?
Solved

Sharepoint Security - Excessive Demands for Login

Posted on 2009-12-22
7
Medium Priority
?
498 Views
Last Modified: 2012-05-08
I've just put a link button on a Sharepoint form to a file held in Sharepoint virtual file system, and when you click the link, you get asked to login (fair enough I suppose, although it is in the same site and you are alreadly logged in so it would be nice not to have this), but then you get asked over and over to login, you click Cancel on the login, and you get the file???
I get the same result on different PCs in different parts of the world.
0
Comment
Question by:Silas2
  • 3
  • 3
7 Comments
 
LVL 12

Expert Comment

by:mccarthybri
ID: 26104852
see if you put that url to that file as a trusted site in ie and or make sure you have the ie security settings to authenticate using current user name and password.  
0
 
LVL 26

Expert Comment

by:rdcpro
ID: 26105560
This can happen for a number of reasons.  The best bet to troubleshoot this is to run Fiddler (it's an HTTP debugging proxy) and monitor the requests and responses.  You'll probably see exactly what's causing the 401.  
http://www.fiddler2.com/fiddler2/version.asp
One possibility might be if you're using fully qualified domain names on the site, but your link only points to the short name.  Like:
Site:   https://problemSite.mycompany.com
Link:  https://problemSite/shared documents/Document.docx
Now, if you implement a redirect mechanism, you could possibly cancel the 401 challenge, but then get redirected to the FQDN which you're already autheticated with.
In any case, get Fiddler2 installed, and you should see exactly what's causing this.  Post the sessions log if you don't see the problem.
Regards,
Mike Sharp
 
0
 

Author Comment

by:Silas2
ID: 26106437
Hope this Fiddler screenshot is sufficient - the last two request was when I did a "cancel" and the file got dished up.
FiddlerScreenShot.doc
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:Silas2
ID: 26106517
PS I did try to add the site (its in dev mode and just an IP address at the moment) to trusted sites, but it didn't seem to make any difference.
I am guessing the Trusted Sites refers to the host not the full URL - which will change with every doc which getst dished out.
0
 
LVL 26

Expert Comment

by:rdcpro
ID: 26126502
Something seems pretty messed up!  Check the document library, and make sure it inherits permissions, or if not, you are certain your user account has access to the library (it might not).
You're not using forms-based authentication, right?  
Also,  you can disable client integration between SharePoint and Office programs...if you've set the site up with FBA, this is disabled by default.  Even if you're using an AD account via HTTP Challenge, make sure client integration is enabled in Central Admin.
Using an IP address should be ok, but just for laughs, enter the IP address (including the HTTP) into your Local Intranet Zone (not just trusted sites).  You'll probably get a warning that this site is already in trusted sites, but to automatically log in with your domain credentials, it needs to be in the local intranet zone.
There are problems with Vista using a FQDN under some circumstances, and this might come into play here with an IP address.  Does this repro on different a OS?
Regards,
Mike Sharp
0
 

Author Comment

by:Silas2
ID: 26134806
Right and Right.
You are right about the Vista, I just tried it on XP, and no problems.
Also moving to the Local Intranet Zone fixed it on Vista.
Do you think that means it's an IP address issue from that? (It's just that my dem at the client will look a little crap if I'm using one of their PC's and I can't get to the IE security settings, but if I sound convincing about the IP...)
(i'm using Windows authentication)
0
 
LVL 26

Accepted Solution

by:
rdcpro earned 1000 total points
ID: 26139306
I think it depends on how they have their network set up.  The only way to be sure the site will authenticate is if it's in the local intranet zone.  The IP address complicates things because I don't think there's any way for it to be automatically part of the intranet zone.  You might try investigating AAM (alternate access mappings) in order to use a URL that might be considered part of the intranet zone.  However, that would mean DNS changes on their end (If you can't add the site to the local intranet zone, it's unlikely you can modify the HOSTS file to add the IP address mapping.
For their production use, it's not a problem, because you can set a group policy in their domain that will be in the local intranet zone; they probably already have something like this in place.
If they use Firefox internally, you might run into this problem again.  Firefox doesn't read the wininet local intranet settings, but it does have a setting called network.automatic-ntlm-auth.trusted-uris which is used for the same thing. Firefox isn't fully supported on SharePoint anyway yet.
Regards,
Mike Sharp
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Scenario: Let’s say you have a quote worksheet in Excel that you use to work up sales figures and such for your clients. You utilize SharePoint to manage and keep track of these documents. You would like values from your worksheet to populate Sh…
I used to be SharePoint evangelist in our company, so my Outlook always full of questions about how to do this, or where I can find that. One day I found such an email with the following question: "how to attach 3-State workflow (one of the workflow…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question