This is a complicated setup and issue, so I'll do my best to keep it succinct:
There are two different web applications - one is Windows authentication, and the other is Forms authentication.
Application #1 (Win authentication) uses a RadEditor to create "posts" or "articles" that could have images within them. Those images are currently saved/uploaded to a directory that resides in the IIS root. I've also tried with a virtual directory.
Application #2 (Forms authentication) loads the HTML from these posts created by App #1 into a Literal Control. Whenever App #2 loads a post that contains an image, the browser asks for domain credentials. The image will not show unless you supply proper login info. The rest of the HTML from the post will load fine - just not the images.
I've given permission to the app pool, IIS_USRS, IUSR - even full control. So far, there is no difference whether this folder has proper permissions, or none... it still prompts for credentials.
How can I allow App #2 to access these images without requiring credentials?
Thank you, in advance.
1 Answer, 1 is accepted
Rank 2
Iron
Iron
Veteran
Problem resolved. Here's a quick explanation for anyone experiencing similar issues.
- Create physical directory in a drive separate from either application.
- Create virtual directory in both applications, pointing to the above physical directory.
- Point the RadEditor ImageManager to this virtual directory.
- When loading the content in app #2 (the app that does not host the RadEditor), from the IMG SRC attribute in the content, strip out the beginning of the path pointing to the root application name, leaving only the virtual directory folder name:
- Example: RadEditor produces this path: "/App1/VirtualDirectory/FileName.xxx"
- Modified to: "VirtualDirectory/FileName.xxx"
App #2 now has access to the image.
Thank you, Rumen for all of your suggestions - they eventually led me to this resolution.
For nothing, Jeff! I will add this scenario to the help, but I am curious to learn how have you stripped the path in this point:
strip out the beginning of the path pointing to the root application name, leaving only the virtual directory folder name?
Was it with a server or client-side code? Can you share it for a reference to your fellow developers! Thanks!
Rank 2
Iron
Iron
Veteran
In the application that reads the RadEditor posts, it is driven by a SQL Server View and Stored Procedure. So I simply modified the view with with a CASE and REPLACE statement:
CASE WHEN CHARINDEX('/App1/VirtualDirectory/', RadEditorContentFieldFromDB) > 0
THEN REPLACE(RadEditorContentFieldFromDB, '/App1/VirtualDirectory/', 'VirtualDirectory/')
ELSE RadEditorContentFieldFromDB
END AS RadEditorContentFieldFromDB
Hi Jeff,
The scenario is discussed at https://www.codeproject.com/Questions/172359/Images-and-CSS-issue-after-forms-authentication.
You may also try to make the images folder a virtual directory pointing to the root of application 2 - this way the images will be accessible. You can find more information at https://docs.telerik.com/devtools/aspnet-ajax/controls/editor/functionality/dialogs/examples/upload-files-to-a-shared-drive.
Rumen,
Thank you for the suggestions - I will attempt to implement.
I have a question regarding the html path that gets added to the RadEditor content when an image is added. For the ImageManager-ViewPaths value, If we use the '~' tilde and the virtual directory it always adds the current application folder to the path of the image:
Example: ImageManger-ViewPaths="~/ContentImages"
Yields: Image path in RadEditor content: <img src="/AppName/ContentImages/ImageFileName.png" />
Is there a way to configure the image path that the RadEditor produces to not include the AppName, and simply just output "/ContentImages/ImageFileName.png", isntead?
Using String.Replace on the server, you will be able to replace or strip the desired part of the URL and therefore display the image correctly on the public site.
If you want to have more precise URL stripping you could implement your own custom content filter that will convert the absolute paths to a relative when switching to HTML mode or submitting the content by executing the Telerik.Web.UI.Editor.StripPathsFilter([domainName]); filter of RadEditor. You can find more information at https://www.telerik.com/forums/image-url-overwritten-when-reposition-it.
Last but not least you can use the OnClientPasteHtml client event to modify the img src just before it is inserted in to the content area.
Rumen,
I've created a physical directory in app #2, and a virtual directory in app #1 pointing to the app #2 physical directory. The RadEditor will properly upload the images here.
I've modified the image src url to point to the proper directory, but I get a 401.3 error when attempting to view the image. It turns out that the images added by the RadEditor ImageManager do not receive the proper permissions/user (IUSR). When I manually add the IUSR to the permissions of the image the RadEditor uploads, I'm able to view it with no problem.
I can drag an image in the same directory manually, and the proper permissions are added from inheritance. My guess is that inheritance from appp #1 is taking over and applying it's inherited permissions, which do not include IUSR. If that's true, is there any way to resolve this?
Jeff.
I'm beginning to believe that what we want to accomplish is not possible.
Accessing resources from a Windows authenticated web application, which has Anonymous login disabled, to a Forms authenticated application is proving to be troublesome. No matter what we do, the proper permissions are not applied, thus a 401 error is received every time.
Are we trying to do something that is impossible?