I’m building out a Windows SharePoint Services 3.0 (SharePoint 2007) site for my client. The site uses two different methods of authentication, one for intranet users and one for extranet users.
The intranet users will be logging onto their workstations using their corporate domain based username and password. We have one Url in SharePoint for these users, which is set to the out of the box Windows authentication. When the user goes to this Url, IE6 is set to send the credentials to the site, so the user should never be prompted to enter their name/password.
The workstations that our extranet users have are configured to be more like a kiosk than a traditional Windows desktop. After their machine boots, it automatically logs onto the domain using a generic account (the account is not tied to just one user). Since the Windows user account that they logged onto the machine is different than their own user account (also domain based), they are challenged for a name and password. We decided to use a web form to log them to avoid the ugly Windows auth dialog, giving them a better user experience. We used Microsoft’s Active Directory membership provider, and then borrowed/built our own AD role provider, both of which work well.
So, when we started testing, we created some test accounts and gave the test accounts access to the site. These test accounts simulate the different roles that people will have, so our testers needed to be able to log in with different accounts. Since we didn’t give their normal accounts access, IE (IE6 on Windows XP in our case) would display the ugly Windows authentication dialog, the users would enter the test account username/password and then click the “remember password” checkbox before clicking ok. We instructed our users to save their passwords because of a certain bit of functionality that required this – that’s another blog post.
Well, after testing, we’re finally ready to have them access the site using their account. We gave their account access, set this website to be in their IE’s intranet security zone, and told them to go to the site. The users that had helped out with testing were still being prompted for a username/password, while users that didn’t do the testing were not prompted.
To fix this, we tried clearing the IE cache, which didn’t work. We then cleared anything and everything that IE allows you to clear in the Internet Options window. None of that worked.
So after searching on the net, I found this: http://www.tech-archive.net/Archive/Windows/microsoft.public.windows.inetexplorer.ie6.setup/2005-12/msg00067.html
The following method will clear the credentials already cached in Windows
XP joins a workgroup:
1. Open Control Panel and go into User Accounts.
2. Select the account and then choose "Manage my network passwords".
3. A "Store User Names and Passwords" dialog will appear.
4. Click Remove button to clear any passwords (for the affected sites.)
After doing this on the users’ workstations, they were able to navigate to the site without entering any username and password in IE – success at last!