Windows Authentication requires username and password

Oct 27, 2008 at 5:13 AM
When I uncheck "Anonymous access" in IIS and then run the file upload control, I get prompted for a username and password.  I've given the destination folder write permissions and have tried changing other settings, but cannot get this to go away.  Any ideas?

Thank you.
Coordinator
Oct 27, 2008 at 5:32 AM
This is IIS configuration issue and has nothing to do with the file uploader. If you want non Windows authenticated users to visit the page you have to allow Anonymous access.
Oct 27, 2008 at 5:02 PM
Thank you for your quick response.  I only want Windows authenticated users, however I get prompted for useraname and password for all users, authenticated or not.  I am confused because this doesn't occur when I use the ASP.NET FileUpload control and I assume that it would be using the same server account.  What am I missing?

Have you tested this with using only Windows authentication?  If so, that would tell me that I should be able to get this to work with Windows authentication.

Thanks again.
Coordinator
Oct 27, 2008 at 9:38 PM
No I didn't tested it with Windows authentication.

Did you try setting in Global.asax ?

void Application_BeginRequest(object sender, EventArgs e){
   com.flajaxian.FileUploader.RegisterAspCookies();
}
Oct 27, 2008 at 11:44 PM
Thank you again for your prompt response.

I tried adding the method to the Global.asax, but it didn't fix the problem.  However, I believe the problem has to do with IIS 5.x; the worker process running under the ASPNET account.  The ASPNET account is a local machine account and has no network access. The best the ASPNET account can do is appear as an anonymous user to a remote machine.  While in IIS 6.0, the process runs under the NETWORK SERVICE account. The NETWORK SERVICE account has access to the machine credentials for outbound connections, and will appear to a remote machine as [DomainName]\[ComputerName]$. 

So in a nutshell, I get prompted for a username and password on my dev box (Windows XP, IIS 5.1), but I don't when I deploy it to a Windows 2003 Server box running IIS 6.0. 

Coordinator
Oct 28, 2008 at 12:28 AM
That's interesting to know. Thanks, rderose!
Nov 25, 2008 at 9:13 AM
Edited Nov 25, 2008 at 9:26 AM
Has there been any follow up to this windows auth scenario? 

I'm using the demo provided in documentation to test and whilst it works using anonymous it fails with windows auth.  The exact details are that upon clicking the upload button the progress reaches 99%, then the authentication challenge response dialog appears to which i give my valid credentials and then the page locks IE forever after clicking ok on the dialog.

I must have anonymous turned off for my application in the intranet so I need a resolve to this.  Can someone please test the control with just windows auth to determine what might be wrong?

I should add that I ran this on vista where the app pool accounts were running as Network Service.


Regards
Nov 25, 2008 at 4:51 PM

phillipsma,

That was my experience as well.  If using IIS 5.x, only anonymous turned on will work.  This is because of the ASPNET account issue, see my previous comment.  For IIS 6.x, just make sure that the NETWORK SERVICE account has write access to the upload folder.  If the upload folder is not within the same directory as your web site, then setup a virtual directory that points to the upload folder.  Also, I would get an error if I ran the upload control, with anonymous turned off, directly from the server.  In other words, running it on that machine (localhost).  However, when I run it from a different computer, logged into the domain, it works fine.  Does that make sense?

The bottom line is, it can work with anonymous turned off.  Let me know if you continue to have problems.  I would be happy to share my code.

Coordinator
Nov 25, 2008 at 5:09 PM
It seems that it won't work with the current version. I can check if I can add the authorization header later.
Nov 25, 2008 at 8:44 PM
thanks rderose for your input.  I had taken note of your previous comments to no avail unfortunately.  I haven't tried accessing the site from another machine as i only have the one.  I don't see how accessing from another machine would make a difference in this case.

A also don't think it is a folder ACL issue as I get the same issue with no SaveAdapter specified.

Thanks flajaxian for testing this to determine where the problem lies.  I hope to hear from you soon.
Nov 25, 2008 at 11:40 PM

phillipsma

Just so we are on the same page, if I log onto the server; browse to my web app via localhost, I’ll get the error you describe when using the upload control.  However, if I browse to my web app via my desktop PC, it works fine.  Frankly, I don’t understand why it works, but it does.  However, obviously this is not helpful if you are only going to use one machine.

If this hadn’t worked, I was going to create a new web site just for the upload control, allowing anonymous access, and then just pass the authentication status in a session variable between the two apps.

Nov 26, 2008 at 12:31 AM
Hi rderose,

It does work when testing from another machine as you suggest - found another machine - so it's just an issue from a development perspective, i.e. I cannot test all code locally.  It does mean that all is good for production though which was my main concern.

In the 2 site example how can the anonymous site be authenticating the calling user's domain credentials?  I need to use authorisation (role based security) so need the domain user, not the IUSR account.  If I've missunderstood please explain further.

