You cannot open Office file types directly from a server that supports only Basic authentication over a non-SSL connection

Consider the following scenario:

• You have applications from one of the following installed on a client computer:
  • Microsoft Office 2013
  • Microsoft Office 2010
  • The 2007 Microsoft Office suite
• From the client computer, you try to open or to download an Office file that is stored on a web server. (For example, you try to access an Office file that is stored on a SharePoint server or WebDav server.) 

In this scenario, you experience the following symptoms:

• The Office file does not open or download.
• You do not receive a Basic authentication password prompt when you try to open or to download the file.
• You do not receive an error message when you try to open the file. The associated Office application starts. However, the selected file does not open.

This problem occurs when the following conditions are true:

• The server is configured for Basic authentication.
• The connection between your computer and the web server does not use Secure Sockets Layer (SSL).

By default, file operations that use Basic authentication over a non-SSL HTTP connection are disabled in Office 2010 and Office 2013 applications.

When Basic authentication is disabled, one of the following events occurs:

• The client application uses a different authentication method. (This occurs if the server supports a different authentication method.)
• The request fails. (For what happens when a request fails, see the list in the "Symptoms" section.)

To resolve this problem, try to access the web server by using HTTPS instead of HTTP. For example, type https://www.site.com. If HTTPS is not enabled, we recommend that you ask the server administrator to enable SSL encryption on the web server.

Note By default, Office 2010 applications can access and download files from a web server that uses Basic authentication only over an SSL connection.

To work around this problem, let Office 2013 and Office 2010 applications connect to a web server by using Basic authentication over a non-SSL connection.

Warning When you enable Basic authentication without Secure Sockets Layer (SSL), you are subject to a significant security risk.

Because user credentials are not encrypted for network transmission and are sent over the network in plain text, we do not recommend that you u se Basic authentication over an unsecured HTTP connection. For more information, see the "More Information" section. If you want to use Basic authentication, we recommend that you always enable SSL encryption on the server.


To have us work around this problem for you, go to the "Fix it for me" section. If you prefer to work around this problem yourself, go to the "Let me fix it myself" section.

Fix it for me

To work around this problem, click the Fix it button or link. Then click Run in the File Download dialog box, and follow the steps in the Fix it wizard.

For Windows 8
Fix this problem

(http://go.microsoft.com/?linkid=9831821)

Microsoft Fix it 20107

For Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003
Fix this problem

(http://go.microsoft.com/?linkid=9777384)

Microsoft Fix it 50711
Notes

• This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
• If you are not on the computer that has the problem, you can save the Fix it solution to a flash drive or a CD and then run the solution on the computer that has the problem.
• We would appreciate your feedback. To provide feedback or to report any issues with this solution, please leave a comment on the "Fix it for me
  (http://blogs.technet.com/fixit4me/)
  " blog, or send us an email
  (mailto:fixit4me@microsoft.com?Subject=KB)
  message.

Let me fix it myself

The following two steps describe how to enable Office 2013 and Office 2010 applications to open Office file types directly from a server that supports only Basic authentication over a non-SSL connection. You should follow these steps only if you are confident that the connection between the user and the web server is secure. A direct cable connection or a dedicated line would be considered optimal for secure connections. 

Note For Office 2013 and Office 2010 applications, both steps are required. For other Office applications, only step 1 is required.

Step 1

On the client computer, configure the Web Distributed Authoring and Versioning (WebDAV) Redirector to enable Basic authentication over non-SSL connections.

Note This step is required for applications in the 2007 Office suite and in Office 2013 and Office 2010.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

Windows XP and Windows Server 2003

To enable Basic authentication on the client computer, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:
   
   
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
   
   
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type UseBasicAuth, and then press Enter.
5. Right-click UseBasicAuth, and then click Modify.
6. In the Value data box, type 1, and then click OK.
   
   Note Basic authentication is enabled if the UseBasicAuth registry entry is set to a nonzero value. Basic authentication is disabled if the UseBasicAuth registry entry is not present or if the UseBasicAuth registry entry is set to 0 (zero).
7. Exit Registry Editor, and then restart the computer.

Windows Vista, Windows 7, and Windows 8

To enable Basic authentication on the client computer, follow these steps:

1. In Windows Vista or Windows 7, click Start, type regedit in the Start Search box, and then press Enter.
   
   In Windows 8, hold the Windows key (WINKEY) + F, highlight Apps in the Menu bar, type regedit in the Search box, and then press Enter.
   
2. Locate and then click the following registry subkey:
   
   
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type BasicAuthLevel, and then press Enter.
5. Right-click BasicAuthLevel, and then click Modify.
6. In the Value data box, type 2, and then click OK.
   
   Note The mapping is as follows:
   
   0 - Basic authentication disabled
   1 - Basic authentication enabled for SSL connections only
   2 - Basic authentication enabled for SSL and non-SSL connections
7. Exit Registry Editor, and then restart the computer.

For more information about how to configure the WebDAV redirector to enable Basic authentication, click the following article number to view the article in the Microsoft Knowledge Base:

Step 2

On the client computer, add the BasicAuthLevel registry key and an appropriate value. To do this, follow these steps.

Note This step is required for Office 2013 and Office 1010 applications.


Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

1. Start Registry Editor.
   
   • In Windows 8, hold the Windows key (WINKEY) + F, highlight Apps in the Menu bar, type regedit in the Search box, and then press Enter. If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
   • In Windows 7 or in Windows Vista, click Start, type regedit in the Start Search box, then press Enter. If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
   • In Windows XP, click Start, click Run, type regedit, and then click OK.
   
   
2. Locate and then click one of the following registry subkeys:
   
   For Office 2010
   
   HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
   
   For Office 2013
   
   HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Internet
    
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type BasicAuthLevel, and then press Enter.
5. Right-click BasicAuthLevel, and then click Modify.
6. In the Value data box, type 2, and then click OK.
   
   Note The mapping is as follows:
   
   0 - Basic authentication disabled
   1 - Basic authentication enabled for SSL connections only
   2 - Basic authentication enabled for SSL and for non-SSL connections
7. Exit Registry Editor, and then restart the computer.

Basic authentication is a widely used, industry-standard method for collecting user name and password information. The advantage of Basic authentication is that it is part of the HTTP specification and is supported by most browsers. However, Basic authentication prompts the user for a username and password. This information is then sent unencrypted over the network. We do not recommend the Basic authentication method unless you are sure that the connection between the user and the web server is secured (by using SSL or a direct connection, for example). With Basic authentication, the password is sent over the network in plain text. If this password is intercepted over the network by a network sniffer, an unauthorized user can determine the username and password and can then reuse these credentials. It is because of this security risk that Office 2010 applications disable Basic authentication over a non-SSL connection in the default configuration.

For more information about Basic authentication, go to the following Microsoft Website: For more information about SSL and Certificates, go to the following Microsoft Website: