Trying to solve MS Office bug with document having link to a private ressource in Plone

classic Classic list List threaded Threaded
6 messages Options
Gauthier Bastien-2 Gauthier Bastien-2
Reply | Threaded
Open this post in threaded view
|

Trying to solve MS Office bug with document having link to a private ressource in Plone

Hi everybody,

we are encoutering the following bug for some of our users : http://support.microsoft.com/kb/899927

It is a MS Office bug, when you have links to private ressources in a web site, an Unauthorized is raised even if you are connected with an account that can actually see the ressource...

So to test :
- Open your default browser (no matter IE, FF, ...) and connect as admin in a Plone
- create a private document, you can access it
- copy the url to this document, keep your brower open
- paste it into a MS Office Word document
- click on this link in the Word document (CTRL+click)
- the link will open in your currently opened browser but you will have an unauthorized no matter your are still connected as admin and you can actually access the ressource...

I do not know the exact details, but while MS Office is sending is request, it is some kind of weird request that do not behind correctly.

Anyway, some of our users have this problem because we develop private applications that produce desktop documents in wich there can be links sometimes...

Does anybody know if something exist in Zope or Plone to solve this?  An existing addon or so?

If not, we will add one but if something exists, it is more simple ;-)

Thank you and have a nice day,

--
Gauthier Bastien
Zoning industriel, 34
5190 Mornimont
Tél: 0032(65)32 96 70
Fax: 0032(65)32 96 79
[hidden email]

La mutualisation informatique
au service des pouvoirs locaux

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
Gauthier Bastien-2 Gauthier Bastien-2
Reply | Threaded
Open this post in threaded view
|

Trying to solve MS Office bug with document having link to a private ressource in Plone

Hi everybody,

we are encoutering the following bug for some of our users : http://support.microsoft.com/kb/899927

It is a MS Office bug, when you have links to private ressources in a web site, an Unauthorized is raised even if you are connected with an account that can actually see the ressource...

So to test :
- Open your default browser (no matter IE, FF, ...) and connect as admin in a Plone
- create a private document, you can access it
- copy the url to this document, keep your brower open
- paste it into a MS Office Word document
- click on this link in the Word document (CTRL+click)
- the link will open in your currently opened browser but you will have an unauthorized no matter your are still connected as admin and you can actually access the ressource...

I do not know the exact details, but while MS Office is sending is request, it is some kind of weird request that do not behind correctly.

Anyway, some of our users have this problem because we develop private applications that produce desktop documents in wich there can be links sometimes...

Does anybody know if something exist in Zope or Plone to solve this?  An existing addon or so?

If not, we will add one but if something exists, it is more simple ;-)

Thank you and have a nice day,

--
Gauthier Bastien
Zoning industriel, 34
5190 Mornimont
Tél: 0032(65)32 96 70
Fax: 0032(65)32 96 79
[hidden email]

La mutualisation informatique
au service des pouvoirs locaux



------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
Dylan Jay Dylan Jay
Reply | Threaded
Open this post in threaded view
|

Re: Trying to solve MS Office bug with document having link to a private ressource in Plone

In reply to this post by Gauthier Bastien-2
Hi,

Word hijacks the connection before it downloads instead of letting it download itself, but Word doesn't have access to the cookies so your existing login isn't honoured. MS is really to blame.
The solution is to change download behaviour to download as an attachment rather than attempt get the application to load it embedded in the browser.
We solved this issue with a patch to the core.
Unfortunately, even though I've tried to get this reviewed and merged for the last couple of months, this hasn't happened.

Sorry it ended up being so many packages but I have tested these changes with 4.1 and it seems to be working.

plone.app.content branch=inlinedisposition
plone.app.blob branch=inlinedisposition
plone.app.z3cform branch=inlinedisposition
z3c.form (master or branch=dictmulti3.0)

Once thats installed you have to run the GS for plone.app.content and then go to site setup > registry > plone.app.content.
>From there set the download behaviour to attachment for everything with a MS mimetype.
Problem solved.

