6 Appendix A: Product Behavior

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.

  • The 2007 Microsoft Office system

  • Microsoft Office 2010 suites

  • Microsoft Office 2013

  • Microsoft SharePoint Foundation 2010

  • Microsoft SharePoint Foundation 2013

  • Windows SharePoint Services 3.0

  • Windows 8.1 Update

  • Microsoft Office 2016

  • Microsoft Office 2019

Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.

<1> Section 2.2.1:  Microsoft SharePoint 2007 Products and Technologies ignores the header and processes the request based solely on the user agent string.

<2> Section 2.2.1:  The Office 2010 and the 2007 Microsoft Office system client applications never send the X-FORMS_BASED_AUTH_ACCEPTED header and always rely on the user agent string to identify themselves as nonbrowser clients to a protocol server.

<3> Section 2.2.2:  SharePoint 2007 Products and Technologies does not return the X-FORMS_BASED_AUTH_REQUIRED header. Rather, the protocol server returns the following extended error, as described in [MS-WEBDAVE] section 2.2.3:

 X-MSDAVEXT_Error: 917656; Access%20denied%2e%20%20Before%20opening%20files%20in%20this%20location%2c%20you%20must%20first%20browse%20to%20the%20web%20site%20and%20select%20the%20option%20to%20login%20automatically%2e 

<4> Section 2.2.2:  SharePoint 2007 Products and Technologies does not return the X-FORMS_BASED_AUTH_RETURN_URL header. Rather, the protocol server returns the following extended error, as described in [MS-WEBDAVE] section 2.2.3:

 X-MSDAVEXT_Error: 917656; Access%20denied%2e%20%20Before%20opening%20files%20in%20this%20location%2c%20you%20must%20first%20browse%20to%20the%20web%20site%20and%20select%20the%20option%20to%20login%20automatically%2e 

<5> Section 3.1.5:  SharePoint 2007 Products and Technologies does not explicitly return the X-FORMS_BASED_AUTH_REQUIRED header to the Protocol Discovery request, as detailed in section 2.2.2, that is made by a protocol client. Rather, the server returns the following extended error, as described in [MS-WEBDAVE] section 2.2.3:

X-MSDAVEXT_Error: 917656; Access%20denied%2e%20%20Before%20opening%20files%20in%20this%20location%2c%20you%20must%20first%20browse%20to%20the%20web%20site%20and%20select%20the%20option%20to%20login%20automatically%2e

Upon receipt of this error, the protocol client issues a request to determine the web URL for the specified URL, as described in [MS-WEBSS].

Upon determination of the web URL, the client needs to consider the following URL to be the equivalent of the value for X-FORMS_BASED_AUTH_REQUIRED, as defined in section 2.2.2:

http://server/weburl/_layouts/Authenticate.aspx?Source=Error.aspx

where:

§ The server placeholder represents the address of the SharePoint 2007 Products and Technologies.

§ The weburl placeholder represents the value returned from the previous UrlToWebUrl request.

§ "/_layouts/Authenticate.aspx?Source=Error.aspx" is a hard-coded string.

Additionally, because the server returns the client to the Error.aspx page on successful authentication, the client considers the following URL to be equivalent to the value of X-FORMS_BASED_AUTH_RETURN_URL, as defined in section 2.2.2:

http://server/weburl/_layouts/Error.aspx

where:

§ The server placeholder is the address of the SharePoint 2007 Products and Technologies.

§ The weburl placeholder represents the value returned from the previous UrlToWebUrl request.

§ "/_layouts/Error.aspx" is a hard-coded string.