MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

MOSS 2007: Multiple Authentication Requests

  Asked By: Vernon    Date: Jan 27    Category: MOSS    Views: 1885

I've got a question, it's similar to one that I've asked before... but
I've learned so much since then!

Is there a way to prevent multiple logon (authentication) requests with
MOSS 2007 when a user that is NOT a member of the domain attempts to
logon to the MOSS server via the internet?

If no, is there a way to limit logon requests, and what are they?



7 Answers Found

Answer #1    Answered By: Sterling Allison     Answered On: Jan 27

The default limit of logon attempts is 3. Once you've exceeded that you
have to close the browser and re-open it. At that point you can try 3
more times. SharePoint won't lock you out, but if you try enough times
then AD will lock you out (assuming you have an AD account and are
simply mistyping your password). Sharepoint doesn't do Authentication
it hands that off to IIS and .Net.

Similar functionality exists in Forms Based Authentication.

You could set the limit down to 1, but if you do that it would require
valid users to be perfect the first time also. You can't really tell
the difference between a mistyped userid and a non-existent one.

Answer #2    Answered By: Jessie Burton     Answered On: Jan 27

My point was more that MOSS asked you to authenticate multiple  times,
such as when you open a document and so on.

This does not happen when you are using a computer that is part of a
local domain.

I'd like to limit the number of times you are asked for your

It's especially annoying during the initial logon. I've got users that
actually type their password in correctly, and are asked several times
for their ID and password.

Answer #3    Answered By: Kristopher Morales     Answered On: Jan 27

That's a setting in IE. Goto Tools -> Internet Options > Security Tab.
Add the URL for SharePoint to either Trusted Sites or Local Intranet
(either works just depends on how tight you want other security). Then
adjust the security for the Zone. At the bottom of the list you will
find a setting for "Logon with current username and password" or
something like that. It's selected by default in Local Intranet zone
but has to be chosen in Trusted Sites. That will take care of it if the
user is logging in from machine on the same AD forest as the SharePoint
server. If you have Vista and Office 2007 you will still get prompts
because of the way Vista does security.

You can also roll these settings out in an AD network with a GPO.

Answer #4    Answered By: Marquis Ortega     Answered On: Jan 27

Yeah, that's what I thought... Of course, you told me this before, so I
apologize... brain is getting full!

I think this means that I really just need to create documents for our
external users that explain how to add trusted sites.

Answer #5    Answered By: Javier Hawkins     Answered On: Jan 27

You could use a Active Directory group policy to push the IE settings to all
logged on client.

Answer #6    Answered By: Tracy Bass     Answered On: Jan 27

We have solved this problem through the use of an ISA server to
provide authentication.
We have users that are on a standardized desktop where they cannot
change any settings in IE, and cannot add trusted sites.
We still have a problem with Vista requesting authentication  for
Office documents.
Microsoft says this is not a bug, rather it is a security feature
since Vista does not allow Office apps to access the IE
authentication cookie that ISA provides.
If you authenticate once with Office in Vista, then you can hit the
Esc key and you can access further documents without having to log
in. You will still get the prompt.

We still have an open ticket with Microsoft on this issue but do not
have much hope that it will be resolved.

Answer #7    Answered By: Dominick Blake     Answered On: Jan 27

What you describe is actually a different issue, even though the
symptoms appear to be the same. Not sharing authentication  between
process (be it cookie, or Windows via Basic/NTLM) *is* indeed a security
feature and is indeed not likely to change anytime soon. The previous
discussions about multiple  authentication prompts concern situations
where Office should already be getting authentication via NTLM
"autosend" credentials and users are prompted anyway, a situation which
is not security related and should hopefully be fixed.

Didn't find what you were looking for? Find more on MOSS 2007: Multiple Authentication Requests Or get search suggestion and latest updates.