I have a web application (ASP.NET MVC, running on IIS7) that exports files to CSV. All was fine and well, until the client requested that due to security concerns, only specific directory locations should be valid targets for the resulting "save" dialog when I send the correct MIME type and send all the data.
Is this possible?
An alternative, since it is an intranet application and the save location is in the same intranet, is directly storing the file from the web server, without client roundtrip. This will have to be what we implement if my assumptions and research are correct and such a restriction is not possible.
So, is there a way to restrict save locations for downloaded files? Since the client platform is homogenously IE8, maybe with client-side VBScript, or (worst case) via download of an ActiveX control that's already available? As little as a web standards loving guy like me likes those alternatives.