Pages

Tuesday, 12 February 2013

When opening office (word, excel) documents from anonymous Internet facing site hosted on SharePoint 2010, users receive logon prompts

Scenario: 

When using IE and opening office (word, excel) documents from anonymous access enabled Internet facing site hosted on SharePoint 2010, users receive logon prompts. After hitting the escape key a couple of times the document does open. When using Firefox the logon prompt does not appear.

Reason:

IE opens word first and then word tries to download the document, however other browsers download the document and then open word to view the document.

According to the Microsoft Knowledge base article, giving "OpenItems" permission allows anonymous users to have view source rights to certain files that could potentially contain sensitive info.



Programmatically give "OpenItems" permission to the SPWeb to anonymous users. Note that you should only do this if you understand & accept the security implications. The sample script below can be used to add the "Open Items" permission:

[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SharePoint")

$siteUrl = "http://URL_of_your_SITE";
$site = New-Object Microsoft.SharePoint.SPSite($siteurl);
$web = $site.OpenWeb();

$enumPerms = [Microsoft.SharePoint.SPBasePermissions];

Write-Host $web.AnonymousPermMask64;
$web.AnonymousPermMask64 = $web.AnonymousPermMask64 -bor $enumPerms::OpenItems
$web.Update();
Write-Host $web.AnonymousPermMask64;

$web.Dispose();
$site.Dispose();



In my case this did not work, so I had to change the approach to pass the relative path to the document to /_layouts/download.aspx

 Added this script to the Scripts.js (custom Javascript library for my SharePoint site) and called the method in $(document.ready.....


function rectifyOfficeDocumentLinks()
{
     $("a").each(function(){
                if (this.href.match(/.doc$/i) || this.href.match(/.docx$/i) || this.href.match(/.rtf$/i) || this.href.match(/.xls$/i) || this.href.match(/.xlsx$/i) || this.href.match(/.ppt$/i) || this.href.match(/.pptx$/i))
                {
                    if (this.href.indexOf("/_layouts/download.aspx?SourceUrl=") == -1)
                    {
                     this.href = _spPageContextInfo.siteServerRelativeUrl + "/_layouts/download.aspx?SourceUrl=" + this.href.replace("http://" + window.location.host,''); 
                    }
                }
                });
}


References:
  • http://social.msdn.microsoft.com/forums/en-SG/sharepointgeneralprevious/thread/62381802-20b9-49ee-985b-8d2dcd2453ea 
  • http://support.microsoft.com/kb/2498047/en-us
  • http://blogs.technet.com/b/acasilla/archive/2011/10/01/add-openitems-permission-to-the-default-anonymouspermmask64-so-that-you-can-open-office-docs-within-an-anonymous-accessible-sharepoint-site.aspx

No comments:

Post a Comment