Active Directory - metaPost Feature Requests & General Discussion

Module Support Forums

Forum metaPost Forums metaPost Featur... Active Directory

2/26/2008 8:34 AM

Don Worthley
201 posts

Re: Active Directory

Is this the request and response you get after adding a location tag, or is this what you've been getting all along?

Also, I just realized that there are a couple of other pages that will be accessed by WLW during the account configuration process:

metapostredirect.ashx
metapostredirect.aspx

and then, of course, WLW will try to access the URL of a test post if you choose to let WLW download the site styles.

Also, was the response above the entire raw response or was this the header?

Thanks for taking the time to help troubleshoot this!

Don

2/26/2008 12:13 PM

Ben91
5 posts

Re: Active Directory

Modified By Don Worthley on 2/26/2008 3:05:37 PM

The request/response noted in my previous message was *after* adding the location tag for metapost.ashx. I went ahead add created a new web.config for the \DesktopModules\itcMetaPost directory with authorization for all users="*". That did not change the behavior either.

I believe the response in my previous message was the full raw response... but here is the latest one after having added the web.config for the itcMetaPost directory:

HTTP/1.1 302 Found

Connection: close

Date: Tue, 26 Feb 2008 20:04:24 GMT

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

X-AspNet-Version: 2.0.50727

Location: http://10.1.30.240:81/metapost.ashx

Set-Cookie: authentication.status.0=483B742910C91E452F5585BEC46B672014BC4ED2E4165FA587D1C0CA8E9931095866FFD0EA82BE68C42
12466BB5E2CE5211EE55796AED7833C0EB9D21A9A30F0C70DCA4B2D55F528CE558E57B01DC6BCC8B7117713DAB4BB7FF162A2969840C1827
95C0592279B137F1E0A6D8343650FA75BFB451A97F0C9D84FA22F1ADC775B; expires=Tue, 26-Feb-2008 21:04:24 GMT; path=/; HttpOnly

Cache-Control: private

Content-Type: text/html; charset=utf-8

Content-Length: 152

<html><head><title>Object moved</title></head><body>

<h2>Object moved to <a href="http://10.1.30.240:81/metapost.ashx">here</a>.</h2>

</body></html>

2/26/2008 1:00 PM

Jordan Widstrom
4 posts

Re: Active Directory

Don, thanks for the prompt response.

I tried adding the location element to my web.config (for all 3 pages you've listed), and still got the same 302 Object Moved response. I'm not sure if there's an entry you can add to web.config to prevent the AD authentication http module from picking it up. (This agrees with what I'm seeing in that module's code; unless you're browsing to install.aspx or installwizard.aspx, it gets redirected to WindowsSignIn.aspx.)

When searching online, I found Community Server users running into almost the same situation. http://communityserver.org/forums/p/481293/559167.aspx#559167

Even if we were able to make metapost.ashx accessible anonymously (which may require a change to the AD authentication http module code), the blog would still need to belong to a non-windows account. I think what we really want is an option in Live Writer to specify the Windows account to authenticate with.

I'm making several "educated guesses" here. Please correct me if you can see that I'm heading down the wrong path. I will continue to play with this.

Thanks!

2/26/2008 1:32 PM

Don Worthley
201 posts

Re: Active Directory

Thanks Jordan,

The cs link was very helpful. There's a chance that we can get non-windows accounts to work with WLW, but the weak link is WLW when it comes to authenticating windows accounts. In order for the windows users to authentication, network credentials would have to be sent over the XML-RPC channel which WLW uses to communicate with metaPost. Unfortunately, WLW doesn't have any support for adding network credentials to the mix, so we're blocked at that level.

Our issue on the DNN side seems to be the AD provider, and from what you shared, it sounds like this would have to be modified in order for WLW to access metapost.ashx. The other hurdle is getting WLW to download the styles and template for the site. In order for this to work WLW has to have anaonymous access to the pages which contain the styles.

One thing that might work would be to have two separate installations of DNN pointing to the same database: the first, an exisitng AD authenticated installation, and the second, a DNN based authentication version of the same site used for WLW. I'm not even sure this would work, since I haven't worked with the AD provider.

When I have some time, I'll set up a test environment and see if I can identify a possible workaround. I appreciate your help with this Jordan and Ben!

Don

2/26/2008 1:56 PM

Ben91
5 posts

Re: Active Directory

I've done a little more experimentation. If you remove the httpModule that is installed with the AD provider by commenting it out of the web.config...

and adding the appropriate <location> tags we previously discussed, then WLW is able to interact with metapost.ashx.

I looked at the source code for the module (I'm a long time .NET/C# guy, but new to Nuke) and as near as I can tell, the module only gets you auto-login from any page by redirecting through the windows login page. So *if* you can live with AD login through a direct link to the windows login page, and *if* you are not trying to use an AD account to do your blogging... you can make metapost work for non-AD users.

It doesn't look like it would be too hard to add some code to the AD http module to ignore the metapost pages (in fact, it currently does so for install.aspx). It would be much cleaner, though, if the page would read the location tags (or have some additional configuration) which would allow us to choose which pages to ignore.

Page 2 of 6

...6

Forum

metaPost Forums

metaPost Featur...

Active Directory