.

Excel Documents & Forms Authentication

P: n/a
I have a file that users can download through a web page protected by
forms authentication:

Download.aspx?ID=45

and within that file ...
FileInfo fileToDownload = new FileInfo(fileName);

Response.AppendHeader("Content-Length",
fileToDownload.Length.ToString());
Response.ContentType = "application/octet-stream";

string disposition = "inline";
if(Path.GetExtension(fileName).ToLower() == ".xls")
disposition = "attachment";

Response.AppendHeader("Content-Disposition",
disposition + "; " +
"filename=" + fileToDownload.Name + "; " +
"size=" + fileToDownload.Length.ToString() + "; " +
"creation-date=" + fileToDownload.CreationTime.ToString("R") + "; " +
"modification-date=" + fileToDownload.LastWriteTime.ToString("R") +
"; " +
"read-date=" + fileToDownload.LastAccessTime.ToString("R"));

Response.Flush();

Response.WriteFile(fileToDownload.FullName);

===============
Ok, here is the problem. When user logs in directly to my file, they
are prompted to login. After doing so, they are redirected to the
original page that they requested. However, when the excel document
opens, it appears that the html code from the login page appears in
the excel document. I got past this by specifying that the
disposition must be an attachment if the client is requesting an excel
document. However, this problem still keeps creeping up at times.
Also, I need to show the excel document inline - but that pretty much
guarentees that the document will show up as a login form. I've tried
messing with caching headers as well as my internet options cache
settings within the browser. I keep getting so many different results
that it is driving me crazy. I need stability here. My browser
usually prompts me if I want to Open the document, or save it to my
file system. Saving is fine. Perfect. If i save and open, the
correct information is in the excel document. If I open the document,
the login form appears. I've even tried setting up the content type
specific to excel documents and still have this problem.

Does anyone know of a work around so that the login page is not
displayed when requesting a dynamically generated excel file through
forms authentication after the user has been authenticated?
Nov 18 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
At the beginning of your download.aspx .cs code try inserting this line to
see if it helps:
Response.Clear();

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"Lewis Edward Moten III" <le***@moten.com> wrote in message
news:d7**************************@posting.google.c om...
I have a file that users can download through a web page protected by
forms authentication:

Download.aspx?ID=45

and within that file ...
FileInfo fileToDownload = new FileInfo(fileName);

Response.AppendHeader("Content-Length",
fileToDownload.Length.ToString());
Response.ContentType = "application/octet-stream";

string disposition = "inline";
if(Path.GetExtension(fileName).ToLower() == ".xls")
disposition = "attachment";

Response.AppendHeader("Content-Disposition",
disposition + "; " +
"filename=" + fileToDownload.Name + "; " +
"size=" + fileToDownload.Length.ToString() + "; " +
"creation-date=" + fileToDownload.CreationTime.ToString("R") + "; " +
"modification-date=" + fileToDownload.LastWriteTime.ToString("R") +
"; " +
"read-date=" + fileToDownload.LastAccessTime.ToString("R"));

Response.Flush();

Response.WriteFile(fileToDownload.FullName);

===============
Ok, here is the problem. When user logs in directly to my file, they
are prompted to login. After doing so, they are redirected to the
original page that they requested. However, when the excel document
opens, it appears that the html code from the login page appears in
the excel document. I got past this by specifying that the
disposition must be an attachment if the client is requesting an excel
document. However, this problem still keeps creeping up at times.
Also, I need to show the excel document inline - but that pretty much
guarentees that the document will show up as a login form. I've tried
messing with caching headers as well as my internet options cache
settings within the browser. I keep getting so many different results
that it is driving me crazy. I need stability here. My browser
usually prompts me if I want to Open the document, or save it to my
file system. Saving is fine. Perfect. If i save and open, the
correct information is in the excel document. If I open the document,
the login form appears. I've even tried setting up the content type
specific to excel documents and still have this problem.

Does anyone know of a work around so that the login page is not
displayed when requesting a dynamically generated excel file through
forms authentication after the user has been authenticated?

Nov 18 '05 #2

P: n/a
"Steve C. Orr [MVP, MCSD]" <St***@Orr.net> wrote in message news:<#Z**************@TK2MSFTNGP12.phx.gbl>...
At the beginning of your download.aspx .cs code try inserting this line to
see if it helps:
Response.Clear();
No dice. I've tried this in both the login.aspx.cs page and the
Download.aspx.cs page. I've even tried manually setting the content
type in the login page to text/html and still haven't had any luck.

Someone suggested to upgrad Office 2000 to SP2 because it wasn't
sending cookies back to the web server that forms authentication uses.
Unfortunately, I have Office XP with Excel 2002 (10.6501.6626) SP3 -
so that fix doesn't solve my problem either. This problem is
happening on clients with Office XP SP2 as well.

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"Lewis Edward Moten III" <le***@moten.com> wrote in message
news:d7**************************@posting.google.c om...
I have a file that users can download through a web page protected by
forms authentication:

Download.aspx?ID=45
*SNIP*
Does anyone know of a work around so that the login page is not
displayed when requesting a dynamically generated excel file through
forms authentication after the user has been authenticated?

Nov 18 '05 #3

P: n/a
"Steve C. Orr [MVP, MCSD]" <St***@Orr.net> wrote in message news:<#Z**************@TK2MSFTNGP12.phx.gbl>...
At the beginning of your download.aspx .cs code try inserting this line to
see if it helps:
Response.Clear();
No dice. I've tried this in both the login.aspx.cs page and the
Download.aspx.cs page. I've even tried manually setting the content
type in the login page to text/html and still haven't had any luck.

Someone suggested to upgrad Office 2000 to SP2 because it wasn't
sending cookies back to the web server that forms authentication uses.
Unfortunately, I have Office XP with Excel 2002 (10.6501.6626) SP3 -
so that fix doesn't solve my problem either. This problem is
happening on clients with Office XP SP2 as well.

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"Lewis Edward Moten III" <le***@moten.com> wrote in message
news:d7**************************@posting.google.c om...
I have a file that users can download through a web page protected by
forms authentication:

Download.aspx?ID=45
*SNIP*
Does anyone know of a work around so that the login page is not
displayed when requesting a dynamically generated excel file through
forms authentication after the user has been authenticated?

Nov 18 '05 #4

P: n/a
Steve,

Let me clarify my testing scenario - as I've just learned a lot in the
past 5 minutes. The problem is when we have links within a word
document. My error report that I received had a link within a word
document that pointed to an Excel file on the web server (protected by
forms authentication).

I press CTRL + Click the hyperlink:

http://lmoten/webDev/Resource/FileAt...16YV%2bw%3d%3d

It really doesn't matter what is in the url... it could be simple and
still give me problems. ie - http://lmoten/webDev/Download.aspx?ID=21

Ok - anyway, Word 2002 (xp) SP3 will open a new web browser instance
(even if an existing instance is logged in). I don't care about that
problem ... Going on ... I login with my login page and it directs me
to the excel document, but prompts me if I want to open or download
the file (Odd behavior for a content disposition of INLINE). If I
click open, the contents of my excel document contain that of the
login page.

If I put break points in my login page and download page, I see that
just before the open dialog is displayed, I do break in the
download.aspx.cs page. However, rite after I click [open] - my code
breaks into the login page where I have setup a break point. Why is
it trying to re-authenticate me if I choose to open an excel document?
If I choose to [save] instead, the file is saved directly to my hard
drive with the correct information, and the login.aspx.cs breakpoint
is not broken into (expected).

This download page is not being posted to. It is a simple GET with a
querystring. I've also noticed that the session is also missing when
the login breakpoint comes up after clicking [open]. It appears that
these problems deal with cookies and Word.

If I put the url into a web page instead of a word document, then I
get totally different (and expected) behavior. The excel document
opens with the correct content after every login - although I'm still
getting the Open/Save prompt. Something with word is controling the
browsers cookies when the Open/Save dialog appears.

We need this to work correctly, because a lot of our clients paste
urls from other files into word documents and upload those documents
to the web server as well. Is there a work-around for downloading
excel documents from URLs appearing in word documents if the file is
protected via forms authentication? The word-document is not
protected, it is sitting on my desktop.
"Steve C. Orr [MVP, MCSD]" <St***@Orr.net> wrote in message news:<#Z**************@TK2MSFTNGP12.phx.gbl>...
At the beginning of your download.aspx .cs code try inserting this line to
see if it helps:
Response.Clear();

--
I hope this helps,
Steve C. Orr, MCSD, MVP
http://Steve.Orr.net
"Lewis Edward Moten III" <le***@moten.com> wrote in message
news:d7**************************@posting.google.c om...
I have a file that users can download through a web page protected by
forms authentication:

Download.aspx?ID=45
*SNIP*
Does anyone know of a work around so that the login page is not
displayed when requesting a dynamically generated excel file through
forms authentication after the user has been authenticated?

Nov 18 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.