BTW, the reason for half the changes is I implemented z3cform support for zope.schema.interfaces.IDict so any plugin developers that were annoyed like I was that this didn't work, be annoyed no longer.

https://github.com/plone/plone.app.content/tree/inlinedisposition
https://github.com/plone/plone.app.blob/tree/inlinedisposition
https://github.com/plone/plone.app.z3cform/tree/inlinedisposition
https://github.com/zopefoundation/z3c.form



---
Dylan Jay
Technical Solutions Manager
PretaWeb: Multisite Performance Support
P: +612 80819071 | M: +61421477460 | twitter.com/pretaweb | linkedin.com/in/djay75



On 30/05/2013, at 11:00 PM, Gauthier Bastien <[hidden email]> wrote:

> Hi everybody,
>
> we are encoutering the following bug for some of our users : http://support.microsoft.com/kb/899927
>
> It is a MS Office bug, when you have links to private ressources in a web site, an Unauthorized is raised even if you are connected with an account that can actually see the ressource...
>
> So to test :
> - Open your default browser (no matter IE, FF, ...) and connect as admin in a Plone
> - create a private document, you can access it
> - copy the url to this document, keep your brower open
> - paste it into a MS Office Word document
> - click on this link in the Word document (CTRL+click)
> - the link will open in your currently opened browser but you will have an unauthorized no matter your are still connected as admin and you can actually access the ressource...
>
> I do not know the exact details, but while MS Office is sending is request, it is some kind of weird request that do not behind correctly.
>
> Anyway, some of our users have this problem because we develop private applications that produce desktop documents in wich there can be links sometimes...
>
> Does anybody know if something exist in Zope or Plone to solve this?  An existing addon or so?
>
> If not, we will add one but if something exists, it is more simple ;-)
>
> Thank you and have a nice day,
>
> --
> Gauthier Bastien
> <mascotteimio.png>
> Zoning industriel, 34
> 5190 Mornimont
> Tél: 0032(65)32 96 70
> Fax: 0032(65)32 96 79
> [hidden email]
> <logoimio.png>
> La mutualisation informatique
> au service des pouvoirs locaux ------------------------------------------------------------------------------
> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
> Get 100% visibility into your production application - at no cost.
> Code-level diagnostics for performance bottlenecks with <2% overhead
> Download for free and get started troubleshooting in minutes.
> http://p.sf.net/sfu/appdyn_d2d_ap1_______________________________________________
> Plone-developers mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/plone-developers


------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
Gauthier Bastien-2 Gauthier Bastien-2
Reply | Threaded
Open this post in threaded view
|

Re: Trying to solve MS Office bug with document having link to a private ressource in Plone

Hi Dylan,

what we have in the Word document is links to some page of our Plone Site where there is nothing to download but just an online page to read...

So our problem is not only about links to files to download but also to "web pages"...

Does your work is also about this problem?

Thank you,

Gauthier Bastien
Zoning industriel, 34
5190 Mornimont
Tél: 0032(65)32 96 70
Fax: 0032(65)32 96 79
[hidden email]

La mutualisation informatique
au service des pouvoirs locaux
Le 30/05/13 16:09, Dylan Jay a écrit :
Hi,

Word hijacks the connection before it downloads instead of letting it download itself, but Word doesn't have access to the cookies so your existing login isn't honoured. MS is really to blame.
The solution is to change download behaviour to download as an attachment rather than attempt get the application to load it embedded in the browser. 
We solved this issue with a patch to the core.
Unfortunately, even though I've tried to get this reviewed and merged for the last couple of months, this hasn't happened.

Sorry it ended up being so many packages but I have tested these changes with 4.1 and it seems to be working. 

plone.app.content branch=inlinedisposition
plone.app.blob branch=inlinedisposition
plone.app.z3cform branch=inlinedisposition
z3c.form (master or branch=dictmulti3.0)

Once thats installed you have to run the GS for plone.app.content and then go to site setup > registry > plone.app.content.
>From there set the download behaviour to attachment for everything with a MS mimetype.
Problem solved.

