I have an issue where when streaming office documents from SQL Server, an authentication dialog prompts for credentials even though the user has been authenticated via basic auth in the browser. Clicking cancel on the auth dialog still allows the document to open properly.
The goal is to prevent the auth dialog from displaying. The Web Server sits in our DMZ and the SQL Server box sits internal to the organization. In Active Directory in our Dev environment I have been able to change the web server delegation to kerberos (trust this computer to any servers) and the auth dialog goes away. My concern is whether this is the right approach from a security perspective. What is the right and most secure way to prevent the auth dialog, whatever approach will need to be justified with our operations team.
Here are the response header and code currently being applied (in C#), potentially office documents may have additional requirements that I have not configured correctly.
byte[] b = rda.Attachment;
Response.ClearContent();
Response.ClearHeaders();
Response.AppendHeader("Content-Disposition", "filename=" + rda.UploadedFilename);
Response.ContentType = mime;
Response.BinaryWrite(b);
Response.End();
return File(b, mime);
Any thoughts would be helpful.
