Uploaded files requiring log in to view them.

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
3/27/2010 6:02:54 PM
ckincincy
Gravatar
Total Posts 41
View Posts

Uploaded files requiring log in to view them.

Interesting issue:

Win 2003 server.

Mojo: 2.3.3.4 MSSQL

Using a custom skin.

When I use the file manager I can upload an image without issue, and the preview window works just fine.  However when updating a page an uploading an image there I get 'truer' behavior.... It uploads the file without issue, but when it goes to preview the image it propmpts for a windows login.  So the image is uploaded but the permissions aren't correct.

So, why am I losing the anonymous permissions on an upload?

3/28/2010 7:37:32 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Uploaded files requiring log in to view them.

Hi,

I'm going to remove the button that creates a download link in File Manager because it is causing a lot of confusion. The fancy file manager introduced in mojoPortal 2.3.3.4 is based on QTfile and it already had this function for creating a link, however in mojoPortal this file manager is only allowed to be used by users with permissions and that includes the underlying file manager service. Since the link generated is not an actual url to the file but an url to the service page so that permissions can be enforced. I never intended anyone to use that link in content as an url to a file.

To get an url to a file for use in content you should use the editor and browse to the file from the image or media or link browser buttons in the wysiwyg editor.

The file manager doesn't know the difference between unprotected files and protected files, it treats all files as protected. In reality, files like image files or pdfs .doc or whatever is not a protected file and IIS will serve those files if the user knows the correct url. Other files like .config are protected by .NET and cannot be downloaded by direct http request even if you know the url. However file manager allows users to download any file whether protected or not if the user is allowed to use file manager, it is not meant for creating links to files for use in content, so this link generator button is causing confusion and leading to support issues. I will remove that button for the next release.

Hope it helps,

Joe

3/28/2010 12:23:09 PM
ckincincy
Gravatar
Total Posts 41
View Posts

Re: Uploaded files requiring log in to view them.

This is a hard issue to describe over a forum...

I can upload images without issue, via the File Browser or the File Manager.  However, those images are not able to be 'linked' to.

So I upload a file, either way.  The file is on the file server.

However, whenever I go to add a reference to that file in a page, I get a Windows dialog prompting me for a user name and password.

I'm trying to figure out why new files are not getting anonymous access from a simple web request POV.  Nothing to do with the permissions and roles in Mojo.

3/29/2010 2:13:46 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Uploaded files requiring log in to view them.

Hi,

I would right click the site in IIS to get to properties and on the Security tab I would make sure it is not configured for Digest or Basic authentication but only for Anonymous and Integrated Windows. Also whatever user it shows there for anonymous (maybe IUSER_machinename) will need read permissions on the whole web. Static files such as images are served directly by IIS and not by ASP.NET.

ASP.NET does handle the uploads and the user for ASP.NET is the user attached to the application pool which may be different than the user listed for annymous in IIS security tab and therefore file permissions may not be correct.

Hope it helps,

Joe

You must sign in to post in the forums. This thread is closed to new posts.