Solution to the user authentication box displayed by clicking the Word attachment in the SharePoint site

During the construction of a Sharepoint site, the list of SharePoint sites has its own attachment adding mechanism.

However, in actual projects, you may not need to add SharePoint attachments.

Instead, you can design a set of attachments to upload and add them. For example, you can add attachments to a set of document libraries you have designed.

Docliblink is the document library designed for storing attachments.

In this case, if you access the Word document in the attachment in IE, a User Password box will pop up for verification.

For example, click the attachment of an article,

Visit this article, such as http://www.xxx.com.cn/uploadfile/bfa81039-developer-developer-4583-04fb4244c4.doc.

In IE

According to the relevant information on the Internet, this is because if you access word in IE, you need to pass the user password to the server to verify the permission,

If anonymous access is enabled on the server, you can access the relevant attachments by disabling the user password.

In this case, there is an additional pop-up process for the user password pop-up box.

The user asks not to pop up the User Password box when opening the attachment.

I checked some information and asked relevant persons in this regard. To solve this problem, I can start from two aspects.

1. You can set the client's iesettings,

You can select "Anonymous Logon" in the security settings. The default value is "Automatic Logon Only in Intranet Zone"

 

In this case, the IE will access this document as an anonymous user, and the user verification box will no longer pop up.

2. Write ihttphandler on the server.

Code

 Namespace ba. WebClient. webcommon
{
Class filehandler: ihttphandler
{
# Region ihttphandler Member

Public bool isreusable
{
Get {return true ;}
}

Public static byte [] streamtobytes (Stream)
{
Byte [] bytes = new byte [stream. Length];
Stream. Read (bytes, 0, bytes. Length );

// Set the current stream position to the beginning of the stream
Stream. Seek (0, seekorigin. Begin );
Return bytes;
}

Public void processrequest (httpcontext context)
{
Httpresponse response = context. response;
Httprequest request = context. request;

Try
{
String filename = request. path;

Spsite sitecoll = spcontext. Current. Site;
Spweb site = spcontext. Current. Web;

Spsecurity. runwithelevatedprivileges (delegate ()
{
Using (spsite elevatedsitecoll = new spsite (sitecoll. ID ))
{
Using (spweb = elevatedsitecoll. openweb (site. ID ))
{
Spfile file = web. GetFile (filename );
String fullfilename = httpcontext. Current. server. mappath (filename );

Fileinfo downloadfile = new fileinfo (fullfilename );
If (file. exists)
{
System. Io. Stream sourcestream = file. openbinarystream ();
Byte [] buffer = new byte [1024];
Buffer = streamtobytes (sourcestream );

Response. Clear ();
Response. clearheaders ();
Response. Buffer = false;
Response. contenttype = "application/octet-stream ";
Response. appendheader ("content-disposition", "attachment; filename =" + httputility. urlencode (Web. url + file. serverrelativeurl, system. Text. encoding. ASCII ));
Response. appendheader ("Content-Length", file. length. tostring ());
Response. outputstream. Write (buffer, 0, buffer. Length );
Response. Flush ();
Response. End ();
}
Else if (downloadfile. exists)
{
Response. Clear ();
Response. clearheaders ();
Response. Buffer = false;
Response. contenttype = "application/octet-stream ";
Response. appendheader ("content-disposition", "attachment; filename =" + httputility. urlencode (downloadfile. fullname, system. Text. encoding. ASCII ));
Response. appendheader ("Content-Length", downloadfile. length. tostring ());
Response. writefile (downloadfile. fullname );
Response. Flush ();
Response. End ();
}
Else
{
// The file does not exist.
}
}
}
});
}
Catch (exception ex)
{
// An exception occurred while enabling
Throw ex;
}
}

# Endregion
}
}

Then add code to the website's web. config

 <add verb="GET" path="*.doc" type="BA.WebClient.WebCommon.FileHandler, BA.WebClient.WebCommon"/>

Let all the methods for processing the doc document be handled in the code described above.

In fact, the above Code means to write the DOC file into the file stream, and then output the file stream, thus avoiding the direct opening of the DOC file in IE,

This removes the need for IE verification.