Prompt for Credentials When Accessing FQDN Sites From a Windows Vista or Windows 7 Computer (example SharePoint via explorer view)

book

Article ID: 166781

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Consider the following scenario.

  • On a computer that is running Windows Vista or Windows 7, a proxy is not configured in Internet Explorer.
  • Web Distributed Authoring and Versioning (WebDAV) is used to access a fully qualified domain name (FQDN) site.

In this scenario, there is a prompt to enter credentials even though the user account that being used has sufficient permission to access this site.

For example, when opening a Microsoft Office file from a Microsoft Office SharePoint site by using 2007 Microsoft Office on a Windows Vista-based client computer that has no proxy configured, the user is prompted for authentication.



The following error may also be seen when working with moved folders via explorer view:

"Your client does not support opening this list with Windows Explorer."

Note: This problem does not occur on a Windows xp-based computer.

Important This hotfix is included in Windows Vista Service Pack 1 or a later service pack. However, the AuthForwardServerList registry entry must still be configured. For more information, see the Registry information section.

Resolution

This issue is not related to the Proxy.

In Windows Vista, Internet Explorer uses the WebClient Service when using Internet Explorer to access a WebDAV resource. The WebClient Service uses Windows HTTP Services (WinHTTP) to perform the network I/O to the remote host. WinHTTP sends user credentials only in response to requests that occur on a Local intranet site. However, WinHTTP does not check the security zone settings in Internet Explorer to determine whether a website is in a zone that lets credentials be sent automatically.

If no proxy is configured, WinHTTP sends credentials only to Local intranet sites.

 

To fix the issue, create the registry item below in Windows:

  1. Click Start, type regedit in the Start Search box, and then press ENTER.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
  3. On the Edit menu, point to New, and then click Multi-String Value.
  4. Type AuthForwardServerList, and then press ENTER.
  5. On the Edit menu, click Modify.
  6. In the Value data box, type the URL of the server that hosts the Web share, and then click OK.

    Note You can also type a list of URLs in the Value data box. For more information, see the "Sample URL list" section in this article.
  7. Exit Registry Editor.

After this registry entry is created, the WebClient service will read the entry value. If the client computer attempts to access a URL that matches any of the expressions in the list, the user credential will be sent successfully to authenticate the user, even if no proxy is configured.

Note: The WebClient service has to be restarted after the registry is modified.

 

Prerequisites

There are no prerequisites for installing this hotfix.

Restart requirement

The computer has to be restarted after applying this.

 

For more details, please refer to http://support.microsoft.com/kb/943280

Attachments