We use webdav servlet <https://github.com/apache/tomcat/blob/main/java/org/apache/catalina/servlets/WebdavServlet.java> to enable editing docx documents. We also use the ms-word:ofe|u| https://www.example.com/document.docx scheme in our application to be able to edit documents. The Office URI Scheme documentation <https://learn.microsoft.com/en-us/office/client-developer/office-uri-schemes> contains a "Security Considerations" section for all schemes. These sections describe the need to guard against opening documents from untrusted remote systems.
We have tried enabling basic AUTH to secure documents, which is probably not the best approach since credentials will constantly be moving over the network, but this is just for testing to understand how it works. When we try to open a protected document in Word, we see a form asking for credentials. [image: image.png] However, the entered credentials do not affect the application request, and the request still does not contain an authorization header. How to properly implement document protection and how to make it so that Word client can log in in the appropriate way? Thanks in advance for your help!