Solved

Can't get ExternalAuthenticator to work with MoxieManager (File Library)

Posted on 2014-03-05
19
2,386 Views
Last Modified: 2014-03-19
Their support has been lousy so I'm resorting to experts-exchange. I'm hoping someone else has used MoxieManager and gotten the ExternalAuthenticator to work with Classic ASP.

Background: The creators of TinyMCE made the MoxieManager File/Image Library, it works with TinyMCE editor.

Anyway it's working fine with BasicAuthentication set in their Web.Config (requires  seperate login for each user). But the ExternalAuthentication which allows you to connect with your existing CMS Authentication (so you don't have to login to the File/Image Library seperately) is not working.

I have configured ExternalAuthenticator as per their documentation: http://www.moxiemanager.com/documentation/index.php/External_Authentication

Now when I go to Open the Library I just get an error like below:

The given key was not present in the dictionary.

Exception Details: System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.


I have not made any changes to Auth.asp outside of setting the SECRET_KEY to match the key in the Web.Config. I know there may be some custom code required but I'm not sure where to start.

Perhaps I'm missing something.
0
Comment
Question by:intoxicated_curveball
  • 10
  • 8
19 Comments
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39907222
Check the moxiemanager/plugins/ExternalAuthenticator folder, copy the .jsp, .asp or
Please note that the auth.asp file is only an example, you will want to customize that file for whatever you are integrating with.

I have not used this but I'm sure if you can  post the asp code it is talking about we can figure this out.

You mentioned web.config, and classic asp, which are you using?  If you want classic asp,it is either a session variable or cookie that needs to match the key.  I don't think you would need to use web.config unless you are using .NET.
0
 

Author Comment

by:intoxicated_curveball
ID: 39907306
Here's the code, but I think it is a long shot anyone can help unless they have experience with MoxieManager and ASP-ExternalAuthenticator.

The MoxieManager application uses ASP.NET and the Web.Config is used to configure their  application. The ExternalAuthenticator is designed to allow non-ASP.NET websites to work with it - in my case it's Classic ASP.

This is their out-of-box sample ASP code to be configured according to the CMS (the only thing I changed is the SECRET_KEY. Otherwise I get the error I mentioned above. I can post stack trace if needed....

<%@Language="VBScript" %>
<script language="JScript" runat="server" src="sha256.js"></script>
<!--#include file="json.asp"-->
<%
Private Const SECRET_KEY = "abc123"

seed = "" & Request("seed")
hash = "" & Request("hash")

Response.ContentType = "application/json; charset=UTF-8"

If SECRET_KEY = "" Then
	Response.Write("{""error"": {""code"": 130, ""message"": ""No secret key was set.""}}")
	Response.End
End If

' Check if seed and hash matches then output all session variables with the moxiemanager_ prefix as a json array
If seed <> "" AND hash <> "" AND Session("moxiemanager_isLoggedIn") = True AND sha256_hmac(SECRET_KEY, seed) = hash Then
	Dim config
	Set config = jsObject()

	' Lets set a custom option, just an example
	'config("filesystem.rootpath") = "C:/Inetpub/wwwroot/test"

	' Session example
	' Session("moxiemanager_filesystem.rootpath") = "C:/Inetpub/wwwroot/test

	For Each key in Session.Contents
		If InStr(key, "moxiemanager_") = 1 Then
			config(Mid(key, Len("moxiemanager_") + 1)) = Session(key)
		end If
	Next

	Response.Write("{""result"" : " & config.jsString & "}")
Else
	Response.Write("{""error"": {""code"": 120, ""message"": ""Error in input.""}}")
End if
%>

Open in new window

0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39907484
Do you know for sure that Session("moxiemanager_isLoggedIn") = True?  How are you sure you are receiving   Request("seed") and  Request("hash")?

This file looks like it is acting as a json feed for another.  Can you tell what the output is from this file?  Perhaps do a response.end after each of the two last response.writes

Based on lines 3 and 10, I can tell they are using asptojson https://code.google.com/p/aspjson and if you want to see how line 34 works https://code.google.com/p/aspjson/wiki/PropJsString

That is built from looping of line 30 which comes from line 26.  

