we have a following scenario:
- a MOSS 2007 web application,
- publicly accessible,
- its URL added in Internet Explorer to the intranet sites,
- checked in and published office documents within this site.
The problem occurring is that when one wants to open a MS Office document from the site using Internet Explorer, the Office application (Word, Excel..) is asking for username and password, although the document is publicly visible and not password-protected. Even if one clicks „Cancel” on the login prompt, the file is opened seamlessly.
After some research, I came across two possible solutions that can be applied in order to get rid of the unnecessary login prompt: either remove the URL from IE’s intranet sites list (which might not be desired because of other benefits of intranet sites), or make following changes in the applications settings in IIS (7):
Go to the web site’s features, open the request filtering feature, and in the „HTTP Verbs” tab, add a deny rule for the verbs „OPTIONS” and „PROPFIND„. In my case, the use of checking in/out documents, opening them in read-only mode etc., was not necessary in this application, thus the verbs could be inhibited without the loss of other needed functionalities.
More information can be found in this KB article.
Hope this helps,