Note: there's still no version of CKFinder released with these changes, but I have to write the explanation somewhere :-)
If you want to use CKFinder for Asp in an environment with Windows Authentication and use Asp.Net to handle the images, then you might need to perform a little adjustment on your side.
Overview
The Asp code of CKFinder calls an Asp.Net page on the same server, so if the server is using some authentication method, we must forward the credentials to this new request. This is done automatically by CKFinder when Basic authentication is used, but for Windows Authentication we must rely on the configuration of the server as explained by Microsoft. How to forward the Kerberos authentication.
That's the idea, but surely you don't want to read too much, and you want something that works, ok, this post shows an easy way.
Solution
First run proxycfg to see the current configuration, it should show that there is no proxy configured and no servers with direct access.
Now we want to add the domain to the list of direct access and that way the server will forward the authentication credentials, run this command:
proxycfg -d -p " " "*.domain.com"
(note that after the -p the first parameter is a quoted space and the second one your domain name).
After this step the wizard should be able to pass this test correctly.