Intranet Asp.Net application - are there any security prohibitions built in that would prohibit sending an Excel file with macros to a user's desktop??
-
Thanks for taking the time to read through this. My department is the sponsor of an internal Asp.Net app (.aspx format) that selected people use to provide details on proposed projects. In the beginning stages of the project they log in to the app, create a record for the new project, and download an Excel file (.xlsx format) from the webpage for entering the project's budget. When they're done they can click a button to upload the file to the server. This has all worked fine for 3 years, mechanically, but the Excel file is really rudimentary and doesn't give management sufficient detail about the projects. Now we've created a more robust budget file in Excel, but it absolutely relies on macros. We've heard some rumblings from the .Net programmers that the app may not be able to handle an xlsm file format due to innate Asp.Net security around Office documents that contain VBA code. Anybody have any first hand knowledge about this? I'm just looking for an answer of the sort 1) no problem at all, 2) can't be done, no way around it, 3) it can be done without too much brain damage, or 4) it's going to take a real pro a lot of time to do it. Thanks again
-
Thanks for taking the time to read through this. My department is the sponsor of an internal Asp.Net app (.aspx format) that selected people use to provide details on proposed projects. In the beginning stages of the project they log in to the app, create a record for the new project, and download an Excel file (.xlsx format) from the webpage for entering the project's budget. When they're done they can click a button to upload the file to the server. This has all worked fine for 3 years, mechanically, but the Excel file is really rudimentary and doesn't give management sufficient detail about the projects. Now we've created a more robust budget file in Excel, but it absolutely relies on macros. We've heard some rumblings from the .Net programmers that the app may not be able to handle an xlsm file format due to innate Asp.Net security around Office documents that contain VBA code. Anybody have any first hand knowledge about this? I'm just looking for an answer of the sort 1) no problem at all, 2) can't be done, no way around it, 3) it can be done without too much brain damage, or 4) it's going to take a real pro a lot of time to do it. Thanks again
Hmm: take a look at VSTO[^] - might be of help.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. nils illegitimus carborundum me, me, me
-
Hmm: take a look at VSTO[^] - might be of help.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. nils illegitimus carborundum me, me, me
Thanks Mark, but I think VSTO doesn't apply here. We don't need to do anything more to the new Excel file. It's more a question of whether there is anything in ASP.Net itself that would prohibit it from either serving a macro file to a user or allowing the user to upload the completed file with macros to the server
-
Thanks Mark, but I think VSTO doesn't apply here. We don't need to do anything more to the new Excel file. It's more a question of whether there is anything in ASP.Net itself that would prohibit it from either serving a macro file to a user or allowing the user to upload the completed file with macros to the server
Not that I can think of: it's just a file: asp.net doesn't care about what's inside it if all you do is download/upload.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. nils illegitimus carborundum me, me, me
-
Thanks for taking the time to read through this. My department is the sponsor of an internal Asp.Net app (.aspx format) that selected people use to provide details on proposed projects. In the beginning stages of the project they log in to the app, create a record for the new project, and download an Excel file (.xlsx format) from the webpage for entering the project's budget. When they're done they can click a button to upload the file to the server. This has all worked fine for 3 years, mechanically, but the Excel file is really rudimentary and doesn't give management sufficient detail about the projects. Now we've created a more robust budget file in Excel, but it absolutely relies on macros. We've heard some rumblings from the .Net programmers that the app may not be able to handle an xlsm file format due to innate Asp.Net security around Office documents that contain VBA code. Anybody have any first hand knowledge about this? I'm just looking for an answer of the sort 1) no problem at all, 2) can't be done, no way around it, 3) it can be done without too much brain damage, or 4) it's going to take a real pro a lot of time to do it. Thanks again
That stuff sounds too important to be using Excel for it? YES, it can be done, but it depends on how the file is being created. If you're inserting data into an Excel sheet that already has the macros and formulas, then it's possible, and actually better to do directly in Excel than to use Office Interop and create the file with ASP then send it to the user. Just create an Excel sheet that downloads its data from the database. http://office.microsoft.com/en-us/excel-help/connect-to-import-sql-server-data-HA010217956.aspx[^] Using Office Interop to create the Excel sheet and send it back to the user doesn't have any security problems you can't get around. Users will have to confirm some dialog boxes, which they never read anyway. However, the Office Interop stuff falls into category 4 - it's hard to do to begin with, and very hard to maintain. I'll send you some of my Interop code if you want to see - it's explicit, ugly, verbose, hard-coded stuff. (now, that was a few years ago, so it might be better now, but I doubt it) To test your security, you might want to just put a file up there that has the features you want, and give some users the link to it. Downloading it from IIS as a file should be almost the same as streaming it back from a page. Still, this sounds like a horrible way to manage budgets! Teach these folks about accounting software and reporting tools and get them out of your hair!
-
Not that I can think of: it's just a file: asp.net doesn't care about what's inside it if all you do is download/upload.
"If you think it's expensive to hire a professional to do the job, wait until you hire an amateur." Red Adair. nils illegitimus carborundum me, me, me
The problems are on the user's end... when you download a file with macros, it will come up with a security warning - but as I said below, users never read those anyway - they won't even notice it.