开发者

Force sharepoint to ask for authentication

开发者 https://www.devze.com 2023-02-02 17:01 出处:网络
Is there a way to force sharepoint 2010 to popup the dialog to ask the user for a username and password and not use the computers logged in user, if that user doesn\'t have access.

Is there a way to force sharepoint 2010 to popup the dialog to ask the user for a username and password and not use the computers logged in user, if that user doesn't have access.

We need an intern开发者_如何学Goal sharepoint website to not use the windows credentials, since these are computers used by many people. The windows user doesn't have access to the site, so currently it shows an access denied, click here to log in as another user. We would prefer if it just asked for credentials in a more graceful manner.


There is a way to configure Internet Explorer to do this. In Internet Explorer(IE),

  1. Go to Tools
  2. Click Internet Options
  3. Click on the Security tab
  4. Click on the button labeled Custom Level.
  5. Scroll to the very bottom of the list
  6. Select the option labeled Prompt for user name and password.

The default option Automatic logon only in Intranet zone' is what is causing IE to send the credentials to SharePoint. This of course would force everyone to log in on that computer.


Forms Based Authentication is the answer. You can modify the Login page and even where the users credentials (username/password) are stored (e.g. a SQL database rather then AD).


Use browser other than IE to access the SharePoint site from the community computers.

Force sharepoint to ask for authentication


I am guessing you work in a corporate environment, which would mean your computers are probably managed by your IT department and part of your domain. Because they are part of your company's AD (Active Directory), your systadmins Should be able to modify the existing policy (i say existing, because in IE, the defaults for the settings relating to logging on are by default set so that you WOULD have gotten a logon prompt, i am guessing a group policy is already in effect). If it does not exist, have your admins create one.

The setting Jeremy mentions is one option. It could also be that the site is in included in your IE's "Local Intranet Zone". If it is, or, more probable, there is a wildcard *.yourdomainname.yourdomainextension).

Use the setting mentioned by jeremy to override the default logon behavior (automatic logon) associated with sites listed in the intranet zone.

A group policy can be applied to a group of computers or all the computers in the domain. If the policy should be applied to a small group of computers only, put those computers in a separate OU (Organisation Unit) in AD and apply the policy to that OU.


What about creating a new zone, secured with FBA, for those community computers? As long as the users of the community computers are given only URL for the new zone, you should be OK.


You can create 2 registry files to turn this behavior on and off for the Internet Explorer. Use Notepad to paste the values below, ensure that Windows Registry Editor Version 5.00is the first line, and that you're appending 2 blank lines at the end of the file (press 2x Enter).

  • To turn it on (i.e. always ask for credentials): AlwaysAsk.reg

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] "1A00"=dword:00010000

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] "1A00"=dword:00010000

  • To turn it off (automatically use credentials, only ask if necessary): AutomaticLogon.reg

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] "1A00"=dword:00020000

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] "1A00"=dword:00020000

This is useful for testing, espcecially if you're a developer in a corporate environment where you can't easily change the policy settings on your PC (but you need elevated rights, i.e. you have to run it as Administrator).

Note that the 1st key is for the local machine, the 2nd key is for the current user (currently logged in), which is needed to activate it immediately.

If you need more details about the values, check out this link: Internet Explorer security zones registry entries for advanced users

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号