directly I got the message:
{ "message" : "RadAsyncUpload handler is registered succesfully, however, it may not be accessed directly." }
This message need to stopped on direct access. Pls help
10 Answers, 1 is accepted
Rank 2
Please have a look into this forum thread which discuss about the same scenario.
Hope this will helps you.
Thanks,
Princy.
Rank 1
Option 1:
<handlers>
<add name="Telerik_Web_UI_WebResource_axd" path="Telerik.Web.UI.WebResource.axd" verb="*" type="Telerik.Web.UI.WebResource, Telerik.Web.UI, Version=2013.3.1114.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4" />
</handlers>
Option 2:
<handlers>
<add name="Telerik.Web.UI.WebResource" path="Telerik.Web.UI.WebResource.axd" verb="*" type="Telerik.Web.UI.WebResource, Telerik.Web.UI, Version=2013.3.1114.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4" />
</handlers>
Option 3:<httpHandlers><add path="Telerik.Web.UI.WebResource.axd" verb="*" type="Telerik.Web.UI.WebResource, Telerik.Web.UI, Version=2013.3.1114.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4" />
</httpHandlers>
Option 4:<httpHandlers><add name="Telerik.Web.UI.WebResource" path="Telerik.Web.UI.WebResource.axd" verb="*" type="Telerik.Web.UI.WebResource, Telerik.Web.UI, Version=2013.3.1114.35, Culture=neutral, PublicKeyToken=121fae78165ba3d4" />
</httpHandlers>
To prevent direct calling your website needs to be password protected. For example this code allow the handler calling when the site has authentication:
<location path="Telerik.Web.UI.WebResource.axd"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web></location>so be sure that you don't have this code in your web.config. Or try to add this:
<location path="Telerik.Web.UI.WebResource.axd"> <system.web> <authorization> <allow users="?" /> <deny users="*" /> </authorization> </system.web></location>Regards,
Hristo Valyavicharski
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.
Rank 1
This works fine. But when i implement this on web.config.
Normal registration form which is normally accessed by non users, start to face issue onCaptcha. Captcha doesnt load its image.
<telerik:RadCaptcha ID="RadCaptcha1" runat="server" ValidationGroup="SubmitInfo" onkeydown = "return (event.keyCode!=13);"
CaptchaTextBoxCssClass="inputsty1" ErrorMessage="The code you entered is not valid." Display="Dynamic" ProtectionMode="Captcha" Width="140px" Height="100px">
</telerik:RadCaptcha>.
This handler Telerik.Web.UI.WebResource.axd serves all resources scripts, styles, images for all Telerik controls including the Captcha. That's why it must be accessible if you plan to have a page with telerik controls for anonymous users.
Handler with query string parameter ?type=rau is the upload handler. What are your concerns? Are you worried that someone can make a post request to this handler and upload a file wrongfully into the Temp Folder?
You may try to configure the AsyncUpload to use a Custom Handler and forbid it for authenticated users.
Regards,
Hristo Valyavicharski
Telerik
Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.
Rank 1
Hi there,
I've recently update our Telerik web ui to Version=2021.1.119.45 and noticed that the Asyncuploader is no longer working, showing the same simptoms as describe above.
I tried the suggested solutions:
- added version property in the telerik htthandler:
<add path="Telerik.Web.UI.WebResource.axd" type="Telerik.Web.UI.WebResource, Telerik.Web.UI, Version=2021.1.119.45, Culture=neutral, PublicKeyToken=121fae78165ba3d4" verb="*" validate="false" />
- replaced in the authorization node <allow users="*" /> with <allow users="?" /> <deny users="*" /> as suggested
I've lso tried to remove (just in case)
Telerik.AsyncUpload.ConfigurationEncryptionKey, Telerik.Upload.ConfigurationHashKey and Telerik.Upload.AllowedCustomMetaDataTypes from <appSettings> but it made no different at all
but the error persists, any ideas to resolve that?
Hi Kwango,
When there is authentication used in the application, you have to make sure that you have granted full permissions to all Telerik and MS AJAX handlers. You can do it by adding the following settings to the location section of the web.config:
<configuration>
...
<location path="Telerik.Web.UI.WebResource.axd">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Telerik.Web.UI.DialogHandler.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="ScriptResource.axd">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="WebResource.axd">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
...
</configuration>
Regards,
Vessy
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.
Rank 1
Hi Vessy,
Thanks for the prompt response, unfortunately the error I'm having is a 500 (internal server error) and adding the suggested code is not helping. Just so that we are clear, the AsyncUploader was working fine until I made the upgrade (from Telerik.Web.UI V2016.2.607.40 to v2021.1.119.45), so other than that the code based has not changed! I'm baffled why this should happen, I was expecting the code to just work (backward compatibility... )
Rank 1
Hi,
The issue has been fixed. It turned out that the error 500 was the result of "The cryptographic operation has failed", which resolution is documented in this https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/asyncupload-the-cryptographic-operation-has-failed-error-after-upgrade , as it happen it's just a case of having the Telerik.Upload.AllowedCustomMetaDataTypes key pointing to the custom upload configutation in the code base.
Hi,
Thanks a lot for the update, Kwango! I am really glad you have found the root of the problem and everything is working properly now.
Kind regards,
Vessy
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.