When using IE7 to view Word documents on our CRM system (an ASP.NET 2.0 application running on Windows Server 2003 and IIS 6 and using Windows authenticaton) I'm finding that a prompt appears when the user closes the document. The Word document is originally opened by clicking a link in the CRM system.
Are there permissions that I can set on the folder containing the Word documents to prevent this prompt? I've already tried only allowing the Read permission for the Users group (I've left Administrators with Full Control.)
If there's another solution to this without using permissions please let me know.
UPDATE:
I ran Fiddler as suggested by JD and here is the output from the two responses after the request for the document. The first seems to be a DAV response and the second is the authentication request. How do I prevent the DAV response and just return the .doc on the server?
OPTIONS / HTTP/1.1
Translate: f
User-Agent: Microsoft Data Access Internet Publishing Provider Protocol Discovery
Host: <REMOVED>
Content-Length: 0
Connection: Keep-Alive
Pragma: no-cache
X-NovINet: v1.2
HTTP/1.1 200 OK
Date: Thu, 18 Feb 2010 13:37:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
MS-Author-Via: DAV
Content-Length: 0
Accept-Ranges: none
DASL: <DAV:sql>
DAV: 1, 2
Public: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
Allow: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
Cache-Control: private
------------------------------------------------------------------
OPTIONS /docs/ZONE%20100-105.doc HTTP/1.1
Translate: f
User-Agent: Microsoft Data Access Internet Publishing Provider Protocol Discovery
Host: <REMOVED>
Content-Length: 0
Connection: Keep-Alive
Pragma: no-cache
X-NovINet: v1.2
HTTP/1.1 401 Unauthorized
Content-Length: 83
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="<REMOVED>"
X-Powered-By: ASP.NET
Date: Thu, 18 Feb 2010 13:37:36 GMT
------------------------------------------------------------------
UPDATE 2:
I found a potential workaround for the problem via this post: http://forums.iis.net/p/1149091/1868317.aspx. I moved all of the documents that are being requested into a folder outside of the web root, and created a virtual directory for it (also outside of the web root).
When I followed a link to one of the documents in IE and then closed the document I wasn't presented with a login prompt.
I should point out that I'm not using FPSE, unlike the person in the forum post.
Ideally I don't want to have to put the documents in a separate virtual directory, but this is the simplest solution I've found so far.
