CSV files downloads (opened in Excel) prompt for Windows User Authentication

views:

answers:

CSV files downloads (opened in Excel) prompt for Windows User Authentication

I have a site using a self-signed cert (which prompts for "trust this site and continue"), and in IE, occasionally when the user attempts to download a CSV file (which is handled by writing the file to the file system and sending a redirect header), the user can be prompted with the Windows authentication screen for username/password.

This has been observed in XP/Windows-7 in IE7 and IE8. This only happens when our site has an incorrect certificate and the user attempts to download a file with opens in Excel. What could be happening?

Fixing the certificate is one fix, but I'd like to have this working regardless.

This is a bit of a guess. It may be that the file is marked as coming from an outside domain, i.e. the Internet (which is recorded in a NTFS Alternate Data Stream, I believe). Security policy requires a confirmation to open the potentially unsafe file, and that causes a UAC prompt. This is based on the assumption that the "Windows authentication screen for username/password" you reference is UAC and not the IE browser asking for basic authentication.

qstarin 2010-10-22 16:05:41

This article may be useful. Try using setting a Content-Disposition: attachment header on the redirect.

Stefan Kendall 2010-10-22 16:11:32

This isn't very helpful. The file download is handled through weblogic, so I can't really directly tie into the response headers for this specific case.

Stefan Kendall 2010-10-22 17:10:02

ansaurus

tags:

views:

answers:

CSV files downloads (opened in Excel) prompt for Windows User Authentication

related questions