AsyncUploader Issue

6 posts, 0 answers
  1. YOUNGKON
    YOUNGKON avatar
    4 posts
    Member since:
    Jan 2014

    Posted 23 Apr 2014 Link to this post

    When I attempted to execute the url http://XXX.XXX/Telerik.Web.UI.WebResource.axd?type=rau 
    directly I got the message:
    { "message" : "RadAsyncUpload handler is registered succesfully, however, it may not be accessed directly." }

    This message need to stopped on direct access. Pls help
  2. Princy
    Princy avatar
    17421 posts
    Member since:
    Mar 2007

    Posted 23 Apr 2014 in reply to YOUNGKON Link to this post

    Hi YOUNGKON,

    Please have a look into this forum thread which discuss about the same scenario. 

    Hope this will helps you.
    Thanks,
    Princy.

  3. UI for ASP.NET Ajax is Ready for VS 2017
  4. YOUNGKON
    YOUNGKON avatar
    4 posts
    Member since:
    Jan 2014

    Posted 23 Apr 2014 in reply to Princy Link to this post

    I tired four options like below, nothing helpful. Still i see that message. I dont want that message to be displayed. SInce my project is failed on QA only becuase of this message. try to help me asap

    Option 1:

    <handlers> 
     <add name="Telerik_Web_UI_WebResource_axd"  path="Telerik.Web.UI.WebResource.axd" verb="*" type="Telerik.Web.UI.WebResource, Telerik.Web.UI, Version=2013.3.1114.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4" /> 
        </handlers>

    Option 2:
    <handlers> 
    <add name="Telerik.Web.UI.WebResource"  path="Telerik.Web.UI.WebResource.axd" verb="*" type="Telerik.Web.UI.WebResource, Telerik.Web.UI, Version=2013.3.1114.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4" />
        </handlers>

    Option 3:<httpHandlers><add path="Telerik.Web.UI.WebResource.axd" verb="*" type="Telerik.Web.UI.WebResource, Telerik.Web.UI, Version=2013.3.1114.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4" />

        </httpHandlers>

    Option 4:<httpHandlers><add name="Telerik.Web.UI.WebResource" path="Telerik.Web.UI.WebResource.axd" verb="*" type="Telerik.Web.UI.WebResource, Telerik.Web.UI, Version=2013.3.1114.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4" />

        </httpHandlers>





  5. Hristo Valyavicharski
    Admin
    Hristo Valyavicharski avatar
    975 posts

    Posted 28 Apr 2014 Link to this post

    Hi YOUNGKON,

    To prevent direct calling your website needs to be password protected. For example this code allow the handler calling when the site has authentication:

    <location path="Telerik.Web.UI.WebResource.axd">  
        <system.web>      
            <authorization>
                <allow users="*" />      
            </authorization>  
        </system.web>
    </location>

    so be sure that you don't have this code in your web.config. Or try to add this:
    <location path="Telerik.Web.UI.WebResource.axd">  
        <system.web>      
            <authorization>
                <allow users="?" />      
                <deny users="*" />      
            </authorization>  
        </system.web>
    </location>


    Regards,
    Hristo Valyavicharski
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
  6. YOUNGKON
    YOUNGKON avatar
    4 posts
    Member since:
    Jan 2014

    Posted 29 Apr 2014 in reply to Hristo Valyavicharski Link to this post

    <location path="Telerik.Web.UI.WebResource.axd">      <system.web>              <authorization>            <allow users="?" />                  <deny users="*" />              </authorization>      </system.web></location>
    This works fine. But when i implement this on web.config.

    Normal registration form which is normally accessed by non users, start to face issue onCaptcha. Captcha doesnt load its image.


     <telerik:RadCaptcha ID="RadCaptcha1" runat="server"   ValidationGroup="SubmitInfo"  onkeydown = "return (event.keyCode!=13);"  
                           CaptchaTextBoxCssClass="inputsty1" ErrorMessage="The code you entered is not valid." Display="Dynamic" ProtectionMode="Captcha" Width="140px" Height="100px"> 
                             </telerik:RadCaptcha>.
  7. Hristo Valyavicharski
    Admin
    Hristo Valyavicharski avatar
    975 posts

    Posted 01 May 2014 Link to this post

    Hi,

    This handler Telerik.Web.UI.WebResource.axd serves all resources scripts, styles, images for all Telerik controls including the Captcha. That's why it must be accessible if you plan to have a page with telerik controls for anonymous users.

    Handler with query string parameter ?type=rau  is the upload handler. What are your concerns? Are you worried that someone can make a post request to this handler and upload a file wrongfully into the Temp Folder?

    You may try to configure the AsyncUpload to use a Custom Handler and forbid it for authenticated users.

    Regards,
    Hristo Valyavicharski
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
Back to Top
UI for ASP.NET Ajax is Ready for VS 2017