March 16, 2011

Preventing Multiple Authentication Prompts on a SharePoint Intranet Site

By Joy Lavigne (Adkins)

Preventing Multiple Authentication Prompts on a SharePoint Intranet Site

Users found multiple prompts for authentication prompts annoying, and I can’t say I blame them. A few prompts in and I was ready to stab the monitor with a letter opener. The following settings were added to Group Policy to prevent the multiple authentication prompts:

The SharePoint site was added to the local machine’s Intranet Zone in Internet Explorer.  [Update 6/20/2012: If you add a wildcard URL, such as https://*.contoso.net to the Intranet Zone, but the specific SharePoint URL https://mysharepoint.contoso.net already exists in the Trusted Zone, IE will apply the settings for the stricter, Trusted Zone. Remove the specific URL from the Trusted Zone when using a wildcard URL in the Intranet Zone.]

The option for “Automatic logon with current username and password” was enabled for the Intranet Zone only.

We also enabled “Display mixed content” in order to avoid prompts regarding http and https displayed on the same page. This setting is not required to avoid multiple authentication prompts, but was needed to avoid alerts on a legal research page displaying content from a non-secure public site in a Page Viewer Web Part.

Screen shot of Group Policy settings

Group Policy Settings

Cautions:

Note that users may still receive an authentication prompt when opening Office documents such as Word, Excel, PowerPoint, or Visio stored in SharePoint. When opened from a document library in SharePoint, users can usually choose Cancel to have the document open successfully.  When opened from a “recently used files” list within an Office program, or when retrieval of a document on the server is particularly slow due to document size or bandwidth issues, the user may face multiple prompts. The only solution to this I’ve found is a registry hack found in this KB article: http://support.microsoft.com/kb/943280/en-us This hack allows WebClient  to send the current login credentials to a particluar listed site (or a wildcard URL such as *.company.net).  

Use of the relaxed settings called for in this post may be inappropriate for a publically facing site. These settings are applied to the local machine only and affect only IE browser settings. Users hitting the site from off network machines may need to configure the browser settings manually.

About Joy Lavigne (Adkins)

SharePoint and O365 Business Analyst for a mid-sized organization. Recovering SharePoint on-prem Administrator. Frequent speaker at SharePoint Saturday events. Teller of terribly corny jokes. View all posts by Joy Lavigne (Adkins)
This entry was posted on Wednesday, March 16th, 2011 at 7:56 pm You can follow any responses to this entry through the RSS 2.0 feed.

3 responses to “Preventing Multiple Authentication Prompts on a SharePoint Intranet Site

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: