Repeated User Authentication Prompting in SharePoint 2007
My buddy Shane asked me this question and said I should blog about it, so I didn't want to let him down, so here goes.....
Scenario: A user logs into a SharePoint 2003 with basic authentication. The user subsequently navigates to a document library and attempts to open a Word document and gets challenged to log in again.
Sound familiar? A lot of blog turf has been dedicated to this problem and many a late night for several folks (including me back when I was a young boy.....). Opening the document inside the IE browser or creating a persistent cookie solved the problem. Unfortunately, there wasn't an easy way in SharePoint 2003 to rig the solution.
Q: Do SharePoint 2007 users have to have the same experience?
A: Nope, there are options: 1. Extranet mode, and 2. Forms Authentication with persistent cookies.
1. Extranet Mode - This solution is for those who for whatever the reason won't utilize a persistent cookie or for extranet / internet-facing sites. This capability is enabled / disabled in central admin by making sure that "Enable Client Integration" is turned off. Extranet mode disables the ActiveX controls that launch Office to open documents and let IE handle the files.
2. Forms Authentication with persistent cookies. Unfortunately there isn't a persistent cookie for basic authentication. Persistent cookies are required since the Office clients don't know anything about Forms Authentication,.....duh, they're not a Web browser. So, configure the zone for Forms Authentication, make sure "Enable Client Integration" is turned on* and each user checks the "Sign Me in Automatically" checkbox on the login page to create a persistent authentication cookie. This stores the persistent cookie in a location that can be shared across browser sessions (i.e. with client apps).**
*Note: Client integration may be disabled since this is a non-Windows Authentication zone.
**Note: For IE7 and Vista, if you are using the IE "protected mode" setting then cookies are stored in a location that is different vs the regular IE mode - so that means that even if you use a persistent cookie with IE 7 protected mode the client integration will not work. I have not tested this but thought I should point it out. Maybe a reader who has tested this can confirm or refute.