Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

document library file access prompts for logon credentials

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> document library file access prompts for logon credentials Page: [1]
Login
Message << Older Topic   Newer Topic >>
document library file access prompts for logon credentials - 9.Nov.2006 11:51:32 AM   
PCC

 

Posts: 170
Joined: 13.Nov.2001
From: Michigan
Status: offline 		I have my SharePoint server in an authenticated DMZ and I use ISA FBA for logging onto the server for external clients.  If someone logs onto the server and try’s to open a word document in a document library they are prompted to enter logon credentials.  This does not happen if I access the server from the internal network which uses integrated authentication and does not require anyone to enter logon credentials.  It only happens to external clients logging onto the server via FBA.

Does anyone know why SPS isn't using the logon credentials provided at the FBA logon page?
Post #: 1
RE: document library file access prompts for logon cred... - 12.Nov.2006 11:35:15 AM   
tshinder

 

Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi PCC,

Are you using single sign on?

What type of authentication delegation are you using?

Tom

_____________________________

Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls

(in reply to PCC)
Post #: 2
RE: document library file access prompts for logon cred... - 13.Nov.2006 10:35:59 AM   
PCC

 

Posts: 170
Joined: 13.Nov.2001
From: Michigan
Status: offline 		Hi Tom,

Yes I'm using Single Sign On.  And I'm using Basic Authentication delegation.  I have also tried NTLM Authentication with the same results.

I should have also mentioned that this is a  Windows SharePoint Services v3 beta2 TR server and I'm running MS Office 2003.

Thanks!

(in reply to tshinder)
Post #: 3
RE: document library file access prompts for logon cred... - 13.Nov.2006 12:14:26 PM   
tshinder

 

Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi PCC,

Maybe it's a beta thing or the beta works differently? I haven't had a chance to work with that yet.

Tom

_____________________________

Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls

(in reply to PCC)
Post #: 4
RE: document library file access prompts for logon cred... - 21.Nov.2006 7:06:40 AM   
Jason Jones

 

Posts: 1579
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		When an Office application opens, it creates a new session as opposed to riding on the back of IE. Subsequently, ISA will ask for authentication as the session is new. This an age old ISA publishing problem when using SharePoint and document libraries.

There is now a way to solve it in ISA2k6 by using HTML form authentication with persistant cookies which allow applictions outside the broswer to use cookies (e.g. office apps). HOWEVER, the cookies are "persistent" e.g. they do not get deleted when you close the browser or office apps so could potentially be accessed and/or brute forced if left in an Internet cafe or public location. The cookies timeouts still apply though, so they will expire based upon timeout configuration in ISA, which isn't quite so bad.

There is an option for "use persistent cookies only on private computers" which goes someway to combat this as the users have to choose "private computer" in the FBA form in order to activate the persistent cookie feature. Hence only users that really need the streamlined Office docs approach can choose private and all others will be fine accessing other sharepoint data with the public computer option. Obviously, users should only use private computer when using machines they trust e.g. not in an Internet cafe!

Hope this helps...

JJ

< Message edited by Jason Jones -- 21.Nov.2006 7:09:17 AM >

_____________________________

Jason Jones
Silversands Ltd
http://www.silversands.co.uk
View My Blog: http://blog.msfirewall.org.uk/

Get Our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to tshinder)
Post #: 5
RE: document library file access prompts for logon cred... - 21.Nov.2006 9:39:39 AM   
PCC

 

Posts: 170
Joined: 13.Nov.2001
From: Michigan
Status: offline 		Jason,

Thanks for the reply!  I will check this out and see if it solves my problem.

(in reply to Jason Jones)
Post #: 6
RE: document library file access prompts for logon cred... - 22.Nov.2006 11:54:21 AM   
tshinder

 

Posts: 46637
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: Jason Jones

When an Office application opens, it creates a new session as opposed to riding on the back of IE. Subsequently, ISA will ask for authentication as the session is new. This an age old ISA publishing problem when using SharePoint and document libraries.

There is now a way to solve it in ISA2k6 by using HTML form authentication with persistant cookies which allow applictions outside the broswer to use cookies (e.g. office apps). HOWEVER, the cookies are "persistent" e.g. they do not get deleted when you close the browser or office apps so could potentially be accessed and/or brute forced if left in an Internet cafe or public location. The cookies timeouts still apply though, so they will expire based upon timeout configuration in ISA, which isn't quite so bad.

There is an option for "use persistent cookies only on private computers" which goes someway to combat this as the users have to choose "private computer" in the FBA form in order to activate the persistent cookie feature. Hence only users that really need the streamlined Office docs approach can choose private and all others will be fine accessing other sharepoint data with the public computer option. Obviously, users should only use private computer when using machines they trust e.g. not in an Internet cafe!

Hope this helps...

JJ


Hi Jason,

Great info!
I didn't realize that this functionality in 2006 would solve this problem.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
MVP -- ISA Firewalls

(in reply to Jason Jones)
Post #: 7
RE: document library file access prompts for logon cred... - 22.Nov.2006 2:25:30 PM   
PCC

 

Posts: 170
Joined: 13.Nov.2001
From: Michigan
Status: offline 		Yep, that does the trick.  Thanks Jason!

(in reply to tshinder)
Post #: 8
RE: document library file access prompts for logon cred... - 23.Nov.2006 6:26:39 PM   
Jason Jones

 

Posts: 1579
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		Great news and glad it helped!

I have recently implemented this config for a large UK customer and they put ISA in ***purely*** for this functionality alone!

Yet another good reason to use ISA with SharePoint extranets!

_____________________________

Jason Jones
Silversands Ltd
http://www.silversands.co.uk
View My Blog: http://blog.msfirewall.org.uk/

Get Our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to PCC)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> document library file access prompts for logon credentials Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts