Recently I had a request to show display a document in an iframe using Office Web Apps in SharePoint 2013. Pretty straightforward. In fact, Office Web Apps makes this easy. If you click the File tab in the ribbon > Share > and Embed the iframe html is right there for you.The iframe src attribute will look something like ‘http://yoursite/_layouts/15/WopiFrame.aspx?sourcedoc=blahblah&action=embedview.’ Sweet!
I used the code as is and thing worked great…I thought. Randomly I would get a message stating “Sorry, you don’t have access to this page.”
That was strange given that I am the administrator. The ULS logs revealed something more frightening:
Non-OAuth request. IsAuthenticated=False, UserIdentityName=, ClaimsCount=0
SPShareByLinkHandler.Initialize : Not a ShareByLink request – missing access token
WopiFrame: User does not have access to document. Action is EmbedView.
System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0×80070005 (E_ACCESSDENIED))
SharePoint was treating my like an anonymous user. This led me to inspect the wopiframe.aspx page in reflector and I noitced that it inherits from UnsecuredLayoutsPageBase.
The UnsecuredLayoutsPageBase is designed for anonymous users. Unlike most application pages, those inheriting this base clase do NOT force the user to authenticate. Great if your site allows anonymous access. Not so great if your site doesn’t allow anonymous access, like mine. At the same time, I noticed there was a class named WOPIFrame2 (and page named WOPIFrame2.aspx). Turns out this page inherits from LayoutsPageBase!
I started using the WopiFrame2.aspx page and all is well.
Around the same time I began to notice that I’d hover over a document in search and instead of getting the Office Web Apps preview I got “To start seeing previews, please log on by opening the document.” Turns out the two are related: http://www.wictorwilen.se/an-explanation-to-to-start-seeing-previews-please-log-on-by-opening-the-document-in-sharepoint-2013