1 thing to note is is the web server, the excel file, and your users all in
the same domain.
Cos' if they are not, then NT Challenge/Response does not work and it will
use Basic Authentication instead which will require username and password.
----- Original Message -----
From: "Mark S Stockman" <stockmanm@d...>
To: "Security_asp" <security_asp@p...>
Sent: Friday, February 15, 2002 10:53 PM
Subject: [security_asp] Re: Opening spreadsheet in new window


> Mike,
>
> I agree!
>
> As I understand it, whenever a new browser window is created from an
existing
> browser window, the new window should inherit  the same ASP Session and
> authentication methods as the "parent window".  Whenever a new browser
window is
> created via an MSIE shortcut icon (or via the Windows START button), a
completely
> new browser instance is created thereby creating a new ASP Session and
client
> authentification.
>
> Perhaps, some bug exists.....interesting......may want to check for MSIE
bug
> fixes/updates.
>
> Also, try changing the name of your target window:
>
> e.g. from   target="resource window"    to something like
target="Excel"
> or   target="_new"
>
> Just a wild guess....but perhaps the text "resource" or "window" or the
space
> character between them is causing the problem.
>
> Let us know how you resolve this problem....I'm stumped.
>
> Sorry....
>
> Mike Thomason wrote:
>
> > Thanks for the reply.
> >
> > Since I need to restrict access to certain files (including the
spreadsheets
> > in question) based on one's NT Login/Group Membership , I use NT
> > Challenge/Response authentication.  I double checked the Excel files via
the
> > Web Server Management MMC and confirmed the Integrated Windows
> > Authentication box is checked.
> >
> > The IUSR_Machine account DOES NOT have read privileges on these files.
As I
> > understand it, this should not be a factor unless Anonymous
Authentication
> > is used.  I can't allow anonymous access to these files.
> >
> > The fact that these files are spreadsheets is, I believe, immaterial.
The
> > problem only occurs when restricted access files are opened in a new
window.
> > The restricted files opened in the same window do not present a problem.
> > Files open to the "Everyone" group open in a new window without a
problem.
> >
> > Thanks again,
> >
> > Mike
> > -----Original Message-----
> > From: Mark S Stockman [mailto:stockmanm@d...]
> > Sent: Thursday, February 14, 2002 9:55 AM
> > To: Security_asp
> > Subject: [security_asp] Re: Opening spreadsheet in new window
> >
> > When viewing any file (like Excel) from a web browser, the Web Server
> > controls
> > all authentication issues.
> >
> > In your message, you stated that users have NT permission to READ the
> > subject
> > Excel file.  This is fine and dandy in a network environment.  However,
in a
> > web
> > environment, the web server determines how to authenticate users (web
> > clients)
> > when they attempt to view (request) a file?  If they are authenticcated,
> > then NT
> > will determine if they have NT permission to READ, CHANGE, DELETE, etc.
the
> > file.
> >
> > Typically, a web server will use one or more of the following
authentication
> > methods:
> >
> > Anonymous Authentication - actually no authentication occurs; the web
server
> > uses
> > a default NT Account (IUSR_MachineName, or other) to access files.
> >
> > Basic Authentication - the web server requires Domain\UserID and
Password
> > information from the web client.  This is done via a pop-up
authentication
> > window
> > on the web browser.
> >
> > NT Challenge/Response - the web server authenticates the web client
> > seemlessly
> > (no pop-up window).  The authentication method only works with MSIE not
with
> > netscape browsers. Netscape browsers only support Basic Authentication.
> >
> > It is possible that the web server is enforcing Basic Authentication on
the
> > Execl
> > file; hence forcing the web client to enter his/her UserId and Password
in a
> > pop-up window.  I suggest that you check the Authentication settings on
the
> > Excel
> > file through your web server administration tools (Microsoft Management
> > Console).
> >
> > Also, it is possible that the default NT Account used for Anonymous
Requests
> > (usually IUSR_MachineName) doesn't have NT Permmission to READ the Excel
> > file.
> > I suggestthat you check and see if the Anonymous Acccount (usually
> > IUSR_MachineName) has NT Permission to READ the Exel file.
> >
> > I hope this helps.....
> >
> > Michael Thomason wrote:
> >
> > > Greetings.
> > >
> > > Some users on our intranet are being prompted to enter their nt
password
> > > when attempting to view a spreadsheet in a new window.
> > >
> > > The window is created using a simple target="resource window" tag in
link
> > > to for the spreadsheet.  These users belong to nt groups with read
> > > privelges on the folders which contain said spreadsheets.
> > >
> > > The new window acts as if it loses the user's nt authentication info.
How
> > > can this be?
> > >
> > > I've searched Microsoft's site to no avail.  All users use IE 5.0 or
above
> > > and W2K or Win98.  The server is W2K.
> > >
> > > Any tips would be greatly appreciated!
> > >
> > > Thanks,
> > >
> > > Mike
> > $subst('Email.Unsub').
> >
> > $subst('Email.Unsub').
> >
$subst('Email.Unsub').
>
>
$subst('Email.Unsub').