Windows Authentication

This website contains links to software which is either no longer maintained or will be supported only until the end of 2019 (CKFinder 2). For the latest documentation about current CKSource projects, including software like CKEditor 4/CKEditor 5, CKFinder 3, Cloud Services, Letters, Accessibility Checker, please visit the new documentation website.

If you look for an information about very old versions of CKEditor, FCKeditor and CKFinder check also the CKEditor forum, which was closed in 2015. If not, please head to StackOverflow for support.

important note

There is still no officially released version of CKFinder that would contain the changes described below.

If you want to use CKFinder for ASP in an environment with Windows Authentication and use ASP.NET to handle the images, then you might need to perform a little adjustment on your side.


The ASP code of CKFinder calls an ASP.NET page on the same server, so if the server is using some authentication method, we must forward the credentials to this new request. This is done automatically by CKFinder when Basic authentication is used, but for Windows Authentication we must rely on the configuration of the server as explained by Microsoft (see How to forward the Kerberos authentication).

That is the idea, but surely you do not want to read too much, and you want something that works, so this post shows an easy way.


First run proxycfg to see the current configuration. It should show that there is no proxy configured and there are no servers with direct access.

Now we want to add the domain to the list of direct access and that way the server will forward the authentication credentials. In order to achieve this, run this command:

proxycfg -d -p " " "*"

(note that after the -p the first parameter is a quoted space and the second one is your domain name).

After this step the wizard should be able to pass this test correctly.

This page was last edited on 2 January 2012, at 14:49.