Home

SharePoint 2016 with FBA credential prompts when opening Office documents

%3CLINGO-SUB%20id%3D%22lingo-sub-121304%22%20slang%3D%22en-US%22%3ESharePoint%202016%20with%20FBA%20credential%20prompts%20when%20opening%20Office%20documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-121304%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20someone%2C%20please%2C%20share%20their%20experience%20in%20solving%20the%20problem%20with%20Office%20applications%20prompting%20for%20credentials%3F%20We've%20got%20FBA%20and%20Windows%20authentication%20in%20the%20default%20zone.%20Everything%20works%20fine.%20FBA%20works%20perfectly%2C%20Windows%20authentication%20works.%20However%2C%20when%20we%20are%20trying%20to%20open%20a%20Word%20document%20-%20we%20are%20presented%20with%20a%20login%20login%20page.%20For%20the%20sake%20of%20the%20argument%2C%20let's%20say%20it's%20OOB%20Login%20page.%20But%20we%20also%20have%20a%20custom%20login%20page%20that%20behaves%20exactly%20the%20same.%20When%20clicking%20on%20any%20Word%20document%20(docx)%2C%20we%20are%20prompted%20with%20the%20login%20page%20(see%20screenshot%20below).%20That%20is%20only%20half%20of%20the%20problem.%20The%20biggest%20problem%20is%20that%20even%20if%20we%20authenticate%20one%20more%20time%2C%20the%20login%20page%20pops%20up%20over%20and%20over.%20It%20does%20not%20matter%20if%20we%20login%20with%20FBA%20or%20Windows.%20We've%20tried%20all%20sorts%20of%20combinations.%20It%20just%20keeps%20prompting%20forever.%3C%2FP%3E%3CP%3EWe%20can%20live%20with%20Word%20prompting%20us%20from%20time%20to%20time%2C%20but%20after%20entering%20credentials%20we%20are%20not%20logged%20in.%20Popup%20window%20never%20disappears.%20I%20want%20to%20reiterate%20that%20this%20is%20happening%20with%20the%20OOB%20login%20page%20as%20well.%3C%2FP%3E%3CP%3E%3CSTRONG%3EMore%20info%3C%2FSTRONG%3E%3C%2FP%3E%3CUL%3E%3CLI%3EIf%20we%20download%20the%20Word%20document%20-%20it%20opens%20fine.%3C%2FLI%3E%3CLI%3EWe%20are%20accessing%20the%20SharePoint%202016%20website%20via%20the%20Internet%20from%20the%20computers%20that%20are%20not%20joined%20to%20the%20SharePoint%20domain.%3C%2FLI%3E%3CLI%3EWe%20don't%20have%20ADFS%20or%20ISA%3C%2FLI%3E%3CLI%3EThe%20main%20SharePoint%20Zone%20has%20both%20Windows%20and%20FBA%20authentication%3C%2FLI%3E%3CLI%3EWe%20are%20using%20SharePoint%20FBA%20Pack%20from%20Codeplex%3C%2FLI%3E%3CLI%3EWe've%20got%20custom%20login%20page.%20But%20using%20OOB%20login%20page%20behaves%20the%20same%20way.%20We%20still%20get%20prompted%20over%20and%20over%20again%20when%20opening%20Word%20documents%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fi.stack.imgur.com%2FlKPvh.png%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fi.stack.imgur.com%2FlKPvh.png%22%20border%3D%220%22%20alt%3D%22enter%20image%20description%20here%22%20%2F%3E%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3EThings%20I've%20tried%3C%2FSTRONG%3E%3C%2FP%3E%3CUL%3E%3CLI%3EConnected%20to%20the%20site%20using%20FBA%20and%20AD%20credentials%3C%2FLI%3E%3CLI%3EAdded%20site%20to%20the%20Local%20intranet%20and%20selected%20%22Automatic%20log-on%20with%20current%20username%20and%20password%22%3C%2FLI%3E%3CLI%3ETried%20multiple%20client%20computers%3C%2FLI%3E%3CLI%3ETried%20setting%20%22Open%20in%20browser%22%20and%20%22Open%20in%20Client%20application%22%3C%2FLI%3E%3CLI%3EClicked%20%22Remember%20credentials%22%3C%2FLI%3E%3CLI%3EEnabled%20and%20disabled%20%22Client%20integration%22%3C%2FLI%3E%3CLI%3EDisabled%20or%20enabled%20anonymous%20access%3C%2FLI%3E%3CLI%3ETried%20adding%20registry%20key%20AuthForwardServerList%20to%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3EHKEY_LOCAL_MACHINE%5CSYSTEM%5CCurrentControlSet%5CServices%5CWebClient%5CParameters%3C%2FLI%3E%3CLI%3ETried%20using%20custom%20or%20OOB%20login%20page%3C%2FLI%3E%3CLI%3ETried%20all%20browsers.%20They%20all%20behave%20same%20except%20for%20Firefox.%20It%20just%20openes%20the%20file%20in%20Word%2C%20but%20it's%20not%20connected%20to%20the%20website.%3C%2FLI%3E%3CLI%3EDisabled%20or%20enabled%20%22Site%20Lockdown%22%3C%2FLI%3E%3CLI%3ETried%20adding%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%26lt%3B%20verbs%20applyToWebDAV%3D%22false%22%20%26gt%3B%20%26lt%3B%20add%20verb%3D%22OPTIONS%22%20allowed%3D%22false%22%20%2F%26gt%3B%20%3CADD%20verb%3D%22%26quot%3BPROPFIND%26quot%3B%22%20allowed%3D%22%26quot%3Bfalse%26quot%3B%22%3E%3C%2FADD%3E%20%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eto%20web.config%3CLI%3ERestarted%20client%20computers%3C%2FLI%3E%3CP%3EAny%20help%20will%20be%20greatly%20appreciated.%3C%2FP%3E%3CLINGO-LABS%20id%3D%22lingo-labs-121304%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESharePoint%202016%20FBA%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-131816%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%202016%20with%20FBA%20credential%20prompts%20when%20opening%20Office%20documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-131816%22%20slang%3D%22en-US%22%3E%3CP%3EI%20can%20confirm%20this%20behaviour!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECan%20you%20try%20setting%26nbsp%3BSuppressModernAuthForOfficeClients%20setting%20of%20the%20SPSecurityTokenServiceConfig%20to%20%24true%3F%20Seems%20like%20this%20is%20a%20starting%20point.%20After%20that%2C%20we%20could%20open%20documents%20the%20second%20time%20when%20not%20closing%20the%20Office%20application%20and%20edit%20them.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-121562%22%20slang%3D%22en-US%22%3ERe%3A%20SharePoint%202016%20with%20FBA%20credential%20prompts%20when%20opening%20Office%20documents%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-121562%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%40Deleted%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20check%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F2019105%2Fauthentication-requests-when-you-open-office-documents%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ethis%20article%3C%2FA%3E.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CSPAN%3EThe%20only%20way%20to%20maintain%20direct-edit%20functionality%26nbsp%3Band%20also%20not%20be%20prompted%20by%20the%20Office%20application%20is%20to%20implement%20a%20proxy%2Ffirewall%20server%20by%26nbsp%3Busing%20Forms%20Based%20Authentication%20together%20with%20persistent%20cookies.%20For%20example%2C%26nbsp%3Byou%20can%20use%20an%20Internet%20Security%20and%20Acceleration%20(ISA)%20server%20or%20a%26nbsp%3BForefront%20Threat%20Management%20Gateway.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%3CP%3EI've%20just%20checked%20on%20one%20of%20the%20environments%20with%202016%2BFBA%20and%20experienced%20the%20same%20endless%20(3%20times%2C%20then%20error)%26nbsp%3Blogin%20prompt%20when%20opening%20an%20office%20document.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Deleted
Not applicable

