SharePoint: Getting Authentication Login Prompt When Trying To Open Office Document With Unique Permissions

November 6, 2012

The problem is in opening an Office document which is saved in SharePoint 2010:

  1. When a user has a “read” permission only to a specific document in a document library, but do not have any permissions in the document library level nor the site level.
  2. When he is accessing the document, he receives the “Download File” message with “Open” / “Save” / “Cancel” options. When clicking “Open”, he is prompted with a user & password message.
  3. When clicking his correct user and password, the user & password message remains – nothing happens.
  4. Only when clicking “Cancel” in the user & password message, the document opens.
  5. Users who has read permissions in the document library level or the site level – manage to open the document successfully, meaning are not prompted with the user & password message after clicking “Open” (it opens the document).

We tried with several users, all get the same result.

During our checking, we also found out that the following dll returns “401 Unauthorized”: /_vti_bin/_vti_aut/author.dll

Finally we opened a  service request and got a solution from Microsoft.

There are 3 possible ways to solve this issue:

1. Add read only permission in the root of the site collection.

2. Deactivate the feature “ViewFormPagesLockDown”:

stsadm -o deactivatefeature -url http://SERVERNAME/sites/SITENAME -filename ViewFormPagesLockDown\feature.xml

3. Run the following script on your site collection, this will add permission level to the “Limited Access” Permission level that you have in that site collection.

$siteCollectionUrl = 'http://sitecollectionurl'


$spsite = new-object Microsoft.sharepoint.spsite($SiteCollectionUrl)

$lmtd = $spsite.rootweb.RoleDefinitions['Limited Access']

$b1 = [Microsoft.sharepoint.spbasepermissions]::Open

$b2 = [Microsoft.sharepoint.spbasepermissions]::BrowseUserInfo

$b3 = [Microsoft.sharepoint.spbasepermissions]::UseClientIntegration

$b4 = [Microsoft.sharepoint.spbasepermissions]::UseRemoteAPIs

$lmtd.BasePermissions = "$b1,$b2,$b3,$b4"


I tried the second solution and it worked like a charm .

I would like to thank Gal Sagi for helping me with this article.

Hope you find this article handy Smile.


Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



  1. Jamil Ahmed FerdausNovember 29, 2012 ב 14:41

    Alex, Excellent post. I had the exact same scenario. and option 2 (disabling the lock down feature) worked for me.

    Thanks so much.

  2. Pavan ParuchuruMarch 11, 2013 ב 11:38

    We have been trying for this like a week and ur solution worked. Thanks for writing in.

  3. vibheshSeptember 3, 2014 ב 15:22

    only working in IE not other browsers

  4. RasmusNovember 27, 2014 ב 10:57

    Option 3 worked like a charm, thank you!

  5. JamesFebruary 20, 2017 ב 18:51

    Awesome – I have been looking for this fix for so long. Option 2 worked for me – you are a lifesaver sir!