So i have this ASP.Net app and i want to allow the client to have the option to download an xlsx file, im using the HttpContext.Response to set the Content Type "application/xlsx" and the Content-Disposition sets the file name with the extension .xlsx, the download works correctly.

if I change the file name to .pdf then the file is downloaded as a pdf, when I checked the developer tool network response the Content Type was "application/xlsx" and in another test I change the name fileto .png and the file was downloaded as an image (it did not work, but it was shown as an image)

So what is the content type supposed to do, does it bring some sort of security how do i make sure that the user can only downloads the file associated to the content type?

Im using response.BinaryWrite()

CodePudding user response：

A content type indicates what type of content is being transmitted over http regardless of the content name. For example as you already have tested, you can transmit a pdf file naming it as a .png file.

It is the browser or the operating system that is representing a file with the name .png as an image to you. Another software would treat a pdf file with .png name as a pdf file.

The name of the file matters after the download is complete. But the software that is handling the download (in this case a web browser) actually may need to know the original media type. And you might want to write client side codes that would need to know what type of file is being transferred from the server regardless of the file name.