Help get this topic noticed by sharing it on Twitter, Facebook, or email.

CSV Download asking for Authentication

We have upgraded our applications to the latest version of COT, but when we install into production we get a Authentication Challenge if we try and download a CSV or Excel format. Reports still work without a challenge. The production servers are W2008 and W2010

This is a breaking change for us, so any assistance appreciated

Thanks

Finbar
4 people have
this problem
+1
Reply
  • Could we get a reponse on this , it only affects the desktop UI the Touch works as expected.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • Finbar, I discovered the same thing on my dev desktop last nIght, the two selections under the actions button which download the csv challenge me for credentials yet the options under the reports button download without issue
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • COT can we get some help with this please, for us it is a breaking change we can't rollout to our customers until we get a resolution ( we can't use the obvious workaround of entering their username and credentials because of the authentication strategy that we have in place)

    Thanks

    Finbar
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • I’m frustrated
    I have the same problem. I was just ready to release a program and discovered I had not tested those features deployed. I had tested report options - maybe not all of them. Now, I am at least going to remove the Actions - all except Import which I need and it works. Very disappointing. Problems like this is why I abandoned COT long ago. I like so much about it but can't release something with this issue. I wonder if I paid for an incident could they help - have to wait a couple of days if I did but this might be worth paying/waiting for.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • I’m frustrated
    I was not able to figure how to delete the Actions for the Membership Manager. So got rid of the problem on all others - so at least potential users of the application would only be subjected to the username and password if they try to download or export from the Membership Management page. May be the best I can do by myself.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • I have had a look at the problem and have a solution. But I am very confused as to why this has become a problem.

    Standard COT has an overideable method in ApplicationServices class

    public virtual bool RequiresAuthentication(HttpRequest request)
    {

    if (request.Path.EndsWith("Export.ashx", StringComparison.CurrentCultureIgnoreCase))
    {
    var formToken = HttpContext.Current.Request.Params["t"];
    if (string.IsNullOrEmpty(formToken) || !(ValidateToken(formToken)))
    return true;
    }
    return false;
    }

    Which returns true unless you passed a valid token with the request ( Not sure how the COT frontend would do that , maybe its a configuration option ?). So it always returns true, hence the authentication challenge ?

    To solve this you can just overide the method something like this

    namespace YourAppName.Services
    {
    public partial class ApplicationServices
    {

    public override bool RequiresAuthentication(HttpRequest request)
    {
    return false;
    }
    }}

    Looking back through my version control this method in COT doesn't seem to have changed in the last two years, but I have COT applications from May 2017 that work without the challenge ?

    COT maybe you could comment on my suggested solutions and advise of any potential side effects ?, and any thoughts on why it used to work differently ?

    Thanks

    Finbar
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • I have the same issue. COT, can you explain why do you use this part of the code?
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated

  • uremovic

    Sorry I missed this not sure I understand your query, why did I change this bit of code instead of another ?

    Because it is designed to be overidden and on tracing through teh issue this is where I was going. Having said that it was a very quick fix and I have realised that it has a negative impact on the REST API Authentication so I do need to go back and have proper look and see why.

    Let me know if you found a better solution

    Thanks

    Finbar
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly happy, confident, thankful, excited indifferent, undecided, unconcerned sad, anxious, confused, frustrated