Windows Authentication"

This website contains links to software which is either no longer maintained or will be supported only until the end of 2019 (CKFinder 2). For the latest documentation about current CKSource projects, including software like CKEditor 4/CKEditor 5, CKFinder 3, Cloud Services, Letters, Accessibility Checker, please visit the new documentation website.

If you look for an information about very old versions of CKEditor, FCKeditor and CKFinder check also the CKEditor forum, which was closed in 2015. If not, please head to StackOverflow for support.

Line 3: Line 3:
 
If you want to use CKFinder for Asp in an environment with Windows Authentication and use Asp.Net to handle the images, then you might need to perform a little adjustment on your side.
 
If you want to use CKFinder for Asp in an environment with Windows Authentication and use Asp.Net to handle the images, then you might need to perform a little adjustment on your side.
  
Overview:
+
== Overview ==
The Asp code of CKFinder calls an Asp.Net page on the same server, so if the server is using some authentication method, we must forward the credentials to this new request. This is done automatically by CKFinder when Basic authentication is needed, but for Windows Authentication we must rely on the configuration of the server as explained by Microsoft. [http://support.microsoft.com/kb/314404/en-us How to forward the Kerberos authentication].
+
 
 +
The Asp code of CKFinder calls an Asp.Net page on the same server, so if the server is using some authentication method, we must forward the credentials to this new request. This is done automatically by CKFinder when Basic authentication is used, but for Windows Authentication we must rely on the configuration of the server as explained by Microsoft. [http://support.microsoft.com/kb/314404/en-us How to forward the Kerberos authentication].
  
 
That's the idea, but surely you don't want to read too much, and you want something that works, ok, this [http://groups.google.com/group/microsoft.public.xml.msxml-webrelease/msg/cf30bb4d61cbf3fd post shows an easy way].  
 
That's the idea, but surely you don't want to read too much, and you want something that works, ok, this [http://groups.google.com/group/microsoft.public.xml.msxml-webrelease/msg/cf30bb4d61cbf3fd post shows an easy way].  
If you just login to your server and run
+
 
{{{proxycfg -d -p " " "*" }}}
+
== Solution ==
then the wizard should be able to run correctly.
+
 
 +
First run '''proxycfg''' to see the current configuration, it should show that there is no proxy configured and no servers with direct access.
 +
 
 +
Now we want to add the domain to the list of direct access and that way the server will forward the authentication credentials, run this command:<br>
 +
'''proxycfg -d -p " " "*.domain.com" ''' <br>
 +
(note that after the -p the first parameter is a quoted space and the second one your domain name).
 +
 
 +
After this step the wizard should be able to pass this test correctly.

Revision as of 22:41, 6 December 2011

Note: there's still no version of CKFinder released with these changes, but I have to write the explanation somewhere :-)

If you want to use CKFinder for Asp in an environment with Windows Authentication and use Asp.Net to handle the images, then you might need to perform a little adjustment on your side.

Overview

The Asp code of CKFinder calls an Asp.Net page on the same server, so if the server is using some authentication method, we must forward the credentials to this new request. This is done automatically by CKFinder when Basic authentication is used, but for Windows Authentication we must rely on the configuration of the server as explained by Microsoft. How to forward the Kerberos authentication.

That's the idea, but surely you don't want to read too much, and you want something that works, ok, this post shows an easy way.

Solution

First run proxycfg to see the current configuration, it should show that there is no proxy configured and no servers with direct access.

Now we want to add the domain to the list of direct access and that way the server will forward the authentication credentials, run this command:
proxycfg -d -p " " "*.domain.com"
(note that after the -p the first parameter is a quoted space and the second one your domain name).

After this step the wizard should be able to pass this test correctly.