Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Ms Outlook / IE7 - Links and Internet Zones Issue

  • 10-03-2009 2:47pm
    #1
    Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭


    Right, this is a toughie.

    Standard huge corporate active-directory based network. Standard machine images - Vista SP1, Office 2007.

    We have a number of intranet web applications here, many of which use LDAP-based authentication between the browser and IIS in order to verify that the user accessing the application is a domain user and has the correct permissions and so forth.

    The problem is that we often send emails to people with links to these internal applications - things for their attention and so forth. When someone clicks on one of these links, they get prompted for their username and password. This we do not want, primarily because it requires them to type in "DOMAIN\User" and it's an educational barrier :)

    We've tracked this down to security zones. In normal browsing, the zone is "Intranet", where group policy security config tells the browser to logon transparently using the domain credentials of the currently logged in user. So our users ordinarily never see the password prompt.
    However, when you send a link via Outlook, IE7 seems to purposely ignore the FQDN of the URL and open the link in the "Internet" zone, where the browser quite rightly will not send domain credentials. I imagine this is a security feature of either Outlook 2007 or IE7 to prevent some form of malicious attack.

    Any ideas? We need to be able to send Intranet links and have them open without prompting for a username. I can't find anything relating to this issue online.

    I have a workaround (which I haven't tested), which involves a form of "callback" where the user opens a page which doesn't require authentication and then javascript (or whatever) redirects to the correct page. I don't really want to do this though.

    Cheers...


Comments

  • Posts: 0 [Deleted User]


    I'm not 100% sure if this will sort the problem but it sounds like it might be this...

    There's a bug in IE7 under Vista and XP where it detects intranet addresses as being in the Internet zone along with the usual security restrictions that imposes. The workaround is to go in to Internet Options>Security, choose Local Intranet and then the Sites button. Disable "Automatically detect intranet network" and enable the three options below it. Hope this helps.


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    I didn't think it was going to work. Then I rebooted my machine and it did!

    Awesome, nice job! :)

    It should be possible to give multiple thanks to a post in cases like this :)


Advertisement