Office applications open blank from SharePoint WebDAV or sites
When this problem occurs, you may also experience the following additional symptoms:
- You do not receive a Basic authentication password prompt when you try to open or download the file.
- You do not receive an error message when you try to open the file. The associated Office application starts, but the selected file does not open.
This problem occurs when the following conditions are true:
- The server is configured for Basic authentication.
- The connection between your computer and the web server does not use Secure Sockets Layer (SSL).
By default, file operations that use Basic authentication over a non-SSL HTTP connection are disabled in Office 2010 and Office 2013 applications.
When Basic authentication is disabled, one of the following events occurs:
- The client application uses a different authentication method. This occurs if the server supports a different authentication method.
- The request fails (for details about what happens when a request fails, see the list in the "Additional symptom details" section).
If the workaround of using HTTPS instead of HTTP does not work, the resolution is to enable SSL encryption on the web server to allow for client access over HTTPS.
Note
By default, Office 2010 applications can access and download files from a web server that uses Basic authentication only over an SSL connection.
To work around this problem, let Office 2013 and Office 2010 applications connect to a web server by using Basic authentication over a non-SSL connection.
Warning
When you enable Basic authentication without SSL, you are subject to a significant security risk.
About Basic authentication and its security risk
Basic authentication requires users to a valid user name and password to access content. This authentication method does not require a specific browser, and all major browsers support it. Basic authentication also works across firewalls and proxy servers. For these reasons, it is a good choice when you want to restrict access to some, but not all, content on a server.
However, the disadvantage of Basic authentication is that it transmits unencrypted base64-encoded passwords over the network. If the password is intercepted over the network by a network sniffer, an unauthorized user can determine the user name and password, and can then reuse these credentials. It is because of this security risk that Office 2010 applications disable Basic authentication over a non-SSL connection in the default configuration.
You should use Basic authentication only when you know that the connection between the client and the server is secure. The connection should be established either over a dedicated line or by using SSL encryption and Transport Layer Security (TLS). For example, to use Basic authentication with WebDAV, you should configure SSL encryption.
For more information about Basic authentication, see Basic authentication and Configure Basic authentication (IIS 7).
For more information about SSL and certificates, see SSL and certificates.
Enable Basic authentication over a non-SSL connection
The following two steps describe how to enable Office 2013 and Office 2010 applications to open Office file types directly from a server that supports only Basic authentication over a non-SSL connection. You should follow these steps only if you are confident that the connection between the user and the web server is secure. A direct cable connection or a dedicated line would be considered optimal for secure connections.
Note
For Office 2013 and Office 2010 applications, both steps are required. For other Office applications, only step 1 is required.
Step 1: Configure WebDAV Redirector on the client
Note
This step is required for applications in the 2007 Office suite and in Office 2013 and Office 2010.
On the client computer, configure the WebDAV Redirector to enable Basic authentication over non-SSL connections.
Important
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.
Windows XP and Windows Server 2003
To enable Basic authentication on the client computer, follow these steps:
Click Start, click Run, type regedit, and then click OK.
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
On the Edit menu, point to New, and then click DWORD Value.
Type UseBasicAuth, and then press Enter.
Right-click UseBasicAuth, and then click Modify.
In the Value data box, type 1, and then click OK.
Note
Basic authentication is enabled if the UseBasicAuth registry entry is set to a nonzero value. Basic authentication is disabled if the UseBasicAuth registry entry is not present, or if the UseBasicAuth registry entry is set to 0 (zero).
The mapping is as follows:
- 0 - Basic authentication disabled
- 1 - Basic authentication enabled for SSL connections only
- 2 - Basic authentication enabled for SSL and non-SSL connections
Exit Registry Editor, and then restart the computer.
Windows Vista, Windows 7, and Windows 8
To enable Basic authentication on the client computer, follow these steps:
In Windows Vista or Windows 7, click Start, type regedit in the **Start Search **box, and then press Enter.
In Windows 8, hold the Windows key (WINKEY) + F, highlight Apps in the Menu bar, type regedit in the Search box, and then press Enter.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
On the Edit menu, point to New, and then click DWORD Value.
Type BasicAuthLevel, and then press Enter.
Right-click BasicAuthLevel, and then click Modify.
In the Value data box, type 2, and then click OK.
The mapping is as follows:
- 0 - Basic authentication disabled
- 1 - Basic authentication enabled for SSL connections only
- 2 - Basic authentication enabled for SSL and non-SSL connections
Exit Registry Editor, and then restart the computer.
Step 2: Update the Registry on the client
Note
This step is required for Office 2013 and Office 2010 applications.
On the client computer, add the BasicAuthLevel registry key and an appropriate value. To do this, follow these steps.
Important
Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.
Start Registry Editor.
- In Windows 8, hold the Windows key (WINKEY) + F, highlight Apps in the Menu bar, type regedit in the Search box, and then press Enter. If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
- In Windows 7 or in Windows Vista, click Start, type regedit in the Start Search box, then press Enter. If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
- In Windows XP, click Start, click Run, type regedit, and then click OK.
Locate and then click one of the following registry subkeys:
For Office 2010:
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet
For Office 2013:
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common\Internet
On the Edit menu, point to New, and then click DWORD Value.
Type BasicAuthLevel, and then press Enter.
Right-click BasicAuthLevel, and then click Modify.
In the Value data box, type 2, and then click OK.
The mapping is as follows:
- 0 - Basic authentication disabled
- 1 - Basic authentication enabled for SSL connections only
- 2 - Basic authentication enabled for SSL and for non-SSL connections
Exit Registry Editor, and then restart the computer.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for