Open Office Documents from Document Library without Password Prompt
We have a SharePoint site and Document library set up for anonymous access.
All non-Microsoft file types open correctly without a password.
When users click on Microsoft Office documents they are prompted for passwords.
Is there some way to configure the Office documents or Document Library so that users are not prompted for passwords when they open documents or is this a bug?
解答
People,
I've found the following workaround:
To keep it simple:
1. Disable client integration
2. Remove the OPTIONS verb from the <HTTPHandlers> registration line in the web.config file for the site
regards,
Joost Evertse
http://www.evertseconsulting.nl
所有回覆
It could probably be related to your infrastructure's authentication mechanism, or some settings in SharePoint.
The users who are opening these Office documents, are they on the a domain/same domain as the server where SharePoint is installed?
(I presume that your SharePoint is WSS 3.0 or MOSS 2007, do correct me if I am wrong)
try this:
First of all go to where stsadm is located:
( %COMMONPROGRAMFILES%\microsoft shared\web server extensions\12\bin )
Then run the command below:
stsadm.exe –o deactivatefeature –url <site collection url> -filename ViewFormPagesLockdown\feature.xml
where <site collection url> is your site's url.
Then go back to the document or photo library, turn off anonymous access. Then go back and turn anonymous access back on.
Then run the command below:
stsadm.exe –o activatefeature –url <site collection url> -filename ViewFormPagesLockdown\feature.xml
If you have multiple libraries to do, then deactivate the feature, and then do all the libraries, and then turn it back on.
Hope this helps,
Steve
- Preston Park: I've been monitoring this thread for a while, hoping that someone would respond with some ideas. At the risk of hijacking your thread, I have some questions for SteveWalsh.
@ SteveWalsh: what happens when a new doc library is created? Will that same procedure need to be done? Also, my environment is somewhat different from Preston Park. All of our libraries are restricted to authenticated users, not anonymous users. Would the process you describe still overcome the Office authentication prompt?
Thanks! lib, if a new doc library is created then this process needs to be completed again. pain in the butt i know...
The procedure listed works for anonymous access to doc libraries. Unfortunately I do not think there is a solution to your problem.I have created another sharepoint site which is my portal for authenticated users only. Users can access this while at work and while at home. Here users get prompted when logging in, but also everytime they open a microsoft document they get prompted again... From what I have been reading this was by design by Microsoft for added security...
There might be a way to fix this for an internal network by adding the site to trusted sites, etc, but i have not done this since it doesnt work for my users at home without them configuring something. I have 1500 users, so thats a pain to have to explain to people...
To be honest I wish Microsoft had given us the user the choice if we wanted this added security. I wish a patch would be released to fix this problem, but then again it would probably have t be installed on all machines that access the site. As far as I know it is not a problem in Sharepoint, but a problem with Office suite...
Hope this helps,
Steve
I totally agree with Steve that Microsoft should have given the choice to the user for this security feature. I am creating a SharePoint demo for a potential customer. But the fact that everytime remote users will have to provide credentials if they open an office document is not going to fly with many people espescially in environments where numerous users will be accessing various MS Office documents throughout the day. Hopefully there is a resolution soon.
Palwinder
I have WSS 3.0 and have this same opening documents with anonymous access turned on issue. I was eager to try the stsadm fix noted here - but - I don't have the ViewFormPagesLockdown directory so the command line fails.
Is this a standard WSS 3.0 feature or only in a higher level tool/version?
Thanks for your help.
I tried the STSADM option mentioned above but still it doesnt work. I am using MOSS 2007 and its a public site (publishing portal). We have .pps (powerpoint slide show files) and .pdf files in the document library (with variation option enabled) with ANONYMOUS ACCESS enabled for the entire site (and library).
All PDF files open without any issue, but the .pps file when opened triggers a Windows Logon Prompt dialog. But it does open the file even if i give cancel (without entering any user id or password) which i dont understand.
Any ideas.
Thanks,
karthik.
I'm trying to solve the same problem with authenticated users. My document libraries are restricted to only authenticated users.
Here is something odd that makes me think this might be a sharepoint issue. I have full control over the document libraries. I can access Office files without being prompted to sign-in. However my users with every permission (design, contribute, ready, approve) but full control do get prompted.
I'm running Vista and Office 2007, my users are a mix of individuals running Vista or XP and Office 2003 and 2007
A little more info from my post above. My experience is machine specific. I am not prompted for credentials when I'm accessing the .docx file from my machine but when I tried to do this from someone elses machine, I get prompted. So I need to figure out what setting on my machine is different.
Its not in the list of i.e trusted sites, I don't have any trusted sites in i.e. its something else.
- If you discover anything specific to the workstation, please post back. I've been monitoring this thread for a while, as this issue is affecting us as well.
I got an answer, don't like it. I was hoping I could set this centrally on the MOSS server. But it can be set at the local machine level. For our organization we made this a group policy. So I'm ok for anybody on my domain. But beyond that, users will get prompted.
When I added our site as a trusted site to the 'Local Intranet' sites I never got prompted for another login. Also, not sure if this is also a necessary setting or not (I didn't test it), my machine was already set up with this setting, under the custom level setting for the security I'm told the User Authentication - Logon setting makes a difference. Mine is set to 'Automatic Logon only in Intranet Zone'.
- Zeg, I've also experimented with the Trusted Sites, and it works fine for managed boxes via GPO. It does not however work for non-managed boxes, as you pointed out. Our user base is heavy in the unmanaged area (higher-ed).
But I'm glad to see I'm not the only one who has not been able to solve this. I've spent a fair amount of time on it. People,
I've found the following workaround:
To keep it simple:
1. Disable client integration
2. Remove the OPTIONS verb from the <HTTPHandlers> registration line in the web.config file for the site
regards,
Joost Evertse
http://www.evertseconsulting.nlThank Joost, its work for me. Again thanks for sharing this with us
Regards
Kusala
I went into Central Administration > Appliaction Management > Authentication Providers > Edit Authentication
Disabling client integration will remove features which launch client applications. Some authentication mechanisms (such as Forms) don't work well with client applications. In this configuration, users will have to work on documents locally and upload their changes.
This is not a possible solution for me since our employees must me able to lock files while editing. Hence the the reason I purchased MOSS 2007 (SHAREpoint).
Also, my site is public facing but does NOT have anonymous access enabled since it is closed to my company.
Here is what Max says in his Blog which is linked to as a resolution on this page. He mentions you must have anonymous access enabled.
"Max Yermakhanov's Blog
When you have a public-facing site built using SharePoint technologies, opening Microsoft Office documents (Word, Excel, PowerPoint, Visio, etc.) stored on this website requires user to login. You can hit Cancel at the login prompt and still be able to see the document, but having a login prompt displayed to the Internet users, sort of defeats the purpose of having SharePoint-built public facing website with anonymous access turned on. This happens becuase Microsoft Office is closely integrated with MOSS or WSS 3.0 now, and MS Office is now able to recognize that the document is stored within SharePoint, so the appropriate SharePoint authentication/authorization tools kick in. This problem can be resolved mostly by implementing two simple steps (assuming you have already enabled anonymous access on SharePoint):
- Disable 'Client Integration' for the web application under Central Admin Home Page >> Application Management >> Authentication Providers
- Remove the OPTIONS verb from the <HTTPHandlers> registration line in web.config file"
- Something else that is worth noting here is that this behavior does not happen with FireFox. In FireFox out team can access the page over the internet, they will receive a login prompt and must login. However, when opening a document from the Document Library they will not be prompted for credentials again.
Also, this only started happening for us about 6 months ago when most of the team upgraded to IE7. - Nolet Spirits U.S.A_ said:
I went into Central Administration > Appliaction Management > Authentication Providers > Edit Authentication
Disabling client integration will remove features which launch client applications. Some authentication mechanisms (such as Forms) don't work well with client applications. In this configuration, users will have to work on documents locally and upload their changes.
This is not a possible solution for me since our employees must me able to lock files while editing. Hence the the reason I purchased MOSS 2007 (SHAREpoint).
Also, my site is public facing but does NOT have anonymous access enabled since it is closed to my company.
Here is what Max says in his Blog which is linked to as a resolution on this page. He mentions you must have anonymous access enabled.
"Max Yermakhanov's Blog
When you have a public-facing site built using SharePoint technologies, opening Microsoft Office documents (Word, Excel, PowerPoint, Visio, etc.) stored on this website requires user to login. You can hit Cancel at the login prompt and still be able to see the document, but having a login prompt displayed to the Internet users, sort of defeats the purpose of having SharePoint-built public facing website with anonymous access turned on. This happens becuase Microsoft Office is closely integrated with MOSS or WSS 3.0 now, and MS Office is now able to recognize that the document is stored within SharePoint, so the appropriate SharePoint authentication/authorization tools kick in. This problem can be resolved mostly by implementing two simple steps (assuming you have already enabled anonymous access on SharePoint):
- Disable 'Client Integration' for the web application under Central Admin Home Page >> Application Management >> Authentication Providers
- Remove the OPTIONS verb from the <HTTPHandlers> registration line in web.config file"
Changing the site to anonymous access and or removing "Client Integration" is not an option. That defeats the whole purpose of having SharePoint. Having this integration was a major selling point with management. The ability to check in/out documents, etc... This is a pure word/excel/powerpoint issue where other documents .pdf, .txt, etc don't have it.
We've tried the log in with user password switch, we've added to trusted sites - still get a prompt. Like most of the people on this forum - we can't touch our clients desktop. They log into our site and want to open a word doc - it's unreasonable for them to re-enter the password again. Has anyone contact MSFT to see if they have direction we can go? - I 100% agree with JasonR1's post above. I too am in a similar situation and need anonymous users to be able to access the site yet want to retain the integration issues for files on our companys site. Disabling integration to me is not a solution. There needs to be another way to accomplish this level of functionality without sacrificing a major feature of MOSS.
- The issue of getting prompted opening a document for edit has been fixed for a user of mine - This is MS support recommendation -
When user logs into MOSS in IE there is an option to 'Remember my Password'.
If you check that, Word will no longer ask for your credentials (neither will IE).
If you have IISADMPWD setup on your site, expired passwords are handled.
This password is not saved in IE - it's saved in the user object on the Vista machine.
Now if they only could get rid of the prompt for anonymous access user opening a document... - This article helped me solve some of these issues:
http://support.microsoft.com/default.aspx/kb/943280/
I followed these steps:- Click Start, type regedit in the Start Search box, and then press ENTER.
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
- On the Edit menu, point to New, and then click Multi-String Value.
- Type AuthForwardServerList, and then press ENTER.
- On the Edit menu, click Modify.
- In the Value date box, type the URL of the server that hosts the Web share, and then click OK.
Note You can also type a list of URLs in the Value date box. For more information, see the "Sample URL list" section in this article. - Exit Registry Editor.
Note You have to restart the WebClient service after you modify the registry.Sample URL list
The following is a sample URL list:https://*.Contoso.com http://*.dns.live.com *.microsoft.com https://172.169.4.6