BTW, the reason for half the changes is I implemented z3cform support for zope.schema.interfaces.IDict so any plugin developers that were annoyed like I was that this didn't work, be annoyed no longer.

https://github.com/plone/plone.app.content/tree/inlinedisposition
https://github.com/plone/plone.app.blob/tree/inlinedisposition
https://github.com/plone/plone.app.z3cform/tree/inlinedisposition
https://github.com/zopefoundation/z3c.form



---
Dylan Jay
Technical Solutions Manager
PretaWeb: Multisite Performance Support
P: +612 80819071 | M: +61421477460 | twitter.com/pretaweb | linkedin.com/in/djay75



On 30/05/2013, at 11:00 PM, Gauthier Bastien [hidden email] wrote:

Hi everybody,

we are encoutering the following bug for some of our users : http://support.microsoft.com/kb/899927

It is a MS Office bug, when you have links to private ressources in a web site, an Unauthorized is raised even if you are connected with an account that can actually see the ressource...

So to test :
- Open your default browser (no matter IE, FF, ...) and connect as admin in a Plone
- create a private document, you can access it
- copy the url to this document, keep your brower open
- paste it into a MS Office Word document
- click on this link in the Word document (CTRL+click)
- the link will open in your currently opened browser but you will have an unauthorized no matter your are still connected as admin and you can actually access the ressource...

I do not know the exact details, but while MS Office is sending is request, it is some kind of weird request that do not behind correctly.

Anyway, some of our users have this problem because we develop private applications that produce desktop documents in wich there can be links sometimes...

Does anybody know if something exist in Zope or Plone to solve this?  An existing addon or so?

If not, we will add one but if something exists, it is more simple ;-)

Thank you and have a nice day,

-- 
Gauthier Bastien
<mascotteimio.png>
Zoning industriel, 34
5190 Mornimont
Tél: 0032(65)32 96 70
Fax: 0032(65)32 96 79
[hidden email]
<logoimio.png>
La mutualisation informatique
au service des pouvoirs locaux ------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers

    


------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
Baumann Jonas Baumann Jonas
Reply | Threaded
Open this post in threaded view
|

Re: Trying to solve MS Office bug with document having link to a private ressource in Plone

In reply to this post by Gauthier Bastien-2
Hey,

We have the same issue now and then.

The problem is in Office, the first request when clicking a link in a Office document is in a broken session (cookies are not sent as far as I remember).
Since the authentication information is missing you cannot directly solve this on the server side.

One early workaround we implemented was to add a "retry" button to the unauthorized view. This works because the second request contains the original cookies.

But there also seems to be another workaround (didn't test this lately) which involves patching the client Windows Registry.
It depends on the customer whether this can be done or not.


The registry file (patch.reg) could look something like this (although I didn't test it with recent Offices):

------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\11.0\Common\Internet]
"LocationOfComponents"="D:\\"
"ForceShellExecute"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\9.0\Common\Internet]
"LocationOfComponents"="D:\\"
"ForceShellExecute"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\8.0\Common\Internet]
"LocationOfComponents"="D:\\"
"ForceShellExecute"=dword:00000001

------------------------------------------


Hope that helps :-)

Cheers,
Jonas
 

Am 30.05.2013 um 15:58 schrieb Gauthier Bastien <[hidden email]>:

Hi everybody,

we are encoutering the following bug for some of our users : http://support.microsoft.com/kb/899927

It is a MS Office bug, when you have links to private ressources in a web site, an Unauthorized is raised even if you are connected with an account that can actually see the ressource...

So to test :
- Open your default browser (no matter IE, FF, ...) and connect as admin in a Plone
- create a private document, you can access it
- copy the url to this document, keep your brower open
- paste it into a MS Office Word document
- click on this link in the Word document (CTRL+click)
- the link will open in your currently opened browser but you will have an unauthorized no matter your are still connected as admin and you can actually access the ressource...

