Logo 
Search:

MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Users prompted for authentification.

  Asked By: Raven    Date: Nov 04    Category: MOSS    Views: 2072

Users that are utilizing ie 6 can put the MOSS site in their trusted
sights and do not get prompted for authentification. However, users
that migrate up to ie7 are being prompted at almost every page within
MOSS to reauthenticate themselves even when they put the site in their
trusted sites? Is there a configuration change that I need to do in
MOSS to stop this continued prompting?

Share: 

 

18 Answers Found

 
Answer #1    Answered By: Dana Hodges     Answered On: Nov 04

You need to modify the default security for the Trusted Sites zone in IE
to pass credentials. This can either be done manually
(Tools>Options>security tab) through IE or as a Group Policy object.

 
Answer #2    Answered By: Kent Harmon     Answered On: Nov 04

What if the portal is configured for Anonymous Access?
Is there any way to have a user, who is on the network, automatically logged
into the portal, while a user not on the network can access the portal
anonymously?

 
Answer #3    Answered By: Alexis Pearson     Answered On: Nov 04

No, there is no way to log some people on automatically and others
anonymously. But if you have Trusted sites  setup correctly I think that
when they click the signon link it just authenticates them in the
background without actually prompting  for credentials. You could also
extend the portal to another URL zone and turn of anonymous access on
that IIS website. Users who access that address will be automatically
logged on. Users who access the original URL will not.

 
Answer #4    Answered By: Hugo Park     Answered On: Nov 04

So if I understand correctly,
We could come up with a second url and place it in another zone, then turn off
anonymous access in that zone?
Does that mean creating a second web application?
I am little confused apparently..

 
Answer #5    Answered By: Sterling Allison     Answered On: Nov 04

You are close. It means EXTENDING an existing web application to a
second web application. New IIS website but the same content database.
Then turn off anonymous access on that website in IIS.

You EXTEND a web app in the same place that you create one. In Central
admin when you go to create a web app you'll see a link for Create and
one for Extend.

 
Answer #6    Answered By: Jessie Burton     Answered On: Nov 04

So content won't have to be maintained in two places?

 
Answer #7    Answered By: Kristopher Morales     Answered On: Nov 04

Exactly. Content is only put  one place. Content and structure is
identical from the Web App down. But Authentication can be different.

 
Answer #8    Answered By: Marquis Ortega     Answered On: Nov 04

So when I extend the web app, I just point it to the content database of the
"parent" web app? Do I place the extended web app on the same port as the parent
app?

 
Answer #9    Answered By: Javier Hawkins     Answered On: Nov 04

One last question..
How does one prevent a user from having to log in when opening up a document
from a document library?

 
Answer #10    Answered By: Tracy Bass     Answered On: Nov 04

I'll give you permission to keep asking questions.

One trick that we do here to prevent the user from being prompted  for
username and password is to have them add the SharePoint site  to their
Trusted Intranet sites. Not Trusted Internet, and also add the whole URL
to the trusted intranet not *.domain.whatever . Hopefully that will work
for you as well.

 
Answer #11    Answered By: Dominick Blake     Answered On: Nov 04

When openning a file, the host application i.e. Word needs to pass
auth to SharePoint. This results in the second challenge for
authentication. Minimize Word and open another document from
SharePoint and you will not be challenged again. Close Word and open
a doc and you'll get the challenge. This was was normal behavior in
2003. Has there been a change  in 2007?

 
Answer #12    Answered By: Randall Hunt     Answered On: Nov 04

No, that is still the case for 2007 assuming you are using Basic
authentication. NTLM can be made to autosend credentials using Neil's
steps under both 2003 and 2007.

 
Answer #13    Answered By: Joe Hart     Answered On: Nov 04

How do we handle anonymous users  needing to open up documents from libraries?

 
Answer #14    Answered By: Jorge Cole     Answered On: Nov 04

I think, I know part of this one:

When you are using Internet Explorer on Windows, and you open a Microsoft
Office document from a SharePoint document library, IE passes the URL to the
Office application (Word, Excel, Powerpoint), and the _application_ makes
its own connection to the server. If (for whatever reason) the application
does not pass the "current username and password", then it has to prompt for
them.

We have found that if you don't exit the application, it retains the
credential; so we encourage people to keep a blank document open. Then
every document after the first looks like auto-login.

What I DON'T understand yet is how to get the app to pass the desktop
credentials.

 
Answer #15    Answered By: Rodolfo Tate     Answered On: Nov 04

The short answer is you can't - it's by design for security reasons.

The long answer is if you are using NTLM authentication you can
configure the browser to auto-send the credentials (the default for the
Intranet zone and the Trusted Sites zone in IE6, a preference for other
zones). If you are using Basic authentication there isn't a way to
avoid the prompt. If you're using forms-based authentication it's a
whole other story, and the short answer there is that it's not possible
to get the authentication working at all in a secure manner - you need
to use persistent cookies, which any IT department worth its salt is
going to reject.

 
Answer #16    Answered By: Jesus Foster     Answered On: Nov 04

When you go to extend the web app you'll see essentially the same screen
you see when you create a new one. But at the top you'll be asked what
web app you want to extend and at the bottom you won't be asked to
create a content database because it already knows to use the one that
the other web app is using. As to port number its up to you whether you
use the same one or not. If it is the same one make sure you use a host
header or users  won't be able to reach the site. But they don't need to
be the same port number no.

As to the problem of being prompted  when opening a doc from a library.
There are some other answers that offer some suggestions. Both are good
possibilities. Be aware that even if you follow their instructions it
doesn't work with Vista. Due to tighter security in Vista the only way
to avoid the prompts is a hack that I don't recommend.

 
Answer #17    Answered By: Alfredo May     Answered On: Nov 04

IE7 removed 'automatic logon with current username and password' from trusted
sites. You must add it back.

 
Answer #18    Answered By: Preston Moreno     Answered On: Nov 04

It is still present in the Intranet zone, so you can use that if it's
appropriate.

 
Didn't find what you were looking for? Find more on Users prompted for authentification. Or get search suggestion and latest updates.