asp.net - Windows blocking .XLS files downloaded from the Internet where the contents are HTML

Question

We have a legacy ASP.NET application that allows users to export the contents of a GridView control to Excel. This was achieved using this technique.

Recently, users have complained that they are unable to open their downloaded files in Excel. I tried it myself and discovered that Windows was blocking the downloaded file, preventing Excel from opening it.

It looks like Windows now regards XLS files that have been created from web page content as suspect. Is this the result of a recent Windows update? And is this technique of creating Excel files from web pages not recommended?

Answer 1

Correct, recent updates have broken this behavior (thanks to Nikki9696 for the article).

There are three workarounds listed:

1. Stop using HTML files masquerading as XLS
2. Unblock access to individual files (client side solution)
3. or add the source of the files to the Trusted Locations list in Excel (client side solution)

The best thing to do is #1. You should not be serving files with one data type as another file type. It's always generated a warning for users. Many Office clients that otherwise know how to open XLS files (such as Office for iPad) will choke when presented with an HTML file masquerading as XLS.

Instead, use a library to generate a modern XLSX file (which can be opened by Office 2003 and newer). There are several solutions such as EPPlus, NPOI, and Open XML SDK.

In the future, be careful to use supported solutions rather than cobbling together a hack like serving a file with the wrong extension.