AJS 4.x Manual

Note! This Manual is for the "Windows authentication" version, which is designed to work with existing Windows server or Active Directory accounts and Windows authentication. If you want to create accounts by yourself and store their credentials in your own HTTP Commander XML database, you need to download the "Forms authentication" version! This Manual is for the Windows authentication version only!

Web file manager Free Installation assistance Manual Home page

HTTP Commander common FAQ

• How can I update my existing installation with the latest version without losing config and settings?
• I got a "Request for the permission of type 'System.Web.AspNetHostingPermission... error
• I can't install the application. Is there anybody why can help me?
• How can I restart the application?
• How can I change the logo or top header?
• How to branding of e-mail for sending public links?
• How does HTTP Commander control user's count?
• How can I use HTTP Commander with SSL?
• Can the first loading process be faster?
• Can I make the application faster (increase performance)?
• Loading of folders/files list is very slow (specially for a network folder) and takes several seconds.
• If I map a folder I get the error "The folder you entered does not appear to be valid..."?
• I got an "Access to path '...' is denied" error.
• I got The page cannot be found error (error 404) when I open http://localhost/HTCOMNET/default.aspx or any other page.
• I see the page with ASP.NET tags at the top e.g. "<%@ Page Language="C#" %>".
• I got a "Required permissions cannot be acquired" error.
• I got a "Request for the permission of type 'System.Security.Permissions... error.
• I got a "Internet Explorer cannot download Download.ashx from [domainname]" error while a file was being downloaded.
• I got a "Server Application Unavailable" error.
• I got the Error "500.19" at web.config file ("modules" section).
• I've opened "Silverlight" file uploader tab but the window is empty.
• Does HTTP Commander support Web garden or Web farm?
• Is HTTP Commander supports file solutions like DFS folders, UNC folders, ABE, NAS?
• How Can I configure documents management features like Google docs, MS Office and OpenOffice online edit?
• Can I pass some settings in URL?
• How can I add Static Content Role service at IIS7?
• When I am authenticated for "Download/Upload from/to Google", I got the "The site "http://yourdomainname.com" has not been registered." error.
• How do I protect configuration files (prevent them to be retrieved by users)?
• Can I use SSO?
• When I become authorized in Microsoft OneDrive I receive the "'evt_Login_onload' is undefined" error.
• The Default.aspx page is incorrectly displayed.
• I got the Error HTTP 403.18 - Forbidden when open files from Images/resources_1.5 folder.
• I got the error The parameter is incorrect when open file list
• Why Microsoft Office still opens my document (View / Edit → Edit in MS Office) as read-only?
• Error on download/upload with Dropbox or Box: Could not load file or assembly 'Newtonsoft.Json, Version=7.0.0.0...
• How to disable WebDav feature?
• Page reloaded when file list is scrolled up in Chrome browser on Android.

Windows authentication version related questions

• How can I hide files/folders that the user does not have rights to read?
• How can I create a "dropbox" for users (student can upload their own files but can't view other students files)?
• Every time I insert my login and password in the authentication window I get a "You are not authorized" error.
• Why would I need to use Basic authentication instead of Windows?
• May I use network folders with Windows Integrated Authentication?
• I can't create access for a group or to a home folder.
• Can I setup access only for single OU (Organisational Unit) of domain?
• Can I use application in DMZ and what ports for firewall should I open?
• Loading of folders tree is very slow and needs a few seconds.
• Can I use Forms authentication (Form at the web page) instead of standard browser popup authentication window?
• How do I clear windows authentication on Log out?
• After changing my username in Active Directory/WinNT I can still login to HTTP Commander, but then I don't see any of the folders.
• When opening - request of authorization occurs 2 (or more time) and after login form for Forms version opens.
• How can I display some text when user logs into Http Commander (at the time when popup login window appears)?

Answer: You can run diagnostics and look for known problems. If you can't run the application or configure folders, we offer free installation assistance for both trial and commercial licenses. You can get help via email, instant messenger or via remote access to your server. You only need a few minutes to get online help.