Regards,
Nov 26, 2008 at 4:23 AM
Hi phillipsma

I am glad you got it working.  Regarding the 2 site example, I was thinking I could have a web site (MyUploadApp) that would only be responsible for uploading files.  So let's say MyWebApp would authenticate and authorize the user; stored some security data in a database table and then passed the record guid to MyUploadApp.  MyUploadApp could then look up that record and confirm that the user is authenticated and authorized. 
Jan 19, 2009 at 6:11 PM
I missed this dicussion, however I am experiencing the same issue that phillipsma was experiencing.  rderose's fix works when I browse to the actual server name (e.g. http://myserver/default.aspx), but I get the same error when I use the domain url (e.g. http://mydomain.com/default.aspx).

Windows authentication is pretty common, is there a work around or hotfix for this?  Any ideas?

Other than that, this upload control works great.  I really hope there is a solution for this.
Jan 19, 2009 at 6:17 PM
I discovered this same issue when I tried to create a vanity url.  The other thing that I am unable to do is upload the files to a mapped drive using Windows Authentication.
Apr 9, 2009 at 2:58 PM
<style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} @page Section1 {size:612.0pt 792.0pt; margin:70.85pt 3.0cm 70.85pt 3.0cm; mso-header-margin:36.0pt; mso-footer-margin:36.0pt; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style>

Folks!!!

There is a way to solver this problem, it is a kind of cheat, however it's work for me, maybe can work for you.
Who solved this it what my boss.

My scenario:

- ISS 6.0
- One application in the server.
- It has a virtual directory where the main application is located.
- All the directory needs to be authenticated, this is set in ISS, the access anonymous is set false.

 




What we did was create another application (another virtual directory in the root) and there we do not use Win. Authe. and put flajax in default.aspx by i.e, but why we did this?

 It’s simple, in the page where we want to use the component (main application), we call a frame (frame is sucks, I know) and in the src of the frame we call the page (the temp application) that has the component. It is possible to save the file in any directory in the root. This work a kind of temp system that simulates the upload as if was in the main app.

Notice that all the bin (temp app), the bin (true app), the temp app, the directory where you want to upload the files, need to have anonymous authentication on ISS.

We need to save the files in different folders  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="ProgId" content="Word.Document" /> <meta name="Generator" content="Microsoft Word 11" /> <meta name="Originator" content="Microsoft Word 11" /> <link rel="File-List" href="file:///C:%5CDOCUME%7E1%5Ckenji%5CCONFIG%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml" /><!--[if gte mso 9]><xml> <w:WordDocument> <w:View>Normal</w:View> <w:Zoom>0</w:Zoom> <w:HyphenationZone>21</w:HyphenationZone> <w:PunctuationKerning/> <w:ValidateAgainstSchemas/> <w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid> <w:IgnoreMixedContent>false</w:IgnoreMixedContent> <w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> <w:DontGrowAutofit/> </w:Compatibility> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:LatentStyles DefLockedState="false" LatentStyleCount="156"> </w:LatentStyles> </xml><![endif]--> <style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} @page Section1 {size:612.0pt 792.0pt; margin:70.85pt 3.0cm 70.85pt 3.0cm; mso-header-margin:36.0pt; mso-footer-margin:36.0pt; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tabela normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]-->dynamically for which user. We find a way to do this,  it was a little hard ;[

 I’ll post the code, and I hope this helps.

Sorry for bad English. It isn’t my native language.


//********************************************************************************************
temp app


default

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<%@ Register TagPrefix="fjx" Namespace="com.flajaxian" Assembly="com.flajaxian.FileUploader" %>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
    <title>Upload</title>
</head>
<body style="background-color: transparent;" >
    <form id="form1" runat="server">
    <div>
     <asp:Panel ID="pnlUpload" runat="server" ></asp:Panel>
    </div>
    </form>
</body>
</html>

code behind
**caminho(Pt-br) means path

using System;
using System.Collections.Generic;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using com.flajaxian;
using System.IO;

public partial class _Default : System.Web.UI.Page
{


    protected void Page_PreInit(object sernder, EventArgs e)
    {
        
        string sessao = Request.QueryString["sessao"];
        string caminho = "";
        
        if ((sessao != null) && (sessao != ""))
        {
            Session.Add("sessaoExtranet", sessao);
        }
        
        caminho = "/uploadFlash/uploadFolder/" + Session.Contents["sessaoExtranet"].ToString();

        //Aspbrasil.Util.debug(caminho, "caminho.txt");

        if (!Directory.Exists(Server.MapPath(caminho)))
        {
            Directory.CreateDirectory(Server.MapPath(caminho));
        }

        FileSaverAdapter ctrFileSaveAdapter = new FileSaverAdapter();
        ctrFileSaveAdapter.FolderName = caminho;
        
        FileUploader ctrFileUploader = new FileUploader();
        ctrFileUploader.Adapters.Add(ctrFileSaveAdapter);

        pnlUpload.Controls.Add(ctrFileUploader);

        
    }
    protected void Page_Load(object sender, EventArgs e)
    {
        
    }
}

//*********************************************************************************************************


The main application


<div id="upload" style="position:absolute; z-index:500; background-color:Transparent; margin-top:0;">
                                                                                    <iframe src="/uploadFlash/Default.aspx?sessao=<%=Session.SessionID %>" width=280 height=280 frameborder=0 scrolling=no allowtransparency="true" >
                                                                                    </iframe>
                                                                                </div>

//*********************************************************************************************************

Notice: this works fine to me and was a way to "decive" the windows authentication


Bye guys !!!




