65.9K
CodeProject is changing. Read more.
Home

SharePoint: Getting Authentication Login Prompt When Trying To Open Office Document With Unique Permissions

Alex Choroshin
emptyStarIconemptyStarIconemptyStarIconemptyStarIconemptyStarIcon

0/5 (0 vote)

Aug 14, 2013

CPOL

1 min read

viewsIcon

12732

Getting Authentication Login Prompt When Trying To Open Office Document With Unique Permissions in SharePoint

The problem is in opening an Office document which is saved in SharePoint 2010:

  1. When a user has a "read" permission only to a specific document in a document library, but does not have any permissions in the document library level nor the site level.
  2. When he is accessing the document, he receives the "Download File" message with "Open" / "Save" / "Cancel" options. When clicking "Open", he is prompted with a user & password message.
  3. When clicking his correct user and password, the user & password message remains – nothing happens.
  4. Only when clicking "Cancel" in the user & password message, the document opens.
  5. Users who have read permissions in the document library level or the site level – manage to open the document successfully, meaning they are not prompted with the user & password message after clicking "Open" (it opens the document).

We tried with several users, all get the same result.

During our checking, we also found out that the following DLL returns "401 Unauthorized": /_vti_bin/_vti_aut/author.dll

Finally, we opened a service request and got a solution from Microsoft.

There are 3 possible ways to solve this issue:

  1. Add read only permission in the root of the site collection.
  2. Deactivate the feature “ViewFormPagesLockDown”: 
    stsadm -o deactivatefeature -url http://SERVERNAME/sites/SITENAME 
-filename ViewFormPagesLockDown\feature.xml
  3. Run the following script on your site collection, this will add permission level to the “Limited Access” Permission level that you have in that site collection. 
    $siteCollectionUrl = 'http://sitecollectionurl'
[void][system.reflection.assembly]::LoadWithPartialName('Microsoft.sharepoint')
$spsite = new-object Microsoft.sharepoint.spsite($SiteCollectionUrl)
$lmtd = $spsite.rootweb.RoleDefinitions['Limited Access']
$b1 = [Microsoft.sharepoint.spbasepermissions]::Open
$b2 = [Microsoft.sharepoint.spbasepermissions]::BrowseUserInfo
$b3 = [Microsoft.sharepoint.spbasepermissions]::UseClientIntegration
$b4 = [Microsoft.sharepoint.spbasepermissions]::UseRemoteAPIs
$lmtd.BasePermissions = "$b1,$b2,$b3,$b4"
$lmtd.Update()

I tried the second solution and it worked like a charm.

I would like to thank Gal Sagi for helping me with this article.

Hope you find this article handy.