I do not know the exact details, but while MS Office is sending is request, it is some kind of weird request that do not behind correctly.

Anyway, some of our users have this problem because we develop private applications that produce desktop documents in wich there can be links sometimes...

Does anybody know if something exist in Zope or Plone to solve this?  An existing addon or so?

If not, we will add one but if something exists, it is more simple ;-)

Thank you and have a nice day,

--
Gauthier Bastien
<Mail-Anhang.png>
Zoning industriel, 34
5190 Mornimont
Tél: 0032(65)32 96 70
Fax: 0032(65)32 96 79
[hidden email]
<Mail-Anhang.png>
La mutualisation informatique
au service des pouvoirs locaux


------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers


------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers
Gauthier Bastien-2 Gauthier Bastien-2
Reply | Threaded
Open this post in threaded view
|

Re: Trying to solve MS Office bug with document having link to a private ressource in Plone

Hi,

it is actually that problem, the patch in widows client registry is not an option because this application is used by several people having different levels of skills...

The button seems a good solution, but we will try to solve this using jQuery so the page is automatically refreshed...  Maybe adding a viewlet to the "unauthorized" page...

Thank you for all your responses ;-)

Gauthier Bastien
Zoning industriel, 34
5190 Mornimont
Tél: 0032(65)32 96 70
Fax: 0032(65)32 96 79
[hidden email]

La mutualisation informatique
au service des pouvoirs locaux
Le 30/05/13 17:17, Jonas Baumann a écrit :
Hey,

We have the same issue now and then.

The problem is in Office, the first request when clicking a link in a Office document is in a broken session (cookies are not sent as far as I remember).
Since the authentication information is missing you cannot directly solve this on the server side.

One early workaround we implemented was to add a "retry" button to the unauthorized view. This works because the second request contains the original cookies.

But there also seems to be another workaround (didn't test this lately) which involves patching the client Windows Registry.
It depends on the customer whether this can be done or not.


The registry file (patch.reg) could look something like this (although I didn't test it with recent Offices):

------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\11.0\Common\Internet]
"LocationOfComponents"="D:\\"
"ForceShellExecute"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\9.0\Common\Internet]
"LocationOfComponents"="D:\\"
"ForceShellExecute"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\8.0\Common\Internet]
"LocationOfComponents"="D:\\"
"ForceShellExecute"=dword:00000001

------------------------------------------


Hope that helps :-)

Cheers,
Jonas
 

Am 30.05.2013 um 15:58 schrieb Gauthier Bastien <[hidden email]>:

Hi everybody,

we are encoutering the following bug for some of our users : http://support.microsoft.com/kb/899927

It is a MS Office bug, when you have links to private ressources in a web site, an Unauthorized is raised even if you are connected with an account that can actually see the ressource...

So to test :
- Open your default browser (no matter IE, FF, ...) and connect as admin in a Plone
- create a private document, you can access it
- copy the url to this document, keep your brower open
- paste it into a MS Office Word document
- click on this link in the Word document (CTRL+click)
- the link will open in your currently opened browser but you will have an unauthorized no matter your are still connected as admin and you can actually access the ressource...

I do not know the exact details, but while MS Office is sending is request, it is some kind of weird request that do not behind correctly.

Anyway, some of our users have this problem because we develop private applications that produce desktop documents in wich there can be links sometimes...

Does anybody know if something exist in Zope or Plone to solve this?  An existing addon or so?

If not, we will add one but if something exists, it is more simple ;-)

Thank you and have a nice day,

--
Gauthier Bastien
<Mail-Anhang.png>
Zoning industriel, 34
5190 Mornimont
Tél: 0032(65)32 96 70
Fax: 0032(65)32 96 79
[hidden email]
<Mail-Anhang.png>
La mutualisation informatique
au service des pouvoirs locaux


------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers



------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Plone-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-developers