Word 2010 Protected View Annoyances
-
My users (typically using IE8 or IE9) are downloading DOC/DOCX files from a secure folder in an ASP.NET 4.0 web forms site. The "Trusted Documents" security feature is causing my users to see an "Enable Editing" button which must be clicked before they can edit (or even print) the doc. Problem is, when they click this button Word seems to refetch the document and in the process...loses the fact they are logged in! Thus instead of the document loading a moment later, my "Login Required" web page loads inside Word 2010... :doh: This is very annoying to users as they must then close the document and redownload it - at which point (having trusted the document already) it opens just fine. Is there a way around this unpleasant user experience? I cannot move the files to any area which wouldn't require a login...and I certainly cannot remove a security feature from end user machines...
-
My users (typically using IE8 or IE9) are downloading DOC/DOCX files from a secure folder in an ASP.NET 4.0 web forms site. The "Trusted Documents" security feature is causing my users to see an "Enable Editing" button which must be clicked before they can edit (or even print) the doc. Problem is, when they click this button Word seems to refetch the document and in the process...loses the fact they are logged in! Thus instead of the document loading a moment later, my "Login Required" web page loads inside Word 2010... :doh: This is very annoying to users as they must then close the document and redownload it - at which point (having trusted the document already) it opens just fine. Is there a way around this unpleasant user experience? I cannot move the files to any area which wouldn't require a login...and I certainly cannot remove a security feature from end user machines...
What caching headers are you sending with the document? Try allowing the users to cache the document for a reasonable length of time.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
What caching headers are you sending with the document? Try allowing the users to cache the document for a reasonable length of time.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
Oooh yeah...that reminds me of a "no-cache" security requirement that was imposed upon me. :sigh: Well thanks for the tip. I may just have to advise users to download the doc locally, then open it.
-
Oooh yeah...that reminds me of a "no-cache" security requirement that was imposed upon me. :sigh: Well thanks for the tip. I may just have to advise users to download the doc locally, then open it.
Make sure you're specifying
Content-Disposition: attachmentso that they get the "open/save" dialog instead of opening the document within the browser. For IE users, you can also sendX-Download-Options: noopenin the headers to hide the "Open" button, which should force them to save the file. http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
