Refused to connect error
When you click the ImageVault button from Episerver, you are greeted with a Refused to connect error.
The console might also show a error message stating:
Refused to display 'xyz' in a frame because it set 'X-Frame-Options' to 'deny'.
This error can occur on both the ImageVault button or any of the ImageVault buttons that opens ImageVault from a property/tinymce editor.
This indicates that the user isn't logged in to ImageVault and tries to redirect to the login page in an iframe. This is not supported by the authentication provider that prohibits logging in into an iframe.
A workaround is to open your ImageVault in a separate tab and login to ImageVault first and then use the button.
Login problems with Episerver when using IE
When trying to logon to an external ImageVault using the popup window on a ImageVault plugin installation only on an episerver site the logon dialog don't work. You will never get authenticated and only returned to an empty logon form. Internet Explorer has a security implementation regarding the Privacy Preferences Project (P3P) which results in that IE wont accept cookies from cross domain requests when using an iframe. This will cause problems when using the popup window to select images in IE and the user hasn't logged in to the Episerver site in this setup. This problem was registered as a bug with Episerver (#107860) but was closed with reason "As designed".
1 Use windows authentication
Problem only exists if your Episerver site uses cookie based authentication like Forms authentication
2 Login manually
If you navigate to the ImageVault UI in a separate window, the Episerver auth cookie is set in the browser and reused in an iframe.
3 Add P3PHeader
If you add a P3P header to the HTTP response that states your Privacy Preferences IE will accept cookies. You can add the P3P header to all responses using the following setting in web.config.
<configuration> <system.webServer> <httpProtocol> <customHeaders> <add name="P3P" value="policyref="/w3c/p3p.xml", CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM""/> </customHeaders> </httpProtocol> </system.webServer> </configuration>
It's important to know that adding a P3P header tells the browser/client what Privacy Policies that the company stands for. Be advised to study the P3P specification for more information.
Only Internet Explorer and Netscape utilizes this header and further development of the P3P standard has ceased.
User get logged out from Episerver
This problem is in effect if:
- Your standalone Episerver site and the existing Episerver site (that hosts the ImageVault UI) shares the same host name and only are separated by different ports.
Site with UI are hosted under http://site.com:17000
Standalone site is hosted under http://site.com:17001
Use different host names on the sites so we don't get a cookie conflict.
Single sign on between ImageVault and Episerver using Forms authentication
This is achieved using the same machineKey on both installations. Requires both sites to be running on the same domain. See generate machine key for more information.