Hello Peter,

Let me first say how much I like Document Exchange. I have purchased a full license back in October for my company - though we are just now setting it up.

I was able to get it set up fairly well so far, even with WebDAV through DNN. My question is with mounting a WebDAV folder through Windows Explorer. I am using Fiddler to trace the communication between Windows Explorer and DMX. I believe I have narrowed this down to an interference with the Active Directory Authentication Module and/or DMX not able to verify authorization through AD. Both the Fiddler tracing and my own testing confirms that there is a problem with mounting a DMX path with a user that is part of an AD domain. Here is an example:

UserA - is a non-admin, non-domain user and exists within the 'users' table with the username 'usera'. This user is able to mount through Windows Explorer.

UserB - is a non-admin but IS part of a domain, and hence the username is: 'mydomain\userb' within the 'users' table. This user IS NOT able to mount through Windows Explorer.

This test at least confirms that DMX is set with the possibility of working, and it is more a matter of authentication issues.

When attempting to mount the network drive, Windows Explorer prompts for a user and password. In watching the traffic, I see that when I log in as 'mydomain\userb' that the domain part 'mydomain' is not translated in the transmitted packet. Instead, it overwrites the realm information in the header. The username then transmitted within the header is truncated to 'userb' and thus I am assuming that this is why it is failing; because the username in the users table is actually 'mydomain\userb'.

I am hoping I am missing 1 small step or setting to getting this to work. Are you aware of any workaround that I may be able to perform or a possible setting that needs set?

I would greatly appreciate any insight that anyone may be able to share!

Also, if someone could share information with me about how the WebDAV component (dmxdav.axd) initiates and performs authentication for Windows Explorer mapping a network drive - that would be extremely helpful as well.

Thanks in advance!


Here are my environment specs:
==========================
IIS 7.5
Windows Server 2008 RD2
DNN: v. 07.00.06
Document Exchange: v. 6.1.5
Authentication: DNN_ActiveDirectoryAuthentication v. 5.0.5

Hi,

Great detail in the feedback. Could you do me a favor and send this to me with the Fiddler trace by email? I love Fiddler traces as I get so much detail that way.

Best,
Peter

I have confirmed that the issues I am experiencing with WebDAV are also related to the use of the AD authentication module. I was able to get it to work using (non-AD DNN accounts) but it fails for me with no errors other than not working when attempted with AD accounts.

Any update/guidance at this point?

DNN - 6.26
AD Module - 5.05
IIS 7.5
2008 R2
DMX 6.1.5


Roy

I'm working with Mike Horton from the AD team to see if we can get a "dummy" AD provider that can be used on a DEV machine to examine this in more detail. The problem is that currently I'm left guessing. But to keep the conversation going here are some details regarding authentication:

DMX includes a module to authenticate WebDAV requests. This module is clearly visible in the web.config if everything is set up correctly. This module will run on every request that satisfies the settings of that line in the web.config. Now. When the module starts it first checks to see if the thread is authenticated or not. If it is, then it bypasses its own logic and just continues. This is what *should* happen with AD auth properly set up. Now we need to find out why this is not happening. Here is the crucial code:



As you can see there is some logging happening if you switch the app to debug mode. This is done on the Main Options page when logged in as host. The log goes to portals/_default/DMX/log and DMX/Log in the portal home dir. Maybe you can spot some of the above messages.

Peter

Completely confused now. Tested again this AM with both AD and DNN users.

1> DNN users - appears to work OK

2> AD users - failed to work, enabled debugging mode, still failed to work, got a cup of coffee and now it appears to be working partially. Nothing changed on the configuration...

3> All Users - does not appear to be what it says. Have All Users set to WebDAV enabled. Outside of admin accounts, WebDAV doesn't show up. When I WebDAV enabled a particular role that I knew the account was in, WebDAV options now show up. What is All Users for and where did it come from? I have no DNN role called that...

4> Further testing shows the ability for test account to open a folder in Windows Explorer but not open a document or spreadsheet in Office 2010. Same AD test account on Windows Terminal Server appears to open Word, Excel, and Win Explorer. What should I look for on the local machine? Double clicking files in Win Explorer will open the associated apps without problem....so it isn't file association... ideas? One computer is using IE 8 and one is using IE9

"What is All Users for and where did it come from? I have no DNN role called that... "
ALL Users is a standard/hard coded DNN role. It's code is -1. It is not a good idea to have all users be able to leverage WebDAV as this includes not logged in users. Preferably you want "Registered Users" at least to ensure you know who is accessing a document.

"Further testing shows the ability for test account to open a folder in Windows Explorer but not open a document or spreadsheet in Office 2010"
What happens? It starts up Word? It loads the document in read only?

" What should I look for on the local machine?"
You should use Fiddler to debug. If the issue is opening a file in editable mode, then you need to look for the magic line in Fiddler with the verb "LOCK". If that one works, then Word/Excel has been able to successfully open the document for writing.

Peter

Thanks for the info on All Users...since it doesn't show in DNN role manager, I was unaware of its existence.

To answer your other question:

I am still troubleshooting to try to determine a pattern of behavior...just getting very mixed results right now.