By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
462,880 Members | 712 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 462,880 IT Pros & Developers. It's quick & easy.

File Download does not continue after IE Security warning

P: 5

I am completely stuck here. Basically, I am serving a file to the user by sending it using Respnse.BinaryWrite. I am also sending this on a redirected page so as not to destroy the Response stream of the webpage which fired the filedownload. This works perfect on my development machine, it also works perfect on Firefox.

However, if I publish to my test server, on IE 8 (and 7 I presume) a security warning bar appears (does not appear in dev mode on my pc), asking the user to accept or decline the file. Now the not-so-funny thing: If the user accepts, the file is NOT served, I just get back to my main webpage. If the user tries a second time to get the file the security question will NOT pop up again and the file is served.

How can I make sure the file is served in the first instance if the user accepts the security warning and wants to download?

Thank you very much for your support, greatly appreciated!


Code used:

Expand|Select|Wrap|Line Numbers
  1. HttpContext.Current.Response.Clear()
  2. HttpContext.Current.Response.AppendHeader("Content-Disposition", String.Format("attachment; filename={0}", Session("FileName")))
  3. HttpContext.Current.Response.AppendHeader("Content-Length", myReportData.Length.ToString())
  4. HttpContext.Current.Response.ContentType = "application/pdf"
  6. HttpContext.Current.Response.BinaryWrite(myReportData.ToArray)
  8. HttpContext.Current.Response.Flush()
  9. HttpContext.Current.Response.End()
Jun 8 '10 #1
Share this Question
Share on Google+
7 Replies

Expert Mod 5K+
P: 9,731
Could you please elaborate on the "Response.Redirect" technique that you're using? I've never tried doing that before...I've always just used an iFrame (setting the source to a page that serves the file) to "automatically download" when then request returns to the browser.

Jun 8 '10 #2

P: 5
Hello Frinny,

Thank you for your response.

I simply redirect to a page as follows:

HttpContext.Current.Response.Redirect("FileDownloa d.aspx")

That page, during the Page.Load event sends the file to the user. And there is the prob that the security message pops up, which, after the user decides to continue, does apparently reload the page and drop my download.

In the meantime I have found a workaround, but its not the best solution. Basically, the problem appears that IE will do a page reload when changing the security setting (it appears to change the currently applicable setting if the user says to continue). There might be a flaw in my code logic that prevents the file from being served if a page reload is caused by IE.

However, what works is to put a simple button on the FileDownload page, and then serve the file during the buttons click event. It appears that IE recognizes that it is the client who enacted the buttons click event during which the file is sent, and therefore assumes that all must be fine. If i serve the file directly during the load event the security warning appears.

That said, I still would very much like to see what I can do to avoid having the user click on a button.

Jun 8 '10 #3

Expert Mod 5K+
P: 9,731
If you want to, you could try the iFrame trick that I use all the time...
It gets rid of the need to click the button...and it's pretty simple :)
Jun 8 '10 #4

P: 5
Hello Frinny,

I am pretty new to ASP.NET. If its not asked too much could you share some code here? Please note that I am not actually CREATING a real file on the server which i could serve, I am creating it on the fly and just serve it as a bit array. If that still works for your IFrame approach I would love to see some code snippets! Thanks pal!
Jun 8 '10 #5

Expert Mod 5K+
P: 9,731
It's simple. I'm not sure if you know what an iframe is so here's a quick explanation. An iframe is an like "embedded window" that can be used to display HTML from other pages embedded within your page. In this case we don't want to display any HTML data but we want to take advantage of having a "hidden" window within the browser so that when you're ready to download the information it will happen on the same page (without having to open a new window etc to do this)

The first step you need to do is add an iFrame to the page and give it an id that you can refer to and set the style to display:none (which will hide the iframe):

Expand|Select|Wrap|Line Numbers
  1. <iframe id="RetrieveFile" style="display:none"></iframe>
Currently the iframe isn't displaying anything because we haven't set the src attribute to any page in particular. It doesn't matter anyways because you can't see the iframe with the display:none style.