Answer: To restart the application, click the "Restart" button in the Admin panel. Also to restart the application, you can make some changes in the Web.config file (e.g. add a spacer in any comment). The Application will restart automatically.
For full application restart (only if you have some system errors!):

• Stop all w3w.exe processes;
• Delete C:\WINDOWS\Microsoft.NET\Framework\[.NET version]\Temporary ASP.NET Files\HTCOMNET folder.

How can I change the logo or top header?

Answer: You can add a logo to the toolbar or to the top panel (at the top of file manager window)

Click here to read more about setting your logo.

How to branding of e-mail for sending public links?

Answer: see Branding manual.

Answer: HTTP Commander controls user session count and unique user's names. A new session is created for every visitor. Each user can have a few sessions if he doesn't clicked logout button. But after 1 hour, the session is closed automatically. To terminate existing sessions by yourself, you need to restart the application.

Answer: HTTP Commander works both with http and https protocols. http protocol works out of box. To enable https protocol, you need to install an SSL certificate on IIS. The instructions below describe how to order a certificate from a globally recognized certificate authority (recommended option) and how to create a self-signed certificate.

A self-signed certificate will allow you to use the https protocol, but the web browser will warn that the certificate is not valid since it comes from an unknown authority. To get a certificate that passes verification, you need to either order a certificate at a globally recognized certificate authority, or establish a trusted authority inside your corporate network.

Order certificate at a globally recognized certificate authority

As an example we consider ordering a certificate at Thawte. You may choose any other authority you trust.

• Select a certificate for your web site: SSL certificates.
• Generate a Certificate Signing Request as described in Key and CSR Generation Instructions. You'll need it later.
• Click the Buy button to order the chosen certificate. You'll fill out a number of web forms in the process. At one step you'll have to specify the Certificate Signing Request.
• Track the status of the certificate in Thawte Certificate Center.
• Install the SSL certificate according to Thawte manual.
• Backup the certificate (optional).

Install Self-Signed certificate

• For IIS 5, 6
  • Download the Microsoft IIS resource kit (supports IIS 5,6) at http://www.microsoft.com/downloads/details.aspx?FamilyID=56FC92EE-A71A-4C73-B628-ADE629C89499&displaylang=en.
  • Install the IIS resource kit on the server.
  • Run Start-> Programs-> IIS Resources-> Self SSL-> SelfSSL
  • See the instructions about how to run the command to create your own SSL.
    Run the command: selfssl.exe /N:CN=DOMAINNAME /K:1024 /V:7 /S:1 /P:443
  • Now you can open https://localhost/HTCOMNET/ in a browser.
  • To disabled non-SSL connections, open IIS manager, expand the web site tree, right-click the HTCOMNET application, select "Properties", open Directory Security tab, click "Edit...", check "Require secure channel (SSL)".
• For IIS 7 and above
  • Open IIS manager, select the server node in the connections tree
  • Open the Server Certificates feature
  • On the actions pane click the "Create Self-Signed Certificate" link
  • Specify a friendly name of the certificate in the opened dialog box. That may be any name. Click OK button.
  • The certificated is created, you should see it in the Server Certificates list.
  • Select the web site that contains HTTP Commander in the connection tree
  • Click the Bindings link on the actions pane
  • In the Site Bindings dialog click the Add button.
  • Select https protocol in the type box in the "Add Site Binding" dialog box
  • Select the SSL certificate you created earlier in the "SSL certificate" box
  • Change any other settings in the dialog box, if changes are needed, click the OK button.
  • Click the Close button to close the Site Bindings dialog.
  • You're done now, you can use the https protocol to connect to HTTP Commander.

A self-signed certificate is untrusted by definition. The web browser will warn you about the problem when you try to open a web site with untrusted certificate.

WebDAV over https with invalid certificate works unreliably. While web browser will warn you about the problem and allow you to proceed, WebDAV may refuse to connect to the web folder with a misleading error message. You may circumvent the problem by installing self-signed certificate into the trusted authorities container on the client machine.

