OFF2000: User Prompted for Password When Opening Office Documents in Browser

ID: Q225234

The information in this article applies to:
  • Microsoft Office 2000
  • Microsoft Excel 2000
  • Microsoft FrontPage 2000
  • Microsoft PowerPoint 2000
  • Microsoft Word 2000

SYMPTOMS

When you open an Office 2000 document or follow a hyperlink to an Office 2000 document in a Web browser, you may be prompted to enter a password. If you click the Cancel button or enter the user name and password, the document opens as read-only.

NOTE: You may need to enter the user name and password multiple times before the document is opened in the Web browser.


CAUSE

These symptoms occur because:

  • The Web server is using Windows NT Challenge/Response authentication


    • - and -

  • Office 2000 documents are opened in a Web browser as read-write.



When opening an Office 97 document or following a hyperlink to an Office 97 document in a Web browser, you will not experience this behavior. Office 97 documents are opened as read-only in Web browsers.


WORKAROUND

Use one of the following methods to work around this issue:

Method 1: Convert to HTML

Publish the Office document as HTML, rather than in its binary format (that is, .xls, .doc, or .ppt).
  1. Open the Office document its native program.


  2. On the File menu, click Save as Web Page.


  3. Click the Save button.


Method 2: Add Specific User Accounts with Read/Write Permissions Using FrontPage

If there is a specific group of users allowed to make changes to the Web files, add those users to the permissions of the Web folder.
  1. Open the Web using FrontPage.


  2. On the Tools menu, point to Security and click Permissions.


  3. If necessary, select Use Unique permissions for this web on the Settings tab of the Permissions dialog box.


  4. On the Users or Groups tab, add the specific users and groups you want.


  5. Grant the added users or groups the rights to author and browse this Web.


  6. Click OK to close the Add Users dialog box or Add groups dialog box, and then click OK to close the Permissions dialog box.


The users and groups you added will no longer be asked for a password when following the hyperlink. They will also be authorized to change any content posted on the server by using either FrontPage or Web Folders.

Method 3: Add Specific User Accounts with Read/Write Permissions Using Windows Explorer (for Internet Information Server Only)

If there is a specific group of users allowed to make changes to the Web files, add those users to the permissions of the Web folder.
  1. Right-click the Web content area in Windows Explorer.


  2. Select Permissions.


  3. Add the specific users or groups, and give them CHANGE permissions (RWXD), or at least (RW) permissions, using the special file access option.


  4. Click OK to close the Permissions dialog box.


Method 4: Move Office Files Out of the HTTP Location and into a File Share

  1. Create a file share accessible via the file:// protocol.


  2. Using Windows Explorer, move your Office documents out of the Web content area and into the newly created file share.


  3. Return to the Web content area using FrontPage, and repair any broken hyperlinks pointing to the old HTTP locations. Change those links to point to the file:// protocol share location you created in step 1.


    4. With this method, the moved files will no longer be accessible through Web Folders.

Method 5: Turn Off Authoring on the Web Server (Windows NT)

  1. Open the Web folder using the Microsoft Management Console.


  2. Right-click the Web server content root and click Properties.


  3. Click the Server Extensions tab.


  4. Clear the Enable Authoring on this Server check box.


This prohibits any usage of Web Folders or FrontPage to access any files on the Web server until authoring is turned on again. You may turn on authoring by selecting again the check box mentioned in step 4. Note that on UNIX systems, the same functionality is available through Fpsrvadm.exe.


MORE INFORMATION

With Windows NT Challenge/Response authentication turned on, most browsers prompt the user for a user name and password, and submit these details with another request for the same resource.

The Windows NT Challenge/Response authentication provides encryption of the user name and password. When a Web user is authenticated using the Windows NT Challenge/Response mechanism, the Web server does not actually receive a copy of the user's password in clear text format. Instead, an encrypted copy of the password is received, which is then passed on to the domain controller for verification. This can cause a problem if there is any ASP logic that requires access to a resource on another Windows NT computer. The remote computer will initially challenge for proof of identification. Because a copy of the user's password is not being sent, the appropriate messages can not be generated.

For more information about Internet server security, please see the following white paper:

http://msdn.microsoft.com/library/partbook/asp20/internetserversecurity.htm

Additional query words: front page OFF2000 eileenor excel xl internet explorer ie5 logon

Keywords : kbdta
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbprb


Last Reviewed: January 17, 2000
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.