Can someone, please, share their experience in solving the problem with Office applications prompting for credentials? We've got FBA and Windows authentication in the default zone. Everything works fine. FBA works perfectly, Windows authentication works. However, when we are trying to open a Word document - we are presented with a login login page. For the sake of the argument, let's say it's OOB Login page. But we also have a custom login page that behaves exactly the same. When clicking on any Word document (docx), we are prompted with the login page (see screenshot below). That is only half of the problem. The biggest problem is that even if we authenticate one more time, the login page pops up over and over. It does not matter if we login with FBA or Windows. We've tried all sorts of combinations. It just keeps prompting forever.

We can live with Word prompting us from time to time, but after entering credentials we are not logged in. Popup window never disappears. I want to reiterate that this is happening with the OOB login page as well.

More info

  • If we download the Word document - it opens fine.
  • We are accessing the SharePoint 2016 website via the Internet from the computers that are not joined to the SharePoint domain.
  • We don't have ADFS or ISA
  • The main SharePoint Zone has both Windows and FBA authentication
  • We are using SharePoint FBA Pack from Codeplex
  • We've got custom login page. But using OOB login page behaves the same way. We still get prompted over and over again when opening Word documents

enter image description here

Things I've tried

  • Connected to the site using FBA and AD credentials
  • Added site to the Local intranet and selected "Automatic log-on with current username and password"
  • Tried multiple client computers
  • Tried setting "Open in browser" and "Open in Client application"
  • Clicked "Remember credentials"
  • Enabled and disabled "Client integration"
  • Disabled or enabled anonymous access
  • Tried adding registry key AuthForwardServerList to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
  • Tried using custom or OOB login page
  • Tried all browsers. They all behave same except for Firefox. It just openes the file in Word, but it's not connected to the website.
  • Disabled or enabled "Site Lockdown"
  • Tried adding < verbs applyToWebDAV="false" > < add verb="OPTIONS" allowed="false" /> <add verb="PROPFIND" allowed="false" /> </verbs> to web.config
  • Restarted client computers

Any help will be greatly appreciated.

2 Replies

Hi @Deleted,

 

Please check this article.

 

The only way to maintain direct-edit functionality and also not be prompted by the Office application is to implement a proxy/firewall server by using Forms Based Authentication together with persistent cookies. For example, you can use an Internet Security and Acceleration (ISA) server or a Forefront Threat Management Gateway.

I've just checked on one of the environments with 2016+FBA and experienced the same endless (3 times, then error) login prompt when opening an office document.

I can confirm this behaviour!

 

Can you try setting SuppressModernAuthForOfficeClients setting of the SPSecurityTokenServiceConfig to $true? Seems like this is a starting point. After that, we could open documents the second time when not closing the Office application and edit them.