Install untrusted certificate into trusted authorities container

1. Open Internet Explorer with administrative rights

2. Open target site using https

   Screenshot

    

3. Confirm that you want to proceed in spite of the security problem.

   Screenshot

    

4. Click "Certificate Error" Security report on the address bar, then click the "View certificates" link in the pop-up window.

   Screenshot

    

5. Click the "Install Certificate" button in the certificate properties window.

   Screenshot

    

6. Click "Next" in the Certificate Import Wizard. On the next step, "Certificate Store", select "Place all certificates in the following store", in the "Certificate store" field select "Trusted Root Certification Authorities". Click "Next".

   Screenshot

    

7. Click Finish to close the Certificate Import Wizard.

8. Click "Yes" in the security warning dialog box.

   Screenshot

    

• It is recommended to enable gzip compression
• You can setup content expiration for the Images\ folder so images will be loaded for the user once and requests "if-modified" will not be sent again during the next logon. This can increase performance in some cases because application uses many images. To setup content expiration: For IIS 7, 8: expand the HTCOMNET\Images\ folder, then in the right panel open "HTTP Response Headers". Choose action "Set common Headers..." and set content expiration on 2020 year (for nearest 10 years). For IIS 6: open HTCOMNET\Images\ folder settings at IIS, open "HTTP Headers" tab and set "Expire on" 2020 year (for nearest 10 years).
• You can disable the tree view or make it not auto collapsible. This makes the application faster because no requests for tree updates are needed. To disable tree set the "HideTree" parameter in the Application settings to "false" or set the parameter "TreeView" value to "NotAutoExpandable".
• Don't use a lot of columns for the files grid at "DisplayedDefaultColumnsInList" parameter of Application settings. Rendering files grid takes some time at the users side if there are many files in the folder.
• Note! Don't test application performance with Internet Explorer 8. This version works ineffectively with java scripts and HTML objects. More popular browsers like FireFox, Chrome, IE 9 are a few times faster.

• DisplayedDefaultColumnsInList - Remove "downloads" and other custom fields (like comments, description) which are stored in metadata from the list of available columns in file list. By default they are not included.
• EnableFilesFoldersLabels - Set the value to false.
• ShowFileMarkWhenExistsDetails - Set the value to false.

• For Server 2008, 2012, 2016: Click Start->Administration Tools->ServerManager->Features->Add Features-> check 'Desktop Experience' and click 'Install' button
  Screenshots

       

• For Server 2003: Start "WebClient" service at Administration Tools->Services and change Startup type to Automatic.

On a 32-bit system:

%windir%\Microsoft.NET\Framework\v4.0.21006\aspnet_regiis.exe -i

On a 64-bit system:

%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -i

1. The problem can appear because ASP.NET 2.0 and ASP.NET 1.1 applications are being used by the same pool. Check all your applications in IIS and set one application pool for the applications running under ASP.NET 2.0 and another pool for applications running under ASP.NET 1.1.
2. There are not enough NTFS permissions to HTCOMNET folder. See the NTFS permissions section of the Documentation.
   
3. There can also be some other reasons. You can try to restart the application.

• If you are running IIS 6 (windows 2003), you need to check if MIME type is added for Silverlight .xap files in IIS. See Application install in IIS 6 section.
• If you see the Silverlight installation button or a dialog window, and nothing is happening after Silverlight is installed, click F5 to refresh a browser.

• Use "Default.aspx?Language=English" to pass default language.
• Use "Default.aspx?folder=foldername" to open a specific folder first.
• Use "Default.aspx?file=path/to/file" to open a folder with the file and highlights it.
• Use "Default.aspx?isEmbeddedtoIFRAME=true" to show interface for iframe mode (with small icons).
• Use "Default.aspx?hideTree=true" to hide (or show by default if value is "false") tree panel with folders on left side (see HideTree parameter).
• Use "Default.aspx?TreeView=disabled", "Default.aspx?TreeView=enabled" or "Default.aspx?TreeView=notautoexpandable" to change view of tree panel with folders on left side (see TreeView parameter).
• Use "Default.aspx?defaultGridView=thumbnails" or "Default.aspx?defaultGridView=detailed" to show file list in thumnails or detailed mode
• Use "Default.aspx?Mobile=" to show the mobile interface (Smartphones) by default.
• Use "Default.aspx?Standard=" to show the standard interface (non Mobile) by default.