The error code you are getting does not appear to be from your sample page.   I wonder if what is happening is the result is blank?  

Can you look in the console to see what this page is sending?  If it is too hard to figure that out, after line 34 above the else statement add Response.Cookies("TEST") = "YES_"&now and after the else statement add, Response.Cookies("TEST") = "NO_"&now

It will at least help you trace what is going on.
0
 

Author Comment

by:intoxicated_curveball
ID: 39907770
I did what you suggested and it turns out the auth.asp files does not even appear to be loaded to begin with as the cookies you asked me to try are not even set. I even added one at the very top of the page and it's not set either.

This file is defined in the Web.Config of the MoxieManager application root folder, I know the path to it is correct because if I change it I get a 404 not found. The ExternalAuthentication mode is set in the Web.Config as well using the key <add key="authenticator" value="ExternalAuthenticator" />.

Since above is the case perhaps you can help me pinpoint where the error is coming from with the stack trace below?

Stack Trace:


[KeyNotFoundException: The given key was not present in the dictionary.]
   System.Collections.Generic.Dictionary`2.get_Item(TKey key) +10678889
   MoxieManager.Plugins.ExternalAuthenticator.Plugin.Authenticate(User user) +652
   MoxieManager.Core.Auth.AuthManager.DoAuthAction(String action) +446
   MoxieManager.Core.Auth.AuthManager.get_IsAuthenticated() +22
   MoxieManager.Core.PluginManager.Init() +369
   MoxieManager.Core.ManagerContext.get_Current() +470
   MoxieManager.Core.Handlers.ApiHttpHandler.ProcessRequest(HttpContext context) +13
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +341
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69
0
 

Author Comment

by:intoxicated_curveball
ID: 39907775
Maybe I should check the values of TKey and key somehow?
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39908646
http://www.moxiemanager.com/documentation/index.php/External_Authentication

In step 6, they show
$moxieManagerConfig['ExternalAuthenticator.external_auth_url'] = "auth.asp";

Open in new window


In your set up files, try pointing to the absolute path  /somefolder/auth.asp
0
 

Author Comment

by:intoxicated_curveball
ID: 39910038
I know the path is correct because when I change it to anything else I get a 404 not found error instead. Also according to the ASP.NET documentation it should be a relative URL.

<add key="ExternalAuthenticator.external_auth_url" value="auth.asp" />

Open in new window

0
 

Author Comment

by:intoxicated_curveball
ID: 39912852
Any help would be appreciated.
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39912940
Without having the files to trace, I have to rely on you.

line 7 and 8 - Make sure the page is receiving data
seed = "" & Request("seed")
hash = "" & Request("hash")

Try changing line 18 from
If seed <> "" AND hash <> "" AND Session("moxiemanager_isLoggedIn") = True AND sha256_hmac(SECRET_KEY, seed) = hash Then

Open in new window

to
'** If seed <> "" AND hash <> "" AND Session("moxiemanager_isLoggedIn") = True AND sha256_hmac(SECRET_KEY, seed) = hash Then
x=1
if x=1 then

Open in new window

Line 18 make sure  Session("moxiemanager_isLoggedIn") has data

Step 5 http://www.moxiemanager.com/documentation/index.php/External_Authentication make sure, "someSecretKey" equals the secret key in line 5 above, Private Const SECRET_KEY = "abc123"
<add key="ExternalAuthenticator.secret_key" value="someSecretKey" />

Open in new window

0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:intoxicated_curveball
ID: 39917821
I appreciate your help, but I think we already determined that auth.asp file is not loading to begin with (though I did try all you suggested anyway). Regardless of what's in auth.asp I always get the error page. Maybe it's a problem with my web.config of my website?

Server Error in '/' Application.

