Windows Authentication"

This website contains links to software which is either no longer maintained or will be supported only until the end of 2019 (CKFinder 2). For the latest documentation about current CKSource projects, including software like CKEditor 4/CKEditor 5, CKFinder 3, Cloud Services, Letters, Accessibility Checker, please visit the new documentation website.

If you look for an information about very old versions of CKEditor, FCKeditor and CKFinder check also the CKEditor forum, which was closed in 2015. If not, please head to StackOverflow for support.

(Text proof-reading and formatting)
Line 1: Line 1:
Note: there's still no version of CKFinder released with these changes, but I have to write the explanation somewhere :-)
+
<note>There is still no officially released version of CKFinder that would contain the changes described below.
 +
</note>
  
If you want to use CKFinder for Asp in an environment with Windows Authentication and use Asp.Net to handle the images, then you might need to perform a little adjustment on your side.
+
 
 +
If you want to use CKFinder for ASP.NET in an environment with Windows Authentication and use ASP.NET to handle the images, then you might need to perform a little adjustment on your side.
  
 
== Overview ==
 
== Overview ==
 +
The ASP code of CKFinder calls an ASP.NET page on the same server, so if the server is using some authentication method, we must forward the credentials to this new request. This is done automatically by CKFinder when Basic authentication is used, but for Windows Authentication we must rely on the configuration of the server as explained by Microsoft (see [http://support.microsoft.com/kb/314404/en-us How to forward the Kerberos authentication]).
  
The Asp code of CKFinder calls an Asp.Net page on the same server, so if the server is using some authentication method, we must forward the credentials to this new request. This is done automatically by CKFinder when Basic authentication is used, but for Windows Authentication we must rely on the configuration of the server as explained by Microsoft. [http://support.microsoft.com/kb/314404/en-us How to forward the Kerberos authentication].
+
That is the idea, but surely you do not want to read too much, and you want something that works, so this [http://groups.google.com/group/microsoft.public.xml.msxml-webrelease/msg/cf30bb4d61cbf3fd post shows an easy way].  
 
 
That's the idea, but surely you don't want to read too much, and you want something that works, ok, this [http://groups.google.com/group/microsoft.public.xml.msxml-webrelease/msg/cf30bb4d61cbf3fd post shows an easy way].  
 
  
 
== Solution ==
 
== Solution ==
 +
First run <code>proxycfg</code> to see the current configuration. It should show that there is no proxy configured and there are no servers with direct access.
  
First run '''proxycfg''' to see the current configuration, it should show that there is no proxy configured and no servers with direct access.
+
Now we want to add the domain to the list of direct access and that way the server will forward the authentication credentials. In order to achieve this, run this command:
 
+
<source>
Now we want to add the domain to the list of direct access and that way the server will forward the authentication credentials, run this command:<br>
+
proxycfg -d -p " " "*.domain.com"
'''proxycfg -d -p " " "*.domain.com" ''' <br>
+
</source>
(note that after the -p the first parameter is a quoted space and the second one your domain name).
+
(note that after the <code>-p</code> the first parameter is a quoted space and the second one is your domain name).
  
 
After this step the wizard should be able to pass this test correctly.
 
After this step the wizard should be able to pass this test correctly.

Revision as of 13:30, 7 December 2011

important note

There is still no officially released version of CKFinder that would contain the changes described below.


If you want to use CKFinder for ASP.NET in an environment with Windows Authentication and use ASP.NET to handle the images, then you might need to perform a little adjustment on your side.

Overview

The ASP code of CKFinder calls an ASP.NET page on the same server, so if the server is using some authentication method, we must forward the credentials to this new request. This is done automatically by CKFinder when Basic authentication is used, but for Windows Authentication we must rely on the configuration of the server as explained by Microsoft (see How to forward the Kerberos authentication).

That is the idea, but surely you do not want to read too much, and you want something that works, so this post shows an easy way.

Solution

First run proxycfg to see the current configuration. It should show that there is no proxy configured and there are no servers with direct access.

Now we want to add the domain to the list of direct access and that way the server will forward the authentication credentials. In order to achieve this, run this command:

proxycfg -d -p " " "*.domain.com"

(note that after the -p the first parameter is a quoted space and the second one is your domain name).

After this step the wizard should be able to pass this test correctly.