Answer: HTTP Commander stores configuration data on the server in a number of files. For security reasons, it is recommended to prevent users from retrieving them, since they expose sensitive information about the application. Configuration files are: web.config, HttpCommanderSettings.config, .xml file in the Data folder. web.config, HttpCommanderSettings.config files are protected by default. .xml files in Data folder are protected via the following section in web.config file (in case of trouble make sure these settings are present in the configuration file).

	<location path="Data">
		<system.web>
			<httpHandlers>
				<add path="*.xml" verb="*" type="System.Web.HttpForbiddenHandler"/>
			</httpHandlers>
		</system.web>
		<system.webServer>
			<!-- Setting only for IIS 7 and 7.5 -->
			<security>
				<requestFiltering>
					<fileExtensions>
						<add fileExtension=".xml" allowed="false" />
					</fileExtensions>
				</requestFiltering>
			</security>
		</system.webServer>
	</location>
    

In IIS 7 and above, configuration is restricted to web.config file. For IIS 5, 6 you need to proceed one step further to complete the setup. Map the .xml file name extension to ASP.NET as described in KB815152, Edit Script Mappings in Internet Services Manager section. Apply the setting to the HTTP Commander virtual directory.

To test the settings, try to download the configuration files with a browser (http://server/HttpCommander/Data/Accounts.xml). You should see

HTTP Commander includes examples of Single Sign-On (SSO) both for Basic authentication and authentication via Form (for Active Directory users).

Summary

• HTTP Commander with Windows authentication (Windows or Basic authentication in IIS, and ASP.NET impersonation is turned on)
  You may delegate authentication to the application by means of asynchronous HEAD request to Default.aspx page. The request should possess valid credentials.
• HTTP Commander with Forms authentication (Anonymous and Forms authentication in IIS). The application may use its' own account database (Accounts.xml file in Data directory) — Forms authentication mode or use windows accounts — "Forms with Windows users" authentication mode.
  There are two options to delegate authentication to HTTP Commander.
  • Pass the user name and password to the Default.aspx page in query string or in POST request. For example, HttpCommander/Default.aspx?username=User1&password=Passw*rd.
  • Forms authentication across applications
• Shibboleth authentication. HTTP Commander delegates authentication to Shibboleth. See Shibboleth integration for more details.

Details

In all cases except Forms authentication across applications, you should have valid credentials to authenticate in HTTP Commander. Thus SSO topic breaks up into two subtopics: obtaining credentials and authenticating in the Web file manager.

• Basic authentication on the other site: If you have a web site configured for Basic authentication, then you can pass these credentials to HTTP Commander so users will be authenticated in it as well. To authenticate in HTTP Commander, you need to send an AJAX request with credentials to the application. HTTP Commander distribution archive includes an example page BasicLoginExample.html in the Manual folder.

  To enable SSO you need:

  • Add the HttpCommanderAuthModule module in IIS 7 or 8 to your main web site:
    • Copy the Manual\owa\module\HttpCommanderAuthModule.dll file to the Bin folder of your main site.
    • Open IIS Manager and navigate to the site. In Features View double-click Modules. On the Modules page, in the Actions pane, click Add Managed Module. In the Add Managed Module dialog box, in the Name box, type a name for the managed module, e.g. HttpCommanderAuthModule. In the Type box, enter exactly the following: HttpCommander.HttpCommanderAuthModule. Click OK. (Note. If you see warning as on the 2nd screenshot click "Yes")
      Screenshots

       
      
       

      
      Or you can add in the file web.config of site in the section system.webServer/modules a line
      <add name="HttpCommanderAuthModule" type="HttpCommander.HttpCommanderAuthModule" />.
      Screenshot

       

  • Open for editing the BasicLoginExample.html file. Copy its content to any page of your site where users will start HTTP Commander. File includes openHTTPCommander(URL) javascript function. Replace URL with correct HTTP Commander URL like 'http://yoursite/HTCOMNET/Default.aspx'.
  • Contact Element-IT technical support if you have troubles with this.

  Details — how it works

  Let's explore openHTTPCommander JavaScript function in BasicLoginExample.html file. First, it sends asynchronous HEAD request to the current web page, that is BasicLoginExample.html. We add an "r" parameter to the current page with random value. The request URL should look like this "BasicLoginExample.html?r=0.061323485323896254". The value of the parameter does not matter, it's needed to force the browser to send the request instead of returning a cached response. JavaScript sets a special "X-HttpCommander-Auth" header that is processed by the HttpCommanderAuthModule. When the module encounters the "X-HttpCommander-Auth" header in the request, it returns the user name and password of the logged in user with "X-HttpCommander-Auth" header to the client. JavaScript code reads the "X-HttpCommander-Auth" header from the response, gets the user name and password of the user logged into the web site. Using these credentials, JavaScript sends asynchronous an HEAD request to Default.aspx page of HTTP Commander. If the logged in user is allowed access to HTTP Commander, authentication procedure succeeds. Web browser opens HTTP Commander and log ins automatically.

• Forms authentication on the other site: If you have a login page where users type their name and password, then you can pass these credentials to HTTP Commander so users will be authenticated in it as well. To authenticate the user, you need to send an AJAX request with the credentials to the application. HTTP Commander has a working example page testSSO.html in the application root folder for user login via Form on page. You can look at the code of the page and move it to your login Form or contact us to get help.
  
  For testSSO.html page the only thing you need is to set anonymous authentication in IIS:

  • Copy and rename the file \testSSO.html (for example to login.html) into a directory of your site.
  • Configure anonymous access for this file. If you use ASP.NET, in IIS for this file enable only Anonymous Authentication, and also in the web.config file add in configuration section next section:

    <location path="your_new_name_for_testSSO.html">
        <system.web>
            <authorization>
                <allow users="*" />
            </authorization>
        </system.web>
    </location>

    Screenshots

     
    
     
    
     
    
     

  • Open for editing the file testSSO.html. Find the line:
    onclick="openHttpCommander(
    and replace Default.aspx with URL of HTTP Commander (for example http://yourdomainname/HTCOMNET/). Save the file.
    Screenshots

     
    
     

  • Check if it works. Open in a browser the testSSO.html page from your site. Enter valid credentials and login. If everything was correct, then HTTP Commander will be opened.
    Screenshots

     
    
     

• Whether it is allowed to display CSS in the browser
• Whether check there is an Images folder with nonblank contents, Styles-min.css file in directory with HTTP Commander and whether is to them access (NTFS rights)
• Open in browser Images/resources_1.5/css/ext-all-notheme.css url
  If you thus see Error HTTP 403.18 - Forbidden, then see FAQ I got the Error HTTP 403.18 - Forbidden...
• Open page in Chrome browser, press F12 and click on Console tab in Developer tools. Look, whether there are errors and what

1. With settings on settings tab in Admin Panel.
   You will need to set to false the values of following parameters:
   
   • EnableMSOfficeEdit
   • EnableOpenOfficeEdit
   • EnableWebFoldersLinks
2. Edit web.config file of HTTP Commander and remove from modules section ( system.webserver -> modules and at system.web - > httpModules sections) following module:
   <add name="FileWebDavModule" type="HttpCommander.FileWebDAVServer.FileWebDavModule, FileWebDAVServer" precondition="integratedMode" />

1. Open Default.aspx page in text editor .
2. Search for body tag
3. Append to body tag following code:
   <% if(isMobileBrowser) { %> style="overflow-y: hidden;" <% } %>
4. Result should look like this:
   <body id="pageBody" class="<%= pageBodyStyle %>" onload="<%= Utils.GetSetTimeOutScript() %>" <% if(isMobileBrowser) { %> style="overflow-y: hidden;" <% } %>>

• Check if the logon user has read NTFS permissions for the HTCOMNET folder. See NTFS permissions section of the Documentation.
• Try inserting the domain name prefix e.g. "domainname\username".
• For Basic authentication, check that you set the correct default domain name at Basic authentication settings at IIS. See "Application install" section of the Documentation.
• For Windows 2003 server, you need to be sure that you have opened the full URL with Default.aspx page in a browser i.e. http://localhost/HTCOMNET/Default.aspx. You can add "Default.aspx" page in default list in IIS.

• You can make access only to the local files stored on the same server (You can not use folders stored at remote servers).
  However if you web server is member of Domain, you can configure Delegation for correct work withNetwork Shares when Windows Integrated Authentication enabled.
• Dynamic user group membership detection won't work if the application is installed at a non domain controller (But you can make it work if you will use static file as AD info storage. See ADAccountsFilePath key).
  However it is still possible to get list of user groups from Windows auth token when Windows Integrated authentication used.
• On some Android-based devices browsers don't support Windows authentication but work great with Basic.

• Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
• Expand domain, and then expand the Computers folder.
• In the right pane, right-click the computer name for the Web server, select Properties, and then click the Delegation tab.
• Click to select Trust this computer for delegation to specified services only.
• Ensure that Use Kerberos only is selected, and then click OK.
• Click the Add button. In the Add Services dialog box, click Users or Computers, and then browse to or type the name of the File server that is to be used in HTTP Commander. Click OK.
• In the Available Services list, select the CIFS service. Click OK.

• Check if Basic authentication is enabled in IIS settings, not Windows integrated.
• Check permissions for a user to read its own membership info. See how to grant permissions at ReadWindowsUsersGroupMembership key description.

Answer: yes. You have a number of options.

Solution 1. testSSO.html page

HTTP Commander distribution includes testSSO.html file for this purpose. You need to configure anonymous authentication for this page in IIS Manager:

Note This solution only works in the Windows version of HTTP Commander. IIS authentication on the target web application (HTTP Commander) should be set to Basic or Windows.

Details - how testSSO.html works

testSSO.html page presents the user with an HTML form where they will enter their user name, password, and select the language of the HTTP Commander interface. After clicking on the Login button, JavaScript code sends an asynchronous HEAD request to Default.aspx page — the main page of the HTTP Commander application. JavaScript code authenticate in the Default.aspx page using the credentials supplied by the user. Note that Default.aspx page should be configured for Basic or Windows authentication, Forms authentication will not work here. If authentication succeeds, the web browser is redirected to the Default.aspx page. Since the browser already authenticated in that page (and hence to the application), the user is logged on to HTTP Commander. If authentication fails, the user sees an error message and is presented with the same login form on testSSO.html.

Simply put, testSSO.html page provides an HTML logon form for a web application requiring Windows authentication.

Solution 2. "Forms with Windows users" authentication mode

• Open the Admin panel in the Http Commander web interface.
• Change the value of the AuthMode parameter to "Forms with Windows users".
• Revise NTFS permission.

Solution 3. Proxy server in front of Http Commander.

You may configure a proxy server to handle authentication using web form (cookie-based authentication) while the web application is using windows authentication.

Some our customers using MS ISA Server successfully replaced Basic authentication with Forms by ISA settings. Read more info at http://technet.microsoft.com/en-us/library/bb794733.aspx. See also our article Publishing HTTP Commander through Forefront Threat Management Gateway 2010.

Answer: Contemporary web browsers cache credentials a user supplied to authenticate to a web application. Unfortunately, they do not provide an interface to clear authentication data on demand (with the exception of Microsoft Internet Explorer). Web browsers clear authentication data when you close the browser, but they normally do not clear them when you simply close the tab. The practical result of this issue is that the Log out button in Http Commander does not in fact log the user out in any browser except Internet Explorer. After log out you may continue to use Http Commander under the same user you used to log in the last time. You'll not be asked to authenticate again. The only reliable method to log out is to terminate the browser process.

Http Commander implements a workaround to this problem. That is it makes the browser to forget user credentials. The user has to authenticate in the application after logout to continue using Http Commander. You need to go through a few configuration steps to activate the solution.

Step 1. Enable anonymous authentication for ForceLogout.aspx

• For Windows Server 2008, 2012, 2016
  • Locate the HTTP Commander application in IIS Manager, switch to Context view.
  • Locate ForceLogout.aspx, right-click on in, select "Switch to Features View".
  • Open Authentication feature.
  • Enable Anonymous authentication, disable all other authentication types.
• For Windows Server 2003
  • Locate ForceLogout.aspx file in IIS manager, right-click on it, select Properties.
  • In the Properties dialog, open the File Security tab, click the Edit button in Authentication and access control group.
  • In the Authentication Methods dialog, check "Enable anonymous access", uncheck all other check boxes.

Step 2. Specify basic authentication realm in IIS

• For Windows Server 2008, 2012, 2016
  • Open IIS Manager, click the Http Commander application on the tree panel.
  • Open the Authentication feature.
  • Select basic authentication (it should be enabled).
  • Click Edit on the Actions panel.
  • Specify the value of the realm field.
  • Click OK to close the dialog.
• For Windows Server 2003
  • Open IIS Manager, open properties of the Http Commander application.
  • Open the "Directory Security" tab.
  • Click the Edit button in the "Authentication and access control" area.
  • Specify the value of the realm field.
  • Click the OK button to close the "Authentication methods" dialog.
  • Click the OK button to close the Properties dialog.

You may use any non-blank string for the realm parameter, for example, name of the server machine. The point is you must specify the same value in both IIS manager and in Http Commander settings.

Step 3. Specify BasicAuthenticationRealm parameter in Http Commander

• Open the Admin panel in Http Commander.
• Click the "Show hidden parameters" button on the top panel if hidden parameters are not shown.
• Set the BasicAuthenticationRealm parameter in the main section to the value you've assigned in IIS.
• Click the "Save settings" button.

1. Create new html page in root folder of Http Commander. For example, index.html
2. Edit contents of that page to display some useful information.
   Include following meta tag into head section of the page to automatically load default.aspx page:
   <meta http-equiv="refresh" content="1;url=default.aspx">
   Example:
   <!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="refresh" content="1;url=default.aspx" /> <title>Welcome to Web file manager</title> </head> <body> Hello, welcome to web file manager. Please login with your domain account ! </body> </html>
3. Configure Anonymous access to newly created index.html file:
   • For IIS 7, 7.5, 8, 8.5, 10 (Windows 2008, 2012, 2016):
     • Open the IIS console: Control panel-> Administrative tools-> Internet Information Services
     • Expand "Web Sites", "Default web site", "HTCOMNET".

     • Right-click the "HTCOMNET" virtual folder and select "Switch to content view" in the context menu. In the list of files in the middle panel, select the "index.html" file and click the "Switch to features view" option. Now you may change settings pertaining to the "index.html" file. Click the "Authentication" feature on the central pane.

       • Enable "Anonymous Authentication" and "ASP.NET Impersonation". Disable other items.
         Screenshot

          

   • For IIS 6 (Windows 2003):
     • Open the IIS console: Control panel->Administrative tools-> Internet Information Services->Expand "Web Sites", "Default web site", "HTCOMNET"folder.
     • In the right panel, right-click the "index.html" file and select "Properties" in the context menu.
       In the index.html properties dialog box, open the "Directory Security" tab, click the "Edit.." button.
       Check the "Enable anonymous access" option and uncheck the "Basic authentication" and "Windows Integrated" options.
       
4. Use link to htcomnet/index.html file to display contents of index.html page during login process.