The given key was not present in the dictionary.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Collections.Generic.KeyNotFoundException: The given key was not present in the dictionary.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:


[KeyNotFoundException: The given key was not present in the dictionary.]
   System.Collections.Generic.Dictionary`2.get_Item(TKey key) +10678889
   MoxieManager.Plugins.ExternalAuthenticator.Plugin.Authenticate(User user) +652
   MoxieManager.Core.Auth.AuthManager.DoAuthAction(String action) +446
   MoxieManager.Core.Auth.AuthManager.get_IsAuthenticated() +22
   MoxieManager.Core.PluginManager.Init() +369
   MoxieManager.Core.ManagerContext.get_Current() +470
   MoxieManager.Core.Handlers.ApiHttpHandler.ProcessRequest(HttpContext context) +13
   System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +341
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +69

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.17929
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39917895
What does your web.config look like?

http://www.moxiemanager.com/documentation/index.php/SessionAuthenticator
<!-- First, add the SessionAuthenticator to the plugins list in Web.config -->
<plugin type="MoxieManager.Plugins.SessionAuthenticator.Plugin" />

<!-- Then edit these keys -->
<add key="authenticator" value="SessionAuthenticator" />
<add key="SessionAuthenticator.logged_in_key" value="isLoggedIn" />

Open in new window


This code should go in whatever login logic your system uses.

"moxiemanager" is the default prefix set in the config file.

// Write to normal ASP.NET session
Session["isLoggedIn"] = true;
Session["moxiemanager.filesystem.rootpath"] = "c:/inetpub/wwwroot/upload";

Open in new window

The code above is related to http:#a39907306 above lines 23/26
http://www.tinymce.com/forum/viewtopic.php?id=32000
0
 

Author Comment

by:intoxicated_curveball
ID: 39918356
The link you mentioned is referring to SessionAuthenticator which I can't use because I'm using Classic ASP and that one only works with ASP.NET. The ExternalAuthenticator allows you to work with Classic ASP. I can use BasicAuthenticator and it WORKS but it requires you to login in to separate user accounts each session.

So I discovered that the error previously mentioned only occurs after the first attempt of running MoxieManager. If I clear all my browser data/cache and run MoxieManager I get below error instead:

GET http://mywebsite.ca/admin/tiny_mce/plugins/moxiemanager/api.ashx?action=language 500 (Internal Server Error) plugin.min.js:99
appendToHead plugin.min.js:99
Loader.loadScript plugin.min.js:170
loadNextScript plugin.min.js:110
done

So it may be better if we trouble-shooting from this point instead.

As for my web.config it's  as per documentation. But here it is anyway:

<?xml version="1.0"?>
<configuration>
	<configSections>
		<section name="MoxieManager" type="MoxieManager.Core.ConfigHandler,MoxieManager.Core" requirePermission="false" />
	</configSections>

	<MoxieManager>
		<plugins>
			<plugin type="MoxieManager.Plugins.AspNetAuthenticator.Plugin" />
			<plugin type="MoxieManager.Plugins.AutoFormat.Plugin" />
			<plugin type="MoxieManager.Plugins.AutoRename.Plugin" />
			<plugin type="MoxieManager.Plugins.BasicAuthenticator.Plugin" />
			<plugin type="MoxieManager.Plugins.ExternalAuthenticator.Plugin" />
			<plugin type="MoxieManager.Plugins.Favorites.Plugin" />
			<plugin type="MoxieManager.Plugins.History.Plugin" />
			<plugin type="MoxieManager.Plugins.IpAuthenticator.Plugin" />
			<plugin type="MoxieManager.Plugins.SessionAuthenticator.Plugin" />
			<plugin type="MoxieManager.Plugins.Uploaded.Plugin" />
		</plugins>

		<config>
			<!-- General -->
			<add key="general.license" value="MY-KEY" />
			<add key="general.hidden_tools" value="" />
			<add key="general.disabled_tools" value="" />
			<add key="general.demo" value="false" />
			<add key="general.debug" value="true" />
			<add key="general.language" value="en" />
			<add key="general.temp_dir" value="" />
			<add key="general.allow_override" value="*" />

			<!-- Storage -->
			<add key="storage.engine" value="json" />
			<add key="storage.path" value="./data/storage" />

