Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You are prompted for a password when you open an Office 2000 document in a browser

View products that this article applies to.


When you open an Office 2000 document or follow a hyperlink to an Office 2000 document in a Web browser, you may be prompted to enter a password. If you click Cancel or type the user name and password, the document opens as read-only.

NOTE: You may need to type the user name and password multiple times before the document is opened in the Web browser.

↑ Back to the top


These symptoms occur for the following reasons:
  • The Web server is using Windows NT Challenge/Response or Basic authentication, or both.

  • Office 2000 documents are opened in a Web browser as read-write.
When you open an Office 97 document or follow a hyperlink to an Office 97 document in a Web browser, you do not experience this behavior. Office 97 documents are opened as read-only in Web browsers.

↑ Back to the top


To resolve this problem, obtain Microsoft Office 2000 Service Release 1/1a (SR-1/SR-1a).

To obtain SR-1/SR-1a, click the article number below to view the article in the Microsoft Knowledge Base:
245025 OFF2000: How to Obtain and Install Microsoft Office 2000 Service Release 1/1a (SR-1/SR-1a)

↑ Back to the top


Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was corrected in Microsoft Office 2000 SR-1/SR-1a.

↑ Back to the top

More information

With Windows NT Challenge/Response authentication turned on, most browsers prompt the user for a user name and password, and submit these details with another request for the same resource.

The Windows NT Challenge/Response authentication provides encryption of the user name and password. When a Web user is authenticated using the Windows NT Challenge/Response mechanism, the Web server does not actually receive a copy of the user's password in clear text format. Instead, an encrypted copy of the password is received, which is then passed on to the domain controller for verification. This can cause a problem if there is any ASP logic that requires access to a resource on another Windows NT computer. The remote computer will initially challenge for proof of identification. Because a copy of the user's password is not being sent, the appropriate messages can not be generated.

For more information about Internet server security, please see the following white paper:

↑ Back to the top

Keywords: kbhotfixserver, kbqfe, kbtshoot, kbbug, kbfix, KB225234

↑ Back to the top

Article Info
Article ID : 225234
Revision : 8
Created on : 9/22/2005
Published on : 9/22/2005
Exists online : False
Views : 447