When I am opening RadGrid Designer page, it is showing me HTTP 403 Forbidden. I have site collection administration permissions.
http://abd-sps-devfe/_layouts/15/Telerik.Ajax.SharePoint/GridWebPartDesigner.aspx
I am using this version Telerik_Web_Parts_For_Sharepoint2013_2015_2_826.
17 Answers, 1 is accepted
We recommend making sure that you have access rights to the _vti_bin folder of the Sharepoint website (as deployed in IIS). Through the IIS Authentuican configuration you can also enable Anonymous Authentication for that folder so the RadGrid's designer web service can be called as expected.
I hope this helps.
Regards,
Marin
Telerik
Hello,
I am also having the same issue as Muhammad. The webpart adds fine to the page but then as I go to open up the RadGrid designer I get an access denied message - please refer to attached screenshot.
I have also check the _vti_bin folder as you recommended and this does in fact have Anonymous Authentication enabled.
Could there be another cause of this error?
Any help is much appreciate, thanks.
Additional information on the error and suggested steps for resolving the problem can be found here:
http://docs.telerik.com/devtools/aspnet-ajax/sharepoint/troubleshooting/web-part-designer
This setup replicates an older Sharepoint 2010 setup with windows authentication enabled, which will ensure that the web part designer loads as expected.
Regards,
Marin
Telerik
It is a matter of permissions configuration, as long as you manage to configure the IIS and sharepoint to provide enough access rights to the GridWebPartDesigner.aspx and the gridbindingservice.svc files (and they are freely accessible when requested through the web part) then you can use any type of authentication suitable in your case.
During our testing we tried different permissions configurations and only the windows authentication option was successful enough - this is the default setup for Sharepoint 2010, so nothing out of the ordinary here, it still provides a good level of security.
Is there any particular reason why you prefer the claims based authentication over windows authentication?
Regards,
Marin
Telerik
Marin a couple of reasons. First it is what MS recommends and is moving to. Second we have a future authentication management tool we are getting that will be using claims.
I am not sure the issue is claims authentication. I have claims setup in our QA region servers and the designer works like a charm there. Also the list view designer works no problem in PRD. It seems to be just the grid designer. It seems odd that it would work fine in QA which is configured the same and was recently refreshed from PRD while PRD does not work. There has to be some setting or permission issue.
Yes, the most likely cause might be some settings or permission issue. You can compare the IIS setup and permissions there for the Sharepoint application and the Telerik.Ajax.Sharepoint folder in the _vti_bin folder in IIS.
Then you can compare the permissions of the current user and authentication settings on both machines in Central Administration as well the setup in the web.config files and the set of enabled SPFeatures for the web parts on both machines.
I hope this helps.
Regards,
Marin
Telerik
Hi Marin,
Any solution for this issue? Do you have any SharePoint 2013 environment with Claim based authentication where you can verify this issue?
When i am accessing /_layouts/15/Telerik.Ajax.SharePoint/GridWebPartDesigner.aspx in Central Administration it is working, Central Administration uses Windows Authentication by default.
Yes, the solution it to use Windows Authentication instead of Claims Based Authentication. We verified the issue on our Sharepoint 2013 setup and we resolved it by turning off the Claims based authentication.
Additional information can be found here:
http://docs.telerik.com/devtools/aspnet-ajax/sharepoint/troubleshooting/web-part-designer
Regards,
Marin
Telerik by Progress
Windows Authenticated is depreciated in SharePoint 2013 and not much recommended by Microsoft. It will be difficult to convince SharePoint Administrator to go against the microsoft recommendations. Do you guys have any plan to support Claim based authentication?
https://technet.microsoft.com/en-us/library/ee806885.aspx
Claims-based authentication is a requirement to enable the advanced functionality of SharePoint 2013. This article explains how to use either Central Administration or Windows PowerShell to create a SharePoint 2013 web application that uses claims-based authentication. Claims-based authentication is a requirement for web applications that are deployed in scenarios that support server-to-server authentication and app authentication. However, this article also provides guidance for using Windows PowerShell to create classic-mode web applications if you have a specific scenario that cannot support claims-based authentication. Be aware that classic-mode authentication is deprecated in this release, and it will not be available in the next version.
We do not enforce using any specific kind of authentication. The web parts and the web part designer also do not rely or require any particular kind of authentication. So you are free to use any configuration you wish.
As I mentioned in one of my previous replies in this thread
The "HTTP 403 Forbidden" is permission configuration error, because the page does not have enough access to the gridbindingservice.svc file that the web part designer uses. Providing enough permissions rights to the the application so it can freely access the designer files will resolve the issue. By no means it is mandatory to change the authentication setting. This is the setting that worked when testing on our environment. Of course Sharepoint provides many different ways to grant permissions to files and folders required by a web part and you are free to use any of them as long as it makes the files accessible on the page.
Regards,
Marin
Telerik by Progress
I get the same 403 error when I try to launch the SPRadGrid Designer.
I have granted Everyone full control over the C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\TEMPLATE\LAYOUTS\Telerik.Ajax.SharePoint folder and also to GridWebPartDesigner.aspx. I have granted Everyone full control over the C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\isapi\Telerik.Ajax.SharePoint folder and also to gridbindingservice.svc. I just don't see how this could be a permissions problem.
The company does not allow me to disable claims authentication.
Yesterday I created a web application using Claims based authentication and tried to access /_layouts/15/Telerik.Ajax.SharePoint/GridWebPartDesigner.aspx page I got access denied, then I turned off claims based authentication and switched to classis windows authentication. After that I can access /_layouts/15/Telerik.Ajax.SharePoint/GridWebPartDesigner.aspx page, no permission changes have been done IIS.
When I look into web.config file in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\isapi\Telerik.Ajax.SharePoint the settings are following which might be causing problem with claim based authentication.
<webHttpBinding>
<binding name="webHttpEndpointBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm"/>
</security>
</binding>
</webHttpBinding>
Telerik support should test this web part in Claims based authentication and provide customers working solution.
Yes, the web.config that comes with the service also specifies the permissions and credentials type of the transport setting through which the service will be accessible. It is indeed very likely that adjusting the transport setting in the we.config for the service to match the configuration on your server might also resolve the problem.
We will also test this on our side, thank you for sharing this information.
Regards,
Marin
Telerik by Progress
I'm afraid there are no planned changes of the grid behavior regarding this matter.
Regards,
Eyup
Progress Telerik