Alex Parker

Sorry for the non-descriptive comment. Here it goes:

I've installed SharePoint Portal Server on a box whose name is A2004SP. The domain name is A2004.
I've installed Exchange Server 2003 on a different box called MAILEXSP, joining the domain: A2004.

I'm creating a portal for the users, and each user will have their Inbox, in My Site. The problem I'm having is that the portal asks for auth the first time (A2004\JDOE) and then, when the users clicks on My Site, the portal asks again for authorization but now on each of the webPart.

I've followed the steps you depicted in your post, but I've been unable to find a solution... and I've been researching in the newsgroups and Microsoft knowledge base and nothing...

I have seen a lot of questions regarding this issue, but little answers... do you have a hint for this?

Not a problem. Let me see if I can replicate this issue. I will post a reply.

It seems that this solution only works with everything on the same machine, i.e. SBS. I would try investigating the Single Sign-On service which is included with Portal Server, if that is what you are using.

Have you tried using the OWA webparts instead of the page viewer? They should be located in the C:\Program Files\Common Files\Microsoft Shared\web server extensions\60\TEMPLATE\1033\SPSPERS\LISTS\WPLIB\DWP folder. I will try however to figure out a solution.

I'm using the OWA WebParts, and the result is the same. Found a solution that if I add the domains to the trusted zone, the problem will go away... but this will not work for us, because the users can login from their houses to work on the webpage and they may not have the domains in the trusted zone or use a diferent browser. (Check this: http://groups.google.com.mx/groups?hl=es&lr=&ie=UTF-8&threadm=ez0%23cGbGEHA.2052%40TK2MSFTNGP11.phx.gbl&rnum=16&prev=/groups%3Fq%3Dsharepoint%2Bowa%2Bwebpart%26start%3D10%26hl%3Des%26lr%3D%26ie%3DUTF-8%26selm%3Dez0%2523cGbGEHA.2052%2540TK2MSFTNGP11.phx.gbl%26rnum%3D16)

SSO will not work, because the OWA webParts are just an IFrame for the Exchange Server.

I've been searching a lot in the newsgroups and this is a very common issue, but nobody posts a solution...

I really appreciate your help. Thanks.

Yes the zone of where your machine will dictate to what sites credentials will be automatically sent. In my case, the external addresses are in the internet zone and the myhome.local domain is considered local intranet. The security setting are set to automatically login in the local intranet.

Now to the problem at hand. I believe we may have a delegation issue. We will probably need to enable the protocol transfer extensions to the kerberos protocol in Windows 2003. To be able to delegate the credentials off of the web server. I wont be able to look at this for a few days but this will be the path I will be looking down.

Alex

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/constdel.mspx

Thanks for your help. I did a quick read on the document and found it very technical... my experience on network infraestructure is not that wide...
Anyway, thanks a lot for the help... I'm still trying to find a solution to this problem... I have contacted Microsoft Support here in Mexico and they were less than helpful.
I'm going to be checking on your blog to see if you have another idea... thanks again!

By the way, I've posted a diagram on the problem; check if out ... this may have more sense: http://intellekt.ws/spsfa.html

Cheers!
krees
msn:krees98_at_hotmail.

I have been looking at this problem as well. Someone suggested looking at delegated authentication, but I have not got that to work yet.

The only solution for public folders in Sharepoint I have come up with so far is to allow anonymous access to the "public" virtual directory in IIS on your OWA server. This means that if you enter the address of a public folder (e.g. http://servername/public/staffcalendar/?cmd=contents&view=weekly) it will go straight to it with no authentication - but this takes off security for public folders. To make this more secure, you could instead create a copy of the public virtual directory (in IIS 6 you can save its configuration to a file, then create a new virtual directory from the file) with an unguessable name, and only remove anonymous access for that. Your main public folder is secure and the copy (which you use in Sharepoint Page Views) is not likely to be hacked as people will not know it exists.

Hope this helps.

It's been a while since this thread was updated, but did anyone try developing an sso webpart? Although it seems that one would already exist for this purpose...)