			<!-- Filesystem -->
			<add key="filesystem.rootpath" value="../../../../uploads/1;../../../../uploads" />
			<add key="filesystem.include_directory_pattern" value="" />
			<add key="filesystem.exclude_directory_pattern" value="/^mcith$/i" />
			<add key="filesystem.include_file_pattern" value="" />
			<add key="filesystem.exclude_file_pattern" value="" />
			<add key="filesystem.extensions" value="jpg,jpeg,png,gif,html,htm,txt,docx,doc,zip,pdf" />
			<add key="filesystem.readable" value="true" />
			<add key="filesystem.writable" value="true" />
			<add key="filesystem.directories">
				<!--
				<directory pattern="images">
					<add key="upload.extensions" value="gif,jpg,png" />
				</directory>
				-->
			</add>
			<add key="filesystem.allow_override" value="*" />

			<!-- Createdir -->
			<add key="createdir.templates" value="" />
			<add key="createdir.include_directory_pattern" value="" />
			<add key="createdir.exclude_directory_pattern" value="" />
			<add key="createdir.allow_override" value="*" />

			<!-- Createdoc -->
			<add key="createdoc.templates" value="" />
			<add key="createdoc.fields" value="Document title=title" />
			<add key="createdoc.include_file_pattern" value="" />
			<add key="createdoc.exclude_file_pattern" value="" />
			<add key="createdoc.extensions" value="*" />
			<add key="createdoc.allow_override" value="*" />

			<!-- Upload -->
			<add key="upload.include_file_pattern" value="" />
			<add key="upload.exclude_file_pattern" value="" />
			<add key="upload.extensions" value="*" />
			<add key="upload.maxsize" value="100MB" />
			<add key="upload.overwrite" value="false" />
			<add key="upload.autoresize" value="false" />
			<add key="upload.autoresize_jpeg_quality" value="75" />
			<add key="upload.max_width" value="800" />
			<add key="upload.max_height" value="600" />
			<add key="upload.chunk_size" value="5mb" />
			<add key="upload.allow_override" value="*" />

			<!-- Delete -->
			<add key="delete.include_file_pattern" value="" />
			<add key="delete.exclude_file_pattern" value="" />
			<add key="delete.include_directory_pattern" value="" />
			<add key="delete.exclude_directory_pattern" value="" />
			<add key="delete.extensions" value="*" />
			<add key="delete.allow_override" value="*" />

			<!-- Rename -->
			<add key="rename.include_file_pattern" value="" />
			<add key="rename.exclude_file_pattern" value="" />
			<add key="rename.include_directory_pattern" value="" />
			<add key="rename.exclude_directory_pattern" value="" />
			<add key="rename.extensions" value="*" />
			<add key="rename.allow_override" value="*" />

			<!-- Edit -->
			<add key="edit.include_file_pattern" value="" />
			<add key="edit.exclude_file_pattern" value="" />
			<add key="edit.extensions" value="jpg,jpeg,png,gif,html,htm,txt" />
			<add key="edit.jpeg_quality" value="90" />
			<add key="edit.line_endings" value="crlf" />
			<add key="edit.encoding" value="utf-8" />
			<add key="edit.allow_override" value="*" />

			<!-- View -->
			<add key="view.include_file_pattern" value="" />
			<add key="view.exclude_file_pattern" value="" />
			<add key="view.extensions" value="jpg,jpeg,png,gif,html,htm,txt,pdf" />
			<add key="view.allow_override" value="*" />

			<!-- Download -->
			<add key="download.include_file_pattern" value="" />
			<add key="download.exclude_file_pattern" value="" />
			<add key="download.extensions" value="*" />
			<add key="download.allow_override" value="*" />

			<!-- Thumbnail -->
			<add key="thumbnail.enabled" value="true" />
			<add key="thumbnail.auto_generate" value="true" />
			<add key="thumbnail.mode" value="resize" />
			<add key="thumbnail.use_exif" value="true" />
			<add key="thumbnail.width" value="90" />
			<add key="thumbnail.height" value="90" />
			<add key="thumbnail.folder" value="mcith" />
			<add key="thumbnail.prefix" value="mcith_" />
			<add key="thumbnail.delete" value="true" />
			<add key="thumbnail.jpeg_quality" value="75" />
			<add key="thumbnail.allow_override" value="*" />

			<!-- Authentication -->
			<add key="authenticator" value="ExternalAuthenticator" />
			<add key="authenticator.login_page" value="" />

			<!-- SessionAuthenticator -->
			<add key="SessionAuthenticator.logged_in_key" value="isLoggedIn" />
			<add key="SessionAuthenticator.user_key" value="user" />
			<add key="SessionAuthenticator.config_prefix" value="moxiemanager" />

			<!-- ExternalAuthenticator -->
			<add key="ExternalAuthenticator.external_auth_url" value="auth.asp" />
			<add key="ExternalAuthenticator.secret_key" value="abcd1234" />

			<!-- IpAuthenticator -->
			<add key="IpAuthenticator.ip_numbers" value="127.0.0.1" />

			<!-- Local filesystem -->
			<add key="filesystem.local.wwwroot" value="" />
			<add key="filesystem.local.urlprefix" value="{proto}://{host}/" />
			<add key="filesystem.local.urlsuffix" value="" />
			<add key="filesystem.local.access_file_name" value="mc_access" />
			<add key="filesystem.local.allow_override" value="*" />

			<!-- Log -->
			<add key="log.enabled" value="false" />
			<add key="log.level" value="error" />
			<add key="log.path" value="./data/logs" />
			<add key="log.filename" value="{level}.log" />
			<add key="log.format" value="[{time}] [{level}] {message}" />
			<add key="log.max_size" value="1m" />
			<add key="log.max_files" value="10" />
			<add key="log.filter" value="" />

			<!-- GoogleDrive -->
			<add key="googledrive.client_id" value="" />

			<!-- DropBox -->
			<add key="dropbox.app_id" value="" />

			<!-- AutoFormat -->
			<add key="autoformat.rules" value="" />
			<add key="autoformat.jpeg_quality" value="90" />
			<add key="autoformat.delete_format_images" value="true" />

			<!-- AutoRename -->
			<add key="autorename.enabled" value="false" />

			<!-- BasicAuthenticator -->
			<add key="basicauthenticator.users">
				<!-- <user name="admin" password="" email="spam@localhost" groups="administrator" /> -->
			</add>

			<!-- Favorites -->
			<add key="favorites.max" value="20" />

			<!-- History -->
			<add key="history.max" value="3" />
		</config>
	</MoxieManager>

	<system.web>
		<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="" />
	</system.web>
</configuration>

Open in new window

0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39918553
If you can use the sessions version, that may be the easiest.

Looking at the code http://www.tinymce.com/wiki.php/MCImageManager:Authentication
// Setup sessions on login page for example
Session("MyIsLoggedInState") = true;
Session("imagemanager.filesystem.path") = "/www/myroot";
Session("imagemanager.filesystem.rootpath") = "/www/myroot";

Open in new window


Could be
// Setup sessions on login page for example
<%
if  intoxicated_curveball_user_is_logged_in = "yes" then
    response.write "Session(""MyIsLoggedInState"") = true;"
    else
    response.write "Session(""MyIsLoggedInState"") = false;"
end if
%>
Session("imagemanager.filesystem.path") = "/www/myroot";
Session("imagemanager.filesystem.rootpath") = "/www/myroot";

Open in new window

0
 

Author Comment

by:intoxicated_curveball
ID: 39918802
The Session version doesn't work with Classic ASP it's the whole reason they created the External Authentication version. I really wish it did, that would make life a lot easier.
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39918968
Why do you have these files loaded?
<!-- Authentication -->
			<add key="authenticator" value="ExternalAuthenticator" />
			<add key="authenticator.login_page" value="" />

			<!-- SessionAuthenticator -->
			<add key="SessionAuthenticator.logged_in_key" value="isLoggedIn" />
			<add key="SessionAuthenticator.user_key" value="user" />
			<add key="SessionAuthenticator.config_prefix" value="moxiemanager" />

Open in new window

0
 

Accepted Solution

by:
intoxicated_curveball earned 0 total points
ID: 39923650
Scott - so it turns out it was a bug in their code base (compiled) - they have actually updated their code to fix the bug. Thanks so much for trying to help, I wish I could give you points but I don't think it would be right.
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
ID: 39923706
Just accept your own solution that it was a bug in the code.
0
 

Author Closing Comment

by:intoxicated_curveball
ID: 39939099
Company updated their code and provided me with the fix.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now