|Authentication login appears each time users try to download Word doc|
There appears to be an issue when users try to download MS Word documents with IE 9 and 10 and also have recent versions of MS Office installed (not sure about earlier versions).
If the Word file is behind a password (we are working on an IIS 6 server, but the same happens with Linux and htaccess) then users received an authentication error along the lines of "Access to this website is disabled by default because it is controlled by basic authentication and does not use SSL..."
So a certificate was installed, which got rid of that error.
However now, under https - even once the user has logged in – a new login dialog box pops up every single time a new document download link is clicked. This only happens when the user chooses to 'Open' the Word document, rather than simply save the download.
Once the user has logged in initially, the other login boxes can simply be cancelled, and the document will open. But it is an annoyance for users, as they keep entering passwords and think they have mistyped and so on.
We have tried changing MIME types, so that Word is simply downloaded, to avoid the 'Open' dialog. But this doesn't work. Office still seems to recognise the Word document and offers users the 'Open' option.
The issue does not occur for Firefox, Safari or other browsers. Once the user has logged in, they simply click on the download and all is well.
Any other suggestions?
This is probably something in the browser. Don't use IE but in firefox there is an apps list with settings for Ask, Download etc. It would be typical of IE to think it know how to handle Word documents.
One possibility is that Office itself is trying to safeguard the computer from virus downloads. Which is a GOOD thing. :)
Thanks for the reply.
However, it's a server-side solution that is being sought here.
If anyone has any ideas, it would be much appreciated.
If it's a browser problem there is probably no server-side solution.
You could try sending an unique MIME type header that a browser would not know how to handle (or is that what you did?). In theory that should force a "save to disk" situation. Again MSIE, though: MS uses file extensions to determine file content; how far that is true nowadays I'm not sure but I'd guess it could be a factor. Try sending (eg) .odt (LibreOffice/OpenOffice Writer). Not sure if Word would recognize the extension or even open it if it did.
Alternatively, does it have to be a Word doc? How about PDF? (Although some people may be more wary of PDF due to being an exploitable Adobe Acrobat document.)
Yes, we tried the MIME trick. Didn't work. We even changed the extension to .acme . Seems that Word and IE just talk to each other, regardless.
Has to be Word in this instance.
Thanks for your suggestions.
Hi, I fixed this problem after reading this page:
In my case, I chose to inhibit the OPTIONS, PROPFIND and HEAD verbs from my IIS server (7.0).
Use the HTTP Verbs tab of the Request Filtering feature to deny these verbs.
I still get the "certificate is not valid" warning but we'll get rid of it once we obtained a certificate.
The annoying thing is that this warning is hidden and you have to minimise your current page to see it.