Saving a word document back to SharePoint always prompts for credentials. I am the administrator for a SharePoint farm. We have enabled kerberos, and added the portal to the intranet zone in Internet Explorer by group policy. Most of the time this limits the amount of password prompts our customers see (including viewing the portal in a browser, and opening documents); however, we are still getting the prompt for credentials when trying to save a word document back to SharePoint. Here are some details: - SharePoint 2010 - Word 2010 - Kerberos enabled - Portal added to intranet zone in IE - Checkbox for passing automatic credentials enabled Can anyone help? Is there something I've missed? Is this prompt just unavoidable? |
Hi,
Internet Explorer uses the Web Client service when you use Internet Explorer to access a WebDAV resource. The Web Client Service uses Windows HTTP Services (WinHTTP) to perform the network I/O to the remote host. WinHTTP sends user credentials only in response to requests that occur on a local intranet site. However, WinHTTP does not check the security zone settings in Internet Explorer to determine whether a Web site is in a zone that lets credentials be sent automatically.
- Click Start, type regedit in the Start Search box, and then press ENTER.
- Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
- On the Edit menu, point to New, and then click Multi-String Value.
- Type AuthForwardServerList, and then press ENTER.
- On the Edit menu, click Modify.
- In the Value data box, type the URL of the server that hosts the Web share, and then click
OK.
Note You can also type a list of URLs in the Value data box. For more information, see the "Sample URL list" section in this article. - Exit Registry Editor.
After this registry entry is created, the WebClient service will read the entry value. If the client computer tries to access a URL that matches any of the expressions in the list, the user credential will be sent successfully to authenticate
the user, even if no proxy is configured.
Note You have to restart the WebClient service after you modify the registry.
Reference: http://support.microsoft.com/kb/943280?wa=wsignin1.0
In the Microsoft document, it says:
- Do not add an asterisk (*) character at the end of a URL. When you do this, a security risk may result. http://*.dns.live.*
What if we want everything beyond the front page to also be use automatic credentials?
So if in the registry, if I put https://blahblah.server.com -- is it only going to allow auto logon for the root page? And if I want it to auto logon for any site on the server, do I need to specify https://blahblah.server.com.* ?
Hi,
When you enter the wildcard before the domain http://*.live.com it will pass your logged in authentication through to everything in the domain. This restricts passing your userid and password to all pages / sub domains etc in the domain listed, which is what you want...
-Ivan
Here is a quick and easy video on fixing one of the common causes of multiple password prompts in SharePoint. It is especially prevalent if the remember password checkbox never seems to do anything. It details modifying IE settings.
http://www.youtube.com/watch?v=HHHyCGdjP2A
Hope this helps!
hi Ivan,
we have the same problem but doesnt work with your desciption, do you have an idea? When usern saving the Word document prompting the password in our sharepoint 2013?
BR
mit
hi Gareth,
i will test this and come back to you, thanks in advanced...
BR
mit