Windows Authentification problem with WebEditor.ashx

Post Reply
benjin
Posts: 4
Joined: Thu Dec 26, 2019 10:59 pm

Windows Authentification problem with WebEditor.ashx

Post by benjin » Fri Dec 27, 2019 2:24 am

Hello dear devs,

My enterprise, a public collectivity, is actually testing (id do) OnlyOffice for Developpers before a potential purchase.
A last rock is is blocking my road toward any purchase: an authentication problem linked to the Document Storage Service.

Indeed we use LDAP/Windows authentification in our applications. The problem is that, when I active the Windows Authentification for our OnlyOffice Test Site through the IIS manager, the CallBack handler (WebEditor.ashx.cs) doesn't works properly.
Here I invite you to look at the errors in the attached screenshots ("Edition failure pdf.png" and "Edition Failure docx.png").
Edition Failure pdf.png
Edition Failure pdf.png (14.98 KiB) Viewed 288 times
Edition Failure docx.png
Edition Failure docx.png (38.55 KiB) Viewed 288 times
I know the problem comes from the WebEditor.ashx.cs script because when I redirect callbacks and document storage paths toward the same project duplicated in another folder with anonymous authentification (not windows' one), everything works correctly.
More precisly: CallBackUrl, VirtualPath, StoragePath parameters ("Default" class) for my application "TEST_ONLYOFFICE" (stored in an equally named folder) are redirected to the exact same project with anonymous authentification this time: TEST_ONLYOFFICE_DOC (in another folder, in the same directory). See "Directroy.png" attachement. Then my OnlyOffice edition works perfectly.
Source codes for CallBackUrl, VirtualPath, StoragePath parameters implemented in the "Default.aspx.cs" in the TEST_ONLYOFFICE project folder (the one with windows authentification): see Source codes TEST_ONLYOFFICE.7z.
Attachments
Source codes TEST_ONLYOFFICE.7z
(73.39 KiB) Downloaded 7 times

Alexandre
Posts: 59
Joined: Thu Dec 12, 2019 11:08 am

Re: Windows Authentification problem with WebEditor.ashx

Post by Alexandre » Fri Dec 27, 2019 10:20 am

Hello benjin.

Please, provide some additional information for our checking:
1. OS of the server where ONLYOFFICE Document Server is installed.
2. Type of installation of Document Server (exe, docker, deb/rpm).
3. Version of ONLYOFFICE Document Server installed.
4. How you performed installation, send me also the link to the guide you used.
5. Please send all Document Server logs (the whole folder).
You can find it here:
Windows → %Program Files (x86)%\Ascensio System SIA\DocumentServer\Log
Docker → /app/onlyoffice/DocumentServer/logs/documentserver/
Linux → /var/log/onlyoffice/documentserver/
6. Reproduce your issue with open browser console. Check information at console browser in ‘console’ and ‘network’ tabs. Make screenshots of any errors you see in those tabs.
7. Am I right, did you install ONLYOFFICE and your storage on the same server?

You can attach log folder and screenshots to reply or send it in private message.

benjin
Posts: 4
Joined: Thu Dec 26, 2019 10:59 pm

Re: Windows Authentification problem with WebEditor.ashx

Post by benjin » Mon Dec 30, 2019 12:18 am

Hello Alexandre, Thank you for your response.

1. OS of the server where ONLYOFFICE Document Server is installed:
-> CentOS 7 (4 cpu, 8BG RAM)

2. Type of installation of Document Server :
-> Docker

3. Version of ONLYOFFICE Document Server installed:
-> Version: Document Server 5.4 I assume (installed 3 weeks ago)

4. How you performed installation, send me also the link to the guide you used:
-> Installation was performed exactly as the installation tutorial indicates by a colleague (network admin).
-> Guide: https://helpcenter.onlyoffice.com/fr/se ... ation.aspx


5. Please send all Document Server logs (the whole folder):
Logs are more or less dated from the bug reproduction (see "documentserver zip.zip").

6. Reproduce your issue with open browser console. Check information at console browser in ‘console’ and ‘network’ tabs. Make screenshots of any errors you see in those tabs:
The issue has been reproduced with all storage, saving, document loading, and callbackUrl paths redirected to the working project TEST_ONLYOFFICE (and not the one used for redirection to avoid the bug described: TEST_ONLYOFFICE_DOC)
you can find an attached zip files "step 1.zip" and "step 2.zip" with all screen shots of Console and Network messages during bug reproduction.
Step 1: before document loading in doc editor
Step 2: after document loading in doc editor
I had to split zips cause the attached files limit is very low (so bad)


7. Am I right, did you install ONLYOFFICE and your storage on the same server ?
-> Nop we didn't:
- Document Server: http://10.16.20.11/welcome/
- OnlyOffice project: http://sharp.validpnord.nc:200/TEST_ONL ... ault.aspx)
- Document storage: http://sharp.validpnord.nc:200/TEST_ONL ... Documents/
Attachments
Step 2.zip
(175.16 KiB) Downloaded 6 times
Step 1.zip
(110.77 KiB) Downloaded 6 times
documentserver logs.zip
(39.11 KiB) Downloaded 7 times

benjin
Posts: 4
Joined: Thu Dec 26, 2019 10:59 pm

Re: Windows Authentification problem with WebEditor.ashx

Post by benjin » Wed Jan 08, 2020 10:40 pm

Still waiting for a response to this thread. We have the project to buy you a developer licence (reminder).

Kind regards.

Alexandre
Posts: 59
Joined: Thu Dec 12, 2019 11:08 am

Re: Windows Authentification problem with WebEditor.ashx

Post by Alexandre » Thu Jan 16, 2020 2:28 pm

Hello.
We discussed your case internally. Unfortunately, scenario with required authentication is excluded in current version of Document server. As you can see, structure with anonymous access works. We don’t plan to change this behavior at the moment.

benjin
Posts: 4
Joined: Thu Dec 26, 2019 10:59 pm

Re: Windows Authentification problem with WebEditor.ashx

Post by benjin » Thu Jan 23, 2020 3:39 am

Ok,

Our concern is about the potential security threats caused by this behavior. Could you give us an evaluation of such threats if there are ?

Kind regards.

Alexandre
Posts: 59
Joined: Thu Dec 12, 2019 11:08 am

Re: Windows Authentification problem with WebEditor.ashx

Post by Alexandre » Thu Jan 23, 2020 7:57 am

Hello.
You can use JWT for security requests from Document Server to your application and vice versa. We have information about this feature here: https://api.onlyoffice.com/editors/security

Post Reply