Serving an exe to Firefox from an aspx. Firefox downloads it as "Content". Incorrect filename and no extension

I'm trying to server an exe to Firefox from an aspx page. The aspx page handles the headers and the page is launched by our Flex GUI. Flex correctly launches the link for all browsers (including Firefox) so I'm certain that's not the issue.

The problem I'm having is when I try to download the file from within Firefox, FF downloads the file fine but it names it "Content". It has no extension and the file name i开发者_运维百科s incorrect. All the other browsers download it with the file name I specified in the aspx page and they all have the .exe extension. I should note that if I rename the "Content" file to "Content.exe" it runs correctly.

Below is the code I'm using in my aspx page -

   protected void Page_Load(object sender, EventArgs e) {
        string fileName = Request.QueryString["file"];
        System.IO.FileInfo fileInfo = new System.IO.FileInfo(Server.MapPath(fileName));

        Response.Clear();
        if ( fileName.EndsWith(".exe") ) {
            Response.ContentType = "application/exe";
        }
        else {
            Response.ContentType = "application/octet-stream";
        }
        Response.AddHeader("Content-Disposition", "attachment; filename=" + fileInfo.Name);
        Response.AddHeader("Content-Length", fileInfo.Length.ToString());
        Response.WriteFile(fileInfo.FullName);
        Response.Flush();
    }

Any ideas and/or suggestions on why this isn't working correctly in Firefox?

I just ran the exact code you have mentioned, without the Flex GUI part, in a simple asp.net website, and it works fine on my Firefox, I am getting file name with extension.

I am using Firefox version 3.6.16.

Here are few things you can try:

1. Try running the same code without Flex GUI part
2. If it still doesn't work, check your firefox version
3. As suggested by Jon, use Fiddler and observe if something wrong in the response headers

One more point, may be this is just for test purpose, as allowing to download files this way can be a security threat, as even if the url is being called from Flex GUI, people can monitor traffic using fiddler or wireshark, and then exploit it to download any file they want to. For example they can download web.config and see connection string, or they can download the code.

You should restrict user to download file from one location only and only few allowed extensions.

There's no need for you to add the content-length yourself, as Response.WriteFile will do that if appropriate. The resultant duplicate headers is incorrect.

I'd also avoid flushing at the end, firstly flushing is only useful if it happens part-way through a long download; done only at the end you get the disadvantages of chunked encoding, without any of the advantages. This may also interfere with the content-length header you are sending.

Finally, there is no registered content type "application/exe", "application/octet-stream" should be used for executables. Maybe since Firefox is seeing it as "wrong" for .exe files, it's not using that extension.

If none of the above solves it, I'd recommend updating your question with the headers sent from the browser as seen through Fiddler or similar tools, as that may help someone find the answer (or you yourself for that matter).