PRB: Excel and Word Content Do Not Stream as Expected from ASP .NET

When you download Web content for a Multipurpose Internet Mail Extensions (MIME) content type that is associated with a Microsoft Office application, Internet Explorer displays a dialog box that prompts you to either open the file, or to save the file to disk. If the content is streamed from an ASP.NET Web application, the Open button of the dialog box is disabled. The same content streamed from an ASP page works as expected.

The client computer has version 6.0.2713.1500 (or later) of Shdocvw.dll installed. Version 6.0.2713.1500 of Shdocvw.dll is included in the Internet Explorer cumulative patch from Microsoft Security Bulletin MS02-005.

When you add a Content-Type header to an HTTP response by using the ContentType property or the AddHeader method in ASP.NET, ASP.NET will append a character set to the Content-Type string. A example of the response that the client application receives is as follows:


When Internet Explorer receives this Content-Type header, Internet Explorer searches the HKEY_CLASSES_ROOT\MIME\Database\Content Type key in the registry to locate the associated extension. Internet Explorer uses the extension to determine if the Open button should be enabled. When the character set is included in the Content-Type string, this MIME type is not found in the registry, and because Internet Explorer cannot determine the extension for the MIME type, it disables the Open button. This behavior is a result of the security patch for MS02-005.

By default, the character set string is not added in an ASP Page. The character set string is only added to an ASP.NET (.aspx) Web page.

To resolve this problem, remove the charset attribute from the Content-Type string. To do this in ASP.NET, set the Charset property to an empty string as follows: NOTE: Client computers that have the Browse in same window feature turned off do not receive the dialog box, and the server displays the file without the prompt.

This behavior is by design.

Steps to Reproduce the Behavior

1. Start Microsoft Visual Studio .NET. On the File menu click New, and then click Project.
2. In the Project Types pane, click Visual Basic Projects, and then click ASP.NET Web Application under Templates.
3. Name the application ExcelStream, and then click OK. WebForm1 is created by default and shown in design view.
4. On the View menu, click Code to display the code that is behind the Web Form.
5. Add the following code to the Page_Load event handler:

   Response.ContentType = "application/vnd.ms-excel"
   Response.Write("<TABLE><TR><TD>This should appear in Excel</TD></TR></TABLE>")
   Response.End()
   					

6. Press F5 to start Internet Explorer and display the page. A dialog box appears and prompts you to either open the file or save the file. Notice that the Open button is disabled.
7. To enable the Open button, add the following line of code before Response.End():

   Response.Charset = ""
   					

For additional information about the Browse in Same Window option, click the following article number to view the article in the Microsoft Knowledge Base: For additional information about the security patch, click the following article number to view the article in the Microsoft Knowledge Base: