Access Denied RadGrid Designer

15 posts, 0 answers
  1. Muhammad
    Muhammad avatar
    5 posts
    Member since:
    Aug 2015

    Posted 02 Sep 2015 Link to this post

    When I am opening RadGrid Designer page, it is showing me HTTP 403 Forbidden. I have site collection administration permissions.

    http://abd-sps-devfe/_layouts/15/Telerik.Ajax.SharePoint/GridWebPartDesigner.aspx

    I am using this version Telerik_Web_Parts_For_Sharepoint2013_2015_2_826.

     

  2. Marin
    Admin
    Marin avatar
    1044 posts

    Posted 07 Sep 2015 Link to this post

    Hello,

    We recommend making sure that you have access rights to the _vti_bin folder of the Sharepoint website (as deployed in IIS). Through the IIS Authentuican configuration you can also enable Anonymous Authentication for that folder so the RadGrid's designer web service can be called as expected.

    I hope this helps.

    Regards,
    Marin
    Telerik
     
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
     

  3. Owen
    Owen avatar
    2 posts
    Member since:
    Sep 2014

    Posted 01 Mar in reply to Marin Link to this post

    Hello,

    I am also having the same issue as Muhammad. The webpart adds fine to the page but then as I go to open up the RadGrid designer I get an access denied message - please refer to attached screenshot.

    I have also check the _vti_bin folder as you recommended and this does in fact have Anonymous Authentication enabled. 

    Could there be another cause of this error?

    Any help is much appreciate, thanks.

  4. Marin
    Admin
    Marin avatar
    1044 posts

    Posted 01 Mar Link to this post

    Hi,

    Additional information on the error and suggested steps for resolving the problem can be found here:
    http://docs.telerik.com/devtools/aspnet-ajax/sharepoint/troubleshooting/web-part-designer

    This setup replicates an older Sharepoint 2010 setup with windows authentication enabled, which will ensure that the web part designer loads as expected.


    Regards,
    Marin
    Telerik
     
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
     
  5. James Daresta
    James Daresta avatar
    59 posts
    Member since:
    Sep 2009

    Posted 16 Mar in reply to Marin Link to this post

    According to the link Marin we have to turn off claims based authentication? What if that is not an option? Is there no workaround?
  6. Marin
    Admin
    Marin avatar
    1044 posts

    Posted 17 Mar Link to this post

    Hello,

    It is a matter of permissions configuration, as long as you manage to configure the IIS and sharepoint to provide enough access rights to the GridWebPartDesigner.aspx and the gridbindingservice.svc files (and they are freely accessible when requested through the web part) then you can use any type of authentication suitable in your case.
    During our testing we tried different permissions configurations and only the windows authentication option was successful enough - this is the default setup for Sharepoint 2010, so nothing out of the ordinary here, it still provides a good level of security.
    Is there any particular reason why you prefer the claims based authentication over windows authentication?

    Regards,
    Marin
    Telerik
     
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
     
  7. James Daresta
    James Daresta avatar
    59 posts
    Member since:
    Sep 2009

    Posted 17 Mar in reply to Marin Link to this post

    Marin a couple of reasons. First it is what MS recommends and is moving to. Second we have a future authentication management tool we are getting that will be using claims.

    I am not sure the issue is claims authentication. I have claims setup in our QA region servers and the designer works like a charm there. Also the list view designer works no problem in PRD. It seems to be just the grid designer. It seems odd that it would work fine in QA which is configured the same and was recently refreshed from PRD while PRD does not work. There has to be some setting or permission issue.

  8. Marin
    Admin
    Marin avatar
    1044 posts

    Posted 17 Mar Link to this post

    Hello,

    Yes, the most likely cause might be some settings or permission issue. You can compare the IIS setup and permissions there for the Sharepoint application and the Telerik.Ajax.Sharepoint folder in the _vti_bin folder in IIS.
    Then you can compare the permissions of the current user and authentication settings on both machines in Central Administration as well the setup in the web.config files and the set of enabled SPFeatures for the web parts on both machines.

    I hope this helps.

    Regards,
    Marin
    Telerik
     
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
     
  9. Muhammad
    Muhammad avatar
    5 posts
    Member since:
    Aug 2015

    Posted 28 Sep in reply to Marin Link to this post

    Hi Marin,

    Any solution for this issue? Do you have any SharePoint 2013 environment with Claim based authentication where you can verify this issue?

    When i am accessing /_layouts/15/Telerik.Ajax.SharePoint/GridWebPartDesigner.aspx in Central Administration it is working, Central Administration uses Windows Authentication by default.

     

  10. Marin
    Admin
    Marin avatar
    1044 posts

    Posted 28 Sep Link to this post

    Hello,

    Yes, the solution it to use Windows Authentication instead of Claims Based Authentication. We verified the issue on our Sharepoint 2013 setup and we resolved it by turning off the Claims based authentication.
    Additional information can be found here:
    http://docs.telerik.com/devtools/aspnet-ajax/sharepoint/troubleshooting/web-part-designer

    Regards,
    Marin
    Telerik by Progress
     
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
     
  11. Muhammad
    Muhammad avatar
    5 posts
    Member since:
    Aug 2015

    Posted 03 Oct in reply to Marin Link to this post

    Windows Authenticated is depreciated in SharePoint 2013 and not much recommended by Microsoft. It will be difficult to convince SharePoint Administrator to go against the microsoft recommendations. Do you guys have any plan to support Claim based authentication?

    https://technet.microsoft.com/en-us/library/ee806885.aspx

    Claims-based authentication is a requirement to enable the advanced functionality of SharePoint 2013. This article explains how to use either Central Administration or Windows PowerShell to create a SharePoint 2013 web application that uses claims-based authentication. Claims-based authentication is a requirement for web applications that are deployed in scenarios that support server-to-server authentication and app authentication. However, this article also provides guidance for using Windows PowerShell to create classic-mode web applications if you have a specific scenario that cannot support claims-based authentication. Be aware that classic-mode authentication is deprecated in this release, and it will not be available in the next version.

  12. Marin
    Admin
    Marin avatar
    1044 posts

    Posted 03 Oct Link to this post

    Hello,

    We do not enforce using any specific kind of authentication. The web parts and the web part designer also do not rely or require any particular kind of authentication. So you are free to use any configuration you wish. 
    As I mentioned in one of my previous replies in this thread
    The "HTTP 403 Forbidden" is permission configuration error, because the page does not have enough access to the gridbindingservice.svc file that the web part designer uses. Providing enough permissions rights to the the application so it can freely access the designer files will resolve the issue. By no means it is mandatory to change the authentication setting. This is the setting that worked when testing on our environment. Of course Sharepoint provides many different ways to grant permissions to files and folders required by a web part and you are free to use any of them as long as it makes the files accessible on the page.

    Regards,
    Marin
    Telerik by Progress
     
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
     
  13. Leigh
    Leigh avatar
    1 posts
    Member since:
    Aug 2011

    Posted 19 Oct in reply to Marin Link to this post

    I get the same 403 error when I try to launch the SPRadGrid Designer.

    I have granted Everyone full control over the C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\TEMPLATE\LAYOUTS\Telerik.Ajax.SharePoint folder and also to GridWebPartDesigner.aspx. I have granted Everyone full control over the C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\isapi\Telerik.Ajax.SharePoint folder and also to gridbindingservice.svc. I just don't see how this could be a permissions problem.

    The company does not allow me to disable claims authentication.

     

  14. Muhammad
    Muhammad avatar
    5 posts
    Member since:
    Aug 2015

    Posted 19 Oct Link to this post

    Yesterday I created a web application using Claims based authentication and tried to access /_layouts/15/Telerik.Ajax.SharePoint/GridWebPartDesigner.aspx page I got access denied, then I turned off claims based authentication and switched to classis windows authentication. After that I can access  /_layouts/15/Telerik.Ajax.SharePoint/GridWebPartDesigner.aspx page, no permission changes have been done IIS.

     

    When I look into web.config file in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\isapi\Telerik.Ajax.SharePoint the settings are following which might be causing problem with claim based authentication.

    <webHttpBinding>
            <binding name="webHttpEndpointBinding">
              <security mode="TransportCredentialOnly">
                <transport clientCredentialType="Ntlm"/>
              </security>
            </binding>
          </webHttpBinding>

     

    Telerik support should test this web part in Claims based authentication and provide customers working solution.

  15. Marin
    Admin
    Marin avatar
    1044 posts

    Posted 19 Oct Link to this post

    Hello,

    Yes, the web.config that comes with the service also specifies the permissions and credentials type of the transport setting through which the service will be accessible. It is indeed very likely that adjusting the transport setting in the we.config for the service to match the configuration on your server might also resolve the problem.
    We will also test this on our side, thank you for sharing this information.

    Regards,
    Marin
    Telerik by Progress
     
    If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to their blog feed now.
     
Back to Top