Preventing Multiple Authentication Prompts on a SharePoint Intranet Site
Users found multiple prompts for authentication prompts annoying, and I can’t say I blame them. A few prompts in and I was ready to stab the monitor with a letter opener. The following settings were added to Group Policy to prevent the multiple authentication prompts:
The SharePoint site was added to the local machine’s Intranet Zone in Internet Explorer. [Update 6/20/2012: If you add a wildcard URL, such as https://*.contoso.net to the Intranet Zone, but the specific SharePoint URL https://mysharepoint.contoso.net already exists in the Trusted Zone, IE will apply the settings for the stricter, Trusted Zone. Remove the specific URL from the Trusted Zone when using a wildcard URL in the Intranet Zone.]
The option for “Automatic logon with current username and password” was enabled for the Intranet Zone only.
We also enabled “Display mixed content” in order to avoid prompts regarding http and https displayed on the same page. This setting is not required to avoid multiple authentication prompts, but was needed to avoid alerts on a legal research page displaying content from a non-secure public site in a Page Viewer Web Part.
Group Policy Settings
Cautions:
Note that users may still receive an authentication prompt when opening Office documents such as Word, Excel, PowerPoint, or Visio stored in SharePoint. When opened from a document library in SharePoint, users can usually choose Cancel to have the document open successfully. When opened from a “recently used files” list within an Office program, or when retrieval of a document on the server is particularly slow due to document size or bandwidth issues, the user may face multiple prompts. The only solution to this I’ve found is a registry hack found in this KB article: http://support.microsoft.com/kb/943280/en-us This hack allows WebClient to send the current login credentials to a particluar listed site (or a wildcard URL such as *.company.net).
Use of the relaxed settings called for in this post may be inappropriate for a publically facing site. These settings are applied to the local machine only and affect only IE browser settings. Users hitting the site from off network machines may need to configure the browser settings manually.
March 22nd, 2011 at 7:43 pm
Thanks for this, I’ve just started at a mid-sized governement agency with this exact issue. We began discussing the fix and this appears to be much easier than whats been discussed thus far.
You still use a letter opener?
March 22nd, 2011 at 8:04 pm
You know, I just checked my desk, and I do not have a letter opener, or any other sharp objects. Think security made that call when I was hired. 🙂
October 8th, 2013 at 3:45 pm
[…] should be added to a trusted or intranet zone in the browser settings, as described in this post on avoiding multiple authentication prompts in SharePoint. […]