Ok, now let's say the user clicks a do some validation stuff server side and determine that you should allow the user to download the file.

In this case you want to set the src attribute of the iframe element.

Apparently...I don't have an example of how to do this in server side code....

But you could either add JavaScript to the page that retrieves the iframe element and sets the src property depending on a value in a hidden field...oh I'm going to fast here. In this case you would also need to add an ASP.NET HiddenField control to the page. HiddenFields are accessible in both JavaScript and your server code. So, in your server code you would set the value of the hidden field to True (or something) and in the JavaScript code you would retrieve this value and check whether or not to set the src of the iframe to download the page.

Or you could try setting the iframe to runat="server" and see if you can set the src property there. This is probably the MUCH easier way to accomplish this.

I've only taken the JavaScript approach because typically I'm messing around with some Ajax control and this code is in the corresponding JavaScript object.
Jun 8 '10 #6

P: 5
wohow.. you lost me somewhere ;) still, i will delve into IFrames and hopefully be able to sort it out. I would love not to have to redirect. thank you very much for your help, greatly appreciated !!
Jun 8 '10 #7

P: 5
Hi Frinny,

I just wanted to let you know that all works perfect using the IFrame approach you mentioned. Especially, on a live server IE will NOT display a file download security warning. This is because the file download is actually triggered during a client invoked postback (the client clicked on the download button).

Thank you very much for your help, pal, this is awesome! I learned something.

For other reading this thread, here is what I did:

On the page where you have your download button:

- Put your download button into a dedicated UpdatePanel
- The use of the UpdatePanel will ensure you are able to catch start and end of the download process. In my case I am using a DevExpress LoadingPanel to show progress.

Use the following code:

Expand|Select|Wrap|Line Numbers
  1.     <asp:ScriptManager ID="ScriptManager1" runat="server" 
  2.            AsyncPostBackTimeout="120"> // make sure you give the whole process enough time!!
  3.         </asp:ScriptManager>
  5.         <script type="text/javascript">
  6.             var prm = Sys.WebForms.PageRequestManager.getInstance();
  7.             prm.add_initializeRequest(prm_InitializeRequest);
  8.             prm.add_endRequest(prm_EndRequest);
  10.             function prm_InitializeRequest(sender, args) {
  11.                 LoadingPanel_client.Show();  // this is a DevExpress component, but you can implement something else of your choice. It simply shows a 'Busy' Window.
  13.                 var iframe = document.createElement("iframe");
  14.                 iframe.src = "FileDownload.aspx";
  15.        = "none";
  17.                 // Add the IFRAME to the page.  This will trigger the FileDownload.aspx page to load now and during load create and send the file
  18.                 document.body.appendChild(iframe)
  19.             }
  21.             function prm_EndRequest(sender, args) {
  22.                 LoadingPanel_client.Hide();
  23.                            }
  24.         </script>

Now, your FileDownload.aspx page can be completely empty as it is not going to display anyway. During the Page.Load event create or load your file and serve it with code similar to that:

Expand|Select|Wrap|Line Numbers
  1.         HttpContext.Current.Response.Clear()
  2.             HttpContext.Current.Response.AppendHeader("Content-Disposition", String.Format("attachment; filename={0}", "test.pdf"))
  3.             HttpContext.Current.Response.AppendHeader("Content-Length", repStream.Length.ToString())
  4.             HttpContext.Current.Response.ContentType = "application/pdf"
  6.             'repStream.WriteTo(HttpContext.Current.Response.OutputStream)   // either works
  7.             HttpContext.Current.Response.BinaryWrite(repStream.ToArray)
  10.             HttpContext.Current.Response.Flush()   ' send the data now
  11.             HttpContext.Current.Response.End()
Jun 9 '10 #8

Post your reply

Sign in to post your reply or Sign up for a free account.