Active Directory - metaPost Feature Requests & General Discussion

Module Support Forums

Forum metaPost Forums metaPost Featur... Active Directory

2/22/2008 12:41 PM

Ben91
5 posts

Active Directory

I am creating a DNN site that is essentially an extranet. Internal user are authenticated via AD and external users via standard DNN forms authentication.

With AD Authentication enabled, metaPost does not work for me. I wrote a small test app using BlogLib to see what I was getting back from a post to metaPost. In every case, I get back the HTML description page.

Is it possible to get metaPost working in this mixed authentication environment?

2/22/2008 1:25 PM

Don Worthley
201 posts

Re: Active Directory

Hi Ben,

I don't have an environment configured where I can test that scenario. Are you using Windows Live Writer to connect? If you have Fiddler installed and don't mind capturing the raw request and responses you receive when you try to connect, I can take a look at that to see if there's something I can change on my end. Feel free to send this to me offline (my email is just my first name at itcrossing.com).

Thanks,

Don

2/25/2008 3:23 PM

Jordan Widstrom
4 posts

Re: Active Directory

Modified By Don Worthley on 2/25/2008 5:31:01 PM

Don,

I have a very similar environment (mixed AD & DNN authentication). I captured the request & response details initiated when setting up a blogging account in Live Writer. It looks like the AD http module is capturing the request and redirecting it to the AD logon script, which is subsequently returning 401 unauthorized. I made this request when logged in as a windows user with access to the site, and a blog created. I'm not sure how one would address this just yet, but wanted to give you the details that I found. I will research this some more and post back here if I learn anything more. Ironically, it may be Live Writer that doesn't support a windows-authenticated blog, not metaPost?

Thanks!

POST /metapost.ashx HTTP/1.0
Accept: */*
Accept-Language: en-US, en, *
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Windows Live Writer 1.0)
Content-Type: text/xml
Host: mgweb1
Content-Length: 484

<?xml version="1.0" encoding="utf-8"?>
<methodCall>
<methodName>blogger.getUsersBlogs</methodName>
<params>
<param>
   <value>
    <string>ffffffabffffffce6dffffff93ffffffac29ffffffc9fffffff826ffffffdeffffffc9ffffffe43c0b763036ffffffa0fffffff3ffffffa963377716</string>
   </value>
</param>
<param>
   <value>
    <string>admin</string>
   </value>
</param>
<param>
   <value>
    <string>dnnadmin</string>
   </value>
</param>
</params>
</methodCall>
HTTP/1.1 302 Found
Connection: close
Date: Mon, 25 Feb 2008 23:00:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://mgweb1/DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx?tabid=58
Set-Cookie: authentication.status.0=4A75C2E6F2619E2DD91818825287C9A778ED7BC54F
A053F1C9BC4D48558496E4F8A256A6338076B1BD1F8472B3241E2ABCDE3D4BBBADB695B5C2C4FE
F6DE89D7C710E0E2E68C9D5B54C30D1B1438AAF8BEB7F57DEA56D44C14BBB44526CE95A70D7A38
5A47FFC7BCE485254598FC82A3E2E7105BF2F3B58EF805B65DAC95C617; expires=Tue, 26-Feb-2008 00:00:22 GMT; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 212

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://mgweb1/DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx?tabid=58">here</a>.</h2>
</body></html>

------------------------------------------------------------------

GET /DesktopModules/AuthenticationServices/ActiveDirectory/WindowsSignin.aspx?tabid=58 HTTP/1.0
Accept: */*
Accept-Language: en-US, en, *
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Windows Live Writer 1.0)
Content-Type: text/xml
Host: mgweb1

HTTP/1.1 401 Unauthorized
Content-Length: 1656
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Mon, 25 Feb 2008 23:00:22 GMT
Connection: close
Proxy-Support: Session-Based-Authentication

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>

<h1>You are not authorized to view this page</h1>
You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept.
<hr>
<p>Please try the following:</p>
<ul>
<li>Contact the Web site administrator if you believe you should be able to view this directory or page.</li>
<li>Click the <a href=" location.reload()">Refresh</a> button to try again with different credentials.</li>
</ul>
<h2>HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>401</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>About Security</b>, <b>Authentication</b>, and <b>About Custom Error Messages</b>.</li>
</ul>

</TD></TR></TABLE></BODY></HTML>

------------------------------------------------------------------

2/25/2008 3:47 PM

Don Worthley
201 posts

Re: Active Directory

Welcome to the forums Jordan and thanks so much for including the captured Request and Response. After looking at this and thinking about it, I'll bet you just need to add a location tag to your web.config to tell IIS to let anonymous requests through for the ashx file. I haven't tried this, but here's what I would start with:

If you don't mind, could you add this to your web.config outside of the existing system.web section and see if it helps solve the issue.

Thanks,

Don

2/26/2008 8:17 AM

Ben91
5 posts

Re: Active Directory

Modified By Don Worthley on 2/26/2008 10:30:13 AM

Hi Don, Thanks for the response. The location tag sure *seems* like it should do the trick, but I'm getting a different behavior altogether. I get a 302 response... but the weird thing is... the 'redirect' is to the same URI:

Request:

Accept: */*
Accept-Language: en-US, en, *
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Windows Live Writer 1.0)
Content-Type: text/xml
Host: 10.1.30.240:81
Content-Length: 491

<?xml version="1.0" encoding="utf-8"?>
<methodCall>
<methodName>blogger.getUsersBlogs</methodName>
<params>
<param>
   <value>
    <string>ffffffabffffffce6dffffff93ffffffac29ffffffc9fffffff826ffffffdeffffffc9ffffffe43c0b763036ffffffa0fffffff3ffffffa963377716</string>
   </value>
</param>
<param>
   <value>
    <string>GlobeRanger</string>
   </value>
</param>
<param>
   <value>
    <string>******</string>
   </value>
</param>
</params>
</methodCall>

Response:

HTTP/1.1 302 Found
Connection: close
Date: Tue, 26 Feb 2008 16:05:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://10.1.30.240:81/metapost.ashx
Set-Cookie: authentication.status.0=09DB03CB3D0851376FEDF866A0A0ED5E83799CB445B5D6F81
A73052E63BAE1BC72E81F258EDDA573A2C3049F2D7A63DAA74D5418D96105C77BACF
B1C28BC64A6FAD30DA1AB04332771A0CDA2E80AACA8622846CD47A61F673490A8583
529998ED681C3886465909F40321B1DD81C98B4BD5546C78381BF0B2135374ED363D81E; expires=Tue, 26-Feb-2008 17:05:46 GMT; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 152

Page 1 of 6

...6

Forum

metaPost Forums

metaPost Featur...

Active Directory