This one was bugging me for a long time but I never really had time to solve it for myself until I had to solve it for a customer, how typical for me :)
Consider a following scenario:
- Sharepoint site is published through ISA/TMG server
- The user authenticates to the published site using Basic authentication (popup window appears)
- When the user tries to open a document from a document library he needs to authenticate again, sometimes even multiple times
- If the user accesses the Sharepoint site directly, from inside the network, he experience no issues
This persistent cookie sharing between IE and Office applications is described here in more detail:
So how do we get the persistent cookie from site published through ISA/TMG server?
Complete the following steps:
- Switch from Basic authentication in ISA/TMG listener to Forms-based authentication
- Turn the Persistent cookies support on ISA/TMG listener
- Add the site to the Trusted Sites list in Internet Explorer client
- If we are using Internet Explorer 7/8 we also need to turn of "Protected Mode" for Trusted Sites (it should be off by default
For detailed steps on how to turn on "Persistent Cookies" on ISA/TMG listener please visit this blog:http://blogs.microsoft.co.il/blogs/oshria/archive/2009/02/16/how-to-configure-persistence-cookies-in-isa-2006.aspx
You will notice one more thing and that is if you exit the Internet Explorer window without first logging off from the Sharepoint site, when you visit the same site again you will not be presented with the Forms-based authetication window but instead you will be automatically authenticated to the site. This is because cookie is "persistent" and it will only be deleted if you explicitly log off or until the the cookie times out. On ISA/TMG listener you have an option to use persistent cookies "Only on private computers" or "On all computers" which is an option that you choose when you enter your credentials on the Forms-based authentication window and you can additionally set the timeout in minutes separately for Public and Private computers.