Hello Community
We are facing a strange behavior when opening Office documents with SharePoint 2010 published trough TMG 2010 and HTML Forms Authentication with persistent Cookies enabled.
Relevant configuration:
- Intranet: Integrated Authentication, SharePoint URL in local Intranet Zone in IE 9 > No Issues
- Extranet/Internet: HTML Forms Authentication, TMG as reverse Proxy with persistent Cookies enabled for public and private Computers, Cookie timeout 360 minutes
- Open documents in client application is activated in relevant SharePoint SC.
- File opening setting in relevant SharePoint Web Application is set to “Permissive”.
- Office Integration is activated in Sharepoint security zone settings for Extranet and Internet Zone
- Anonymous access is disabled in relevant security zones
- Microsoft Office Version 2010 and 2013
Issue description:
Extranet users are unable to open Microsoft office documents from private computers, since persistent cookie is implemented on TMG.
Internet Explorer:
Prerequisites: Open Document Class Add On is activated in IE
If the SharePoint url is in the “Internet Zone” of IE, persistent cookie is written and accepted by browser, but not shared with office. This means that a user can login in to SharePoint trough TMG HTML Forms authentication successfully, but is unable to open documents. If he tries to open document then office client application is opened, but document is not loaded and a generic error stating that this document could not be opened is displayed.
IF user adds SharePoint url to “Trusted Sites Zone”, persistent Cookie is accepted, when opening an Office document no login prompts appear and document opens in edit mode as expected.
Summary: To make use of proper SSO SharePoint has to be in “Trusted Sites Zone”. Only then persistent cookie is shared between browser and office client application.
Chrome on Windows /Safari on Windows and MAC:
Documents are downloaded and opened in read only mode as expected, no office integration is supported out of the box.
Firefox on Windows and MAC:
Prerequisites: Microsoft Office SharePoint Plugin is activated in FF
User is able to login successfully to SharePoint, persistent cookie is written and works for browser session. If he tries to open document then office client application is opened, but document is not loaded and a generic error stating that this document could not be opened is displayed. Documents can be opened only when making use of document > send to > download a copy.
If Microsoft Office SharePoint Plugin is disabled, FF downloads documents and offers the open/save dialog and document opens in read only mode as expected.
Summary: With Microsoft Office SharePoint Plugin activated, document can’t be opened successfully. If plugin is deactivated, document is downloaded and can be opened from local. Office Integration features are not available.
Does anyone has a similar deployment and can help me with some hints? Are u facing the same behavior as described? I mean BYOD should be a possible scenario in our case, we are talking about a web application and office.
Our SharePoint Portal is used by 1500 students and they all have private laptops. The main goal would be to find a solution with minimal impact on client settings for all browsers. We don’t need office integration on FF, Chrome and Safari, but at least it should be possible to open documents as read only and local copy without using document > send to > download a copy. Users with higher demands on DMS functionality have to use IE, that’s logical.