Apr 9, 2009 at 3:04 PM
office suck, sorry guys



 

Folks!!!

There is a way to solver this problem, it is a kind of cheat, however it's work for me, maybe can work for you.
Who solved this it what my boss.

My scenario:

- ISS 6.0
- One application in the server.
- It has a virtual directory where the main application is located.
- All the directory needs to be authenticated, this is set in ISS, the access anonymous is set false.

 




What we did was create another application (another virtual directory in the root) and there we do not use Win. Authe. and put flajax in default.aspx by i.e, but why we did this?

 It’s simple, in the page where we want to use the component (main application), we call a frame (frame is sucks, I know) and in the src of the frame we call the page (the temp application) that has the component. It is possible to save the file in any directory in the root. This work a kind of temp system that simulates the upload as if was in the main app.

Notice that all the bin (temp app), the bin (true app), the temp app, the directory where you want to upload the files, need to have anonymous authentication on ISS.

We need to save the files in different folders
 
 
dynamically for which user. We find a way to do this,  it was a little hard ;[

 I’ll post the code, and I hope this helps.

Sorry for bad English. It isn’t my native language.


//********************************************************************************************
temp app


default

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<%@ Register TagPrefix="fjx" Namespace="com.flajaxian" Assembly="com.flajaxian.FileUploader" %>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
    <title>Upload</title>
</head>
<body style="background-color: transparent;" >
    <form id="form1" runat="server">
    <div>
     <asp:Panel ID="pnlUpload" runat="server" ></asp:Panel>
    </div>
    </form>
</body>
</html>

code behind
**caminho(Pt-br) means path

using System;
using System.Collections.Generic;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using com.flajaxian;
using System.IO;

public partial class _Default : System.Web.UI.Page
{


    protected void Page_PreInit(object sernder, EventArgs e)
    {
        
        string sessao = Request.QueryString["sessao"];
        string caminho = "";
        
        if ((sessao != null) && (sessao != ""))
        {
            Session.Add("sessaoExtranet", sessao);
        }
        
        caminho = "/uploadFlash/uploadFolder/" + Session.Contents["sessaoExtranet"].ToString();

        //Aspbrasil.Util.debug(caminho, "caminho.txt");

        if (!Directory.Exists(Server.MapPath(caminho)))
        {
            Directory.CreateDirectory(Server.MapPath(caminho));
        }

        FileSaverAdapter ctrFileSaveAdapter = new FileSaverAdapter();
        ctrFileSaveAdapter.FolderName = caminho;
        
        FileUploader ctrFileUploader = new FileUploader();
        ctrFileUploader.Adapters.Add(ctrFileSaveAdapter);

        pnlUpload.Controls.Add(ctrFileUploader);

        
    }
    protected void Page_Load(object sender, EventArgs e)
    {
        
    }
}

//*********************************************************************************************************


The main application


<div id="upload" style="position:absolute; z-index:500; background-color:Transparent; margin-top:0;">
    <iframe src="/uploadFlash/Default.aspx?sessao=<%=Session.SessionID %>" width=280 height=280 frameborder=0 scrolling=no allowtransparency="true" >
    </iframe>
</div>

//*********************************************************************************************************

Notice: this works fine to me and was a way to "decive" the windows authentication


Bye guys !!!





Apr 28, 2011 at 3:26 PM

Hi Guys,

I am having the some problem and I am not using a adapter. It works fine when my site address is something like http://sitename, but does not work when it is http://sitename:1234. Taking a look at IIS log, I figured out that FileUploader is acessing IIS anonymously in the second case. I coud not determine why it is baving like that. Both web applications are configured to accept only integrated Windows authentication.

May 4, 2011 at 5:04 PM
Edited May 4, 2011 at 5:07 PM

Hi Guys,

I am having Login prompt problem with this control. I have 2 domains. My PC is in one domain and web server is in another domain, both are under local intranet. I am using windows authentication.

When I run this web loader app from my local machine. it runs perfectly. I only get login prompts when I access the this deployed web app from web server which is in another domain.

How do I solve this? Please help its urgent. I already spent 2-3 days working on the solutions provided above.  

What settings do I need to do to avoid this login prompt?