User gets challenged for authentication when opening a document

8 Aug 2006 10:27 PM

John Beschler

WE have a WEB-Based application that (among other things) generates an excel
spreadsheet that is returned to the user. The entire site is SSL secured and
uses NTFS permissions for all pages.

All users must have a domain account to access the site. When initially
entering the site, they are challenged for their domain username/password.
Thereafter, no matter where they go within the site, they are not challenged
again excpet for this one instance. Whenever they request this aprticular
report (in excel) once the report generates, the user is prompted as to
whether they wish to open the file or save it. Then, they are challenged
again for their domain username/password.

Can anyone explain to me why this is happeneing and how to elimnate the
second challenge. Permissions "should" be the same for the document as for
the rest of the site.
Thanks,
John

9 Aug 2006 2:31 AM

David Wang [Msft]

I believe that second challenge comes from the Office application (Excel in
this case) because it uses a different HTTP client internally (not your web
browser) with a new HTTP/HTTPS connection and hence subject to that
challenge for username/password from your site. If you can get the Office
app to not request for anything from your site to view the report, you
should not see the challenge.

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//

Show quoteHide quote

"John Beschler" <JohnBesch***@discussions.microsoft.com> wrote in message
news:6F16912B-3CC2-42CB-A6B5-CDB01CD5A553@microsoft.com...
> WE have a WEB-Based application that (among other things) generates an
> excel
> spreadsheet that is returned to the user. The entire site is SSL secured
> and
> uses NTFS permissions for all pages.
>
> All users must have a domain account to access the site. When initially
> entering the site, they are challenged for their domain username/password.
> Thereafter, no matter where they go within the site, they are not
> challenged
> again excpet for this one instance. Whenever they request this aprticular
> report (in excel) once the report generates, the user is prompted as to
> whether they wish to open the file or save it. Then, they are challenged
> again for their domain username/password.
>
> Can anyone explain to me why this is happeneing and how to elimnate the
> second challenge. Permissions "should" be the same for the document as
> for
> the rest of the site.
> Thanks,
> John
>

9 Aug 2006 11:47 AM

John Beschler

David,

Thank you for responding. I appreciate your help as I was not aware that
office would open a new client to view the spreadsheet.

However, I am not sure exactly what you mean by getting the office app to
not request anything from the site. The Excel Spreadsheet (report) is
generated on-the-fly by the server. Doesn't that, of necessity, mean that
Office must request the document from the server.

Basically, the process is that there is a dll on the server that opens and
excel template, populates it with some data and then returns the "new"
spreadsheet to the client in a new browser window. Would it make any
difference if we returned the ss in the same browser window from which it is
requested?

Perhaps if we wrote the excel file to some place on the server that has only
HTTP enabled, and then pass the ss from there?

Thanks again for the help you have already provided and, in advance, for any
additional wisdom you can supply.
John Beschler

Show quoteHide quote

"David Wang [Msft]" wrote:

> I believe that second challenge comes from the Office application (Excel in
> this case) because it uses a different HTTP client internally (not your web
> browser) with a new HTTP/HTTPS connection and hence subject to that
> challenge for username/password from your site. If you can get the Office
> app to not request for anything from your site to view the report, you
> should not see the challenge.
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no rights.
> //
>
> "John Beschler" <JohnBesch***@discussions.microsoft.com> wrote in message
> news:6F16912B-3CC2-42CB-A6B5-CDB01CD5A553@microsoft.com...
> > WE have a WEB-Based application that (among other things) generates an
> > excel
> > spreadsheet that is returned to the user. The entire site is SSL secured
> > and
> > uses NTFS permissions for all pages.
> >
> > All users must have a domain account to access the site. When initially
> > entering the site, they are challenged for their domain username/password.
> > Thereafter, no matter where they go within the site, they are not
> > challenged
> > again excpet for this one instance. Whenever they request this aprticular
> > report (in excel) once the report generates, the user is prompted as to
> > whether they wish to open the file or save it. Then, they are challenged
> > again for their domain username/password.
> >
> > Can anyone explain to me why this is happeneing and how to elimnate the
> > second challenge. Permissions "should" be the same for the document as
> > for
> > the rest of the site.
> > Thanks,
> > John
> >
>
>
>

9 Aug 2006 2:28 PM

Funkadyleik Spynwhanker

"David Wang [Msft]" <some***@online.microsoft.com> wrote in message
news:ueFhRv1uGHA.4512@TK2MSFTNGP05.phx.gbl...
>I believe that second challenge comes from the Office application (Excel in
>this case) because it uses a different HTTP client internally (not your web
>browser) with a new HTTP/HTTPS connection and hence subject to that
>challenge for username/password from your site. If you can get the Office
>app to not request for anything from your site to view the report, you
>should not see the challenge.
>
> --
> //David

Not entirely accurate. It does open a HTTP session. But it does in an
attempt to do it in read/WRITE mode.

Office by default, assumes that documents on a web site are in a
"Sharepoint" or "Office Extended" site where the user is an active
particpant in the process and is supposed to be making changes in the
document.

Whether or not it is a dynamic document or not is irrelevant, the prompt is
generated by Office trying to get _WRITE_ mode.

The only fix for this I know of is to upgrade the office install to the
latest service pack. As a work around, instruct the users to right click
and download the document. Or better yet, present it in a read-only way via
HTML or PDF or something.

So the answer is "Get the SPs for Office and it will go away".

9 Aug 2006 2:57 PM

jigs4u4ever

Hi,

Try to add the MIME type for excel. this will not ask to save docs to the
system and open the same on availabel IE browse, and if it is some session
related problems, you will not get challenge for username and password again.

Note: NTLM authentication does not allow connection through proxy.
Thanks & Regards
jigs
Show quoteHide quote

"John Beschler" wrote:

> WE have a WEB-Based application that (among other things) generates an excel
> spreadsheet that is returned to the user. The entire site is SSL secured and
> uses NTFS permissions for all pages.
>
> All users must have a domain account to access the site. When initially
> entering the site, they are challenged for their domain username/password.
> Thereafter, no matter where they go within the site, they are not challenged
> again excpet for this one instance. Whenever they request this aprticular
> report (in excel) once the report generates, the user is prompted as to
> whether they wish to open the file or save it. Then, they are challenged
> again for their domain username/password.
>
> Can anyone explain to me why this is happeneing and how to elimnate the
> second challenge. Permissions "should" be the same for the document as for
> the rest of the site.
> Thanks,
> John
>