Answer: Please refer to the Upgrade section of documentation.

Answer: Problem related to Windows Server security. You need to unblock HTTPCommanderAJSx.x.x.zip (distribution archive) file because it came from another PC (Internet) and then extract it to HTCOMNET folder again. Restart the application after this (close w3we.exe process).
See Installation section how to unblock files.

Answer: You must add a section system.codedom in the Web.config file with the latest version of the compiler. See Update Manual.

Answer: see note for auto-upgrade.

Answer: You must copy the bin\roslyn folder from the distribution to the bin folder with the HTTP Commander application installed.

Answer: You can run Diagnostics and look for known problems. If you can't run the application or configure folders, we offer free installation assistance for both trial and commercial licenses. You can get help via email, instant messenger or via remote access to your server. You only need a few minutes to get online help.

Answer: To restart the application, click the "Restart" button in the Admin panel. Also to restart the application, you can make some changes in the Web.config file (e.g. add a spacer in any comment). The Application will restart automatically.
For full application restart (only if you have some system errors!):

• Stop all w3wp.exe processes
• Delete folder

  %WINDIR%\Microsoft.NET\Framework[64]\v4.0.30319\Temporary ASP.NET Files\[HTCOMNET]

  where
  [HTCOMNET] is your HTTP Commander application name at IIS
  
  Note. Instead of the "%WINDIR%\Microsoft.NET\Framework[64]\v4.0.30319\Temporary ASP.NET Files" path, another can be used, see the tempDirectory attribute in the system.web/compilation section of the Web.config file in the [HTCOMNET] folder.

Answer: You can add a logo to the toolbar or to the top panel (at the top of file manager window)

Click here to read more about setting your logo.

Answer: see Branding manual.

Answer: HTTP Commander controls user session count and unique user's names. A new session is created for every visitor. Each user can have a few sessions if he doesn't clicked logout button. But after 1 hour, the session is closed automatically. To terminate existing sessions by yourself, you need to restart the application.

Answer: HTTP Commander works both with http and https protocols. http protocol works out of box. To enable https protocol, you need to install an SSL certificate on IIS. The instructions below describe how to order a certificate from a globally recognized certificate authority (recommended option) and how to create a self-signed certificate.

A self-signed certificate will allow you to use the https protocol, but the web browser will warn that the certificate is not valid since it comes from an unknown authority. To get a certificate that passes verification, you need to either order a certificate at a globally recognized certificate authority, or establish a trusted authority inside your corporate network.

Order certificate at a globally recognized certificate authority

As an example we consider ordering a certificate at Thawte. You may choose any other authority you trust.

• Select a certificate for your web site: SSL certificates.
• Generate a Certificate Signing Request as described in Key and CSR Generation Instructions. You'll need it later.
• Click the Buy button to order the chosen certificate. You'll fill out a number of web forms in the process. At one step you'll have to specify the Certificate Signing Request.
• Track the status of the certificate in Thawte Certificate Center.
• Install the SSL certificate according to Thawte manual.
• Backup the certificate (optional).

Install Self-Signed certificate

• Open IIS manager, select the server node in the connections tree
• Open the Server Certificates feature
• On the actions pane click the "Create Self-Signed Certificate" link
• Specify a friendly name of the certificate in the opened dialog box. That may be any name. Click OK button.
• The certificated is created, you should see it in the Server Certificates list.
• Select the web site that contains HTTP Commander in the connection tree
• Click the Bindings link on the actions pane
• In the Site Bindings dialog click the Add button.
• Select https protocol in the type box in the "Add Site Binding" dialog box
• Select the SSL certificate you created earlier in the "SSL certificate" box
• Change any other settings in the dialog box, if changes are needed, click the OK button.
• Click the Close button to close the Site Bindings dialog.
• You're done now, you can use the https protocol to connect to HTTP Commander.

A self-signed certificate is untrusted by definition. The web browser will warn you about the problem when you try to open a web site with untrusted certificate.

Screenshot

WebDAV over https with invalid certificate works unreliably. While web browser will warn you about the problem and allow you to proceed, WebDAV may refuse to connect to the web folder with a misleading error message. You may circumvent the problem by installing self-signed certificate into the trusted authorities container on the client machine.

Install untrusted certificate into trusted authorities container

1. Open Edge (or IE) with administrative rights

2. Open target site using https

   Screenshot

   

3. Confirm that you want to proceed in spite of the security problem

   Screenshot

   

4. Click "Certificate Error" Security report on the address bar, then click the "View certificates" link in the pop-up window.

   Screenshot

   

5. Click the "Install Certificate" button in the certificate properties window.

   Screenshot

   

6. Click "Next" in the Certificate Import Wizard. On the next step, "Certificate Store", select "Place all certificates in the following store", in the "Certificate store" field select "Trusted Root Certification Authorities". Click "Next".

   Screenshot

   

7. Click Finish to close the Certificate Import Wizard

   Screenshot

   

Answer: The HTTP Commander has AJAX and 100% Javascript interface so it works rather quickly like a local application. When a visitor logons the HTTP Commander for the first time, it takes some time to load *.js, *.css and *.svg (image/svg+xml mime type) files. Such files are stored in a browser cache for some months, so the next logons will be much quicker.

HTTP Commander have caching enabled by default for /Images, /Scripts folders and for styles.css. styles-min.css files. Max-Age used to control caching of these resources and it set to 365 days by default. Caching is not enabled for whole application to prevent caching of downloaded files.
If you want to disable caching, you need to find and remove following sections from web.config file : <staticContent> <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" /> </staticContent> <caching enabled="true" enableKernelCache="true"> <profiles> <clear /> </profiles> </caching>
Please note, that profiles of caching section is cleared to make IIS correctly send Cache-Control header in response. If this section is not cleared, IIS still adding no-cache attribute to Cache-Control header.

You can make even the first loading process faster if you enable gzip compression in the IIS settings. With gzip enabled, the loading is 4-5 times faster. You need to enable gzip for static and dynamic content (*.js, *.css and *.svg (image/svg+xml mime type) files). See article how to enable compression in IIS.
Download the trial HTTP Sniffer to test if the compression works successfully.
Screenshots

Answer: Yes. There are a few things that can help you make the application faster. You can do all or just some of them:

• It is recommended to enable gzip compression
• You can setup content expiration for the Images\ folder so images will be loaded for the user once and requests "if-modified" will not be sent again during the next logon. This can increase performance in some cases because application uses many images. To setup content expiration expand the HTCOMNET\Images\ folder, then in the right panel open "HTTP Response Headers". Choose action Set common Headers... and set content expiration on 2028 year (for nearest 10 years).
• You can disable the tree view or make it not auto collapsible. This makes the application faster because no requests for tree updates are needed. To disable tree set the HideTree parameter in the Application settings to "false" or set the parameter TreeView value to NotAutoExpandable.
• Don't use a lot of columns for the files grid at DisplayedDefaultColumnsInList parameter of Application settings. Rendering files grid takes some time at the users side if there are many files in the folder.
• Note! Don't test application performance with IE 11. This version works ineffectively with java scripts and HTML objects. More popular browsers like Chrome, Firefox, Edge are a few times faster.

It could be related to usage of NTFS alternate streams by HTTP Commander to store/read custom metadata on files and folders.
They used to store such information as Labels, Comments, File history, downloads counting and custom details fields.
By default HTTP Commander configured to display in file list some information stored in metadata for each file, e.q. existance of comments or other metadata and labels. If you do not plan to use mentioned functionalities feel free to disable them by configuring following parameters:

• DisplayedDefaultColumnsInList - Remove downloads and other custom fields (like comments, description) which are stored in metadata from the list of available columns in file list. By default they are not included.
• EnableFilesFoldersLabels - Set the value to false.
• ShowFileMarkWhenExistsDetails - Set the value to false.

Configuring these parameters is enough to disable load of metadata for each file during load of file list for folder, which may significantly speed up loading for network folders.
While you still will be able to see downloads count (if download counting is enabled), comments, description and other custom metadata fields in file properties window and in file details panel.

Answer: First, try to map folder "https://demo.element-it.com/windows/hcwebdav" (without quotes). If it doesn't show the error and asks for credentials then it works (you can use demo/demo credentials). If mapping demo folder works but it doesn't map your application link, then the problem is with the application or WebDAV configuration. Check web folders mapping setup or contact us.
You cannot map folders in Server OS like Windows 2008, 2012, 2016 or 2019 by default. So, please test mapping from a non-server PC. For Servers 2008, 2012, 2016, 2019:
Click Start → Administration Tools → Server Manager → Features → Add Features → check WebDAV Redirector (or Desktop Experience for Windows 2008-2012) and click Next and Install buttons
Screenshots

Answer: The problem is related to the NTFS permissions. Check the NTFS permissions for HTCOMNET, data and your main content folders. See the NTFS Permissions section of the Documentation.

Answer: If you are sure that the path http://localhost/HTCOMNET/default.aspx exists but you are still getting the error, it means that the IIS doesn't execute ASP.NET code. This problem occurs if your IIS was installed after the .NET Framework installation.
Reinstall the .NET Framework (v4.7.2 or above) or execute the following commands as administrator:

%WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i

and (for 64-bit systems):

%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -i

Answer: ASP.NET has not started on the server and you have opened pages like clear HTML. See the "Application Install" section.

Answer: Both errors can be related to "Full trust" level. Check if "Full trust" is enabled for HTCOMNET application. See the Application Install section. <location allowoverride="true" path="Default Web Site/HTCOMNET"> <system.web> <trust level="Full" originurl="" /> </system.web> </location>
Also, check the permissions for IIS APPPOOL\DefaultAppPool" user on the HTCOMNET folder as well.
See the NTFS permissions section.

Answer: If you are using SSL, check Internet Explorer settings:
Tools → Internet Options → Advanced → Security → uncheck "Do not save encrypted pages to disk".
By default this option is unchecked. If the option is checked, the files cannot be saved from any SSL website.

Answer: There are two reasons for such error:

1. The problem can appear because ASP.NET 4.5 and ASP.NET 2.0 applications are being used by the same pool. Check all your applications in IIS and set one application pool for the applications running under .NET 4.5 and another pool for applications running under .NET 2.0.
2. There are not enough NTFS permissions to HTCOMNET folder. See the NTFS permissions section of the Documentation.
3. There can also be some other reasons. You can try to restart the application.

Answer: This error can occur if you you have disabled some features of Web.config to delegate. In most cases it occurs with the "modules" feature. You should open IIS, click the server root in the left tree. At the right panel, open "Feature Delegation", then Select "Modules" and change its delegation type to "Read/Write". If you have the error with other features, then set the delegation type for the other features.
Screenshot

Answer: No. HTTP Commander is running but does not work correctly if you have web garden or web farm enabled in IIS. Check if you have enabled web garden in the application pool settings and disable it or create a new pool for HTTP Commander. You should use only one worker process for the application.

Answer: Yes, it supports DFS, UNC, ABE, NAS and most other file related Windows Server technologies. First you would set up the folder in the Admin panel. Then type the path to the DFS folder like \\domain\foldername or UNC like \\servername\share\folder. If you set up UNC remote folder at the remote server or your DFS folders stores folders at remote servers then check if Basic Authentication is enabled in IIS settings, not Windows Integrated (for Domain network it is possible to use Windows Integrated authentication: May I use network folders with Windows Integrated Authentication?)! See why Basic authentication should be used.
For Domain network it is possible to use Windows Integrated authentication: May I use network folders with Windows Integrated Authentication? For ABE see more info here.

Answer: All info related to documents management features is described in the Application settings section.

Answer: Yes, you can pass some settings in the URL:

• Use "Default.aspx?Language=English" to pass default language.
• Use "Default.aspx?theme=themename" to view interface with specified theme (see StyleThemeName parameter).
• Use "Default.aspx?folder=foldername" to open a specific folder first.
• Use "Default.aspx?file=path/to/file" to open a folder with the file and highlights it.
• Use "Default.aspx?isEmbeddedtoIFRAME=true" to show interface for iframe mode (with small icons). See IsEmbeddedtoIFRAME parameter.
• Use "Default.aspx?hideTree=true" to hide (or show by default if value is "false") tree panel with folders on left side (see HideTree parameter).
• Use "Default.aspx?TreeView=disabled", "Default.aspx?TreeView=enabled" or "Default.aspx?TreeView=notautoexpandable" to change view of tree panel with folders on left side (see TreeView parameter).
• Use "Default.aspx?defaultGridView=thumbnails", "Default.aspx?defaultGridView=tiles" or "Default.aspx?defaultGridView=detailed" to show file list in thumnails or detailed mode (see DefaultGridView parameter).

Answer: To add Static Content role go to
Start → Administrative Tools → Server Manager → Roles.
Find in the right list the Web Server (IIS) role and click the Add Role Services link.
In the new window check Static Content, and then click Next and then Install buttons.
Screenshots

Answer: HTTP Commander stores configuration data on the server in a number of files. For security reasons, it is recommended to prevent users from retrieving them, since they expose sensitive information about the application. Configuration files are: Web.config, HttpCommanderSettings.config, .xml, .db files in the Data folder. Web.config, HttpCommanderSettings.config files are protected by default. .xml and .db files in Data folder are protected via the following section in Web.config file (in case of trouble make sure these settings are present in the configuration file).

...
  <location path="Data">
    <system.webServer>
      <handlers>
        <clear />
        <add name="HttpForbiddenHandlerXml" path="*.xml" verb="*" type="System.Web.HttpForbiddenHandler" />
        <add name="HttpForbiddenHandlerDb" path="*.db" verb="*" type="System.Web.HttpForbiddenHandler" />
      </handlers>
      <security>
        <requestFiltering>
          <fileExtensions>
            <remove fileExtension=".xml" />
            <add fileExtension=".xml" allowed="false" />
            <remove fileExtension=".db" />
            <add fileExtension=".db" allowed="false" />
          </fileExtensions>
        </requestFiltering>
      </security>
    </system.webServer>
  </location>
...

In IIS configuration is restricted to Web.config file.
To test the settings, try to download the configuration files with a browser (http://server/HttpCommander/Data/Accounts.xml). You should see:
Screenshots
See also, how to prevent files download from Data folder.

HTTP Commander includes examples of Single Sign-On (SSO) both for Basic Authentication and authentication via Form (for Active Directory users).

Summary

• HTTP Commander with Windows Authentication (Windows or Basic Authentication in IIS, and ASP.NET Impersonation is turned on).
  You may delegate authentication to the application by means of asynchronous HEAD request to Default.aspx page. The request should possess valid credentials.
• HTTP Commander with Forms Authentication (Anonymous and Forms Authentication in IIS). The application may use its' own account database (Accounts.xml file in Data directory) — Forms Authentication mode or use windows accounts — "Forms with Windows users" authentication mode.
  There are two options to delegate authentication to HTTP Commander.
  • Pass the user name and password to the Default.aspx page in query string or in POST request. For example, HttpCommander/Default.aspx?username=User1&password=Passw*rd.
  • Forms authentication across applications
• Shibboleth authentication. HTTP Commander delegates authentication to Shibboleth. See Shibboleth integration for more details.

Details

In all cases except Forms authentication across applications, you should have valid credentials to authenticate in HTTP Commander. Thus SSO topic breaks up into two subtopics: obtaining credentials and authenticating in the Web file manager.

• Basic authentication on the other site: If you have a web site configured for Basic authentication, then you can pass these credentials to HTTP Commander so users will be authenticated in it as well. To authenticate in HTTP Commander, you need to send an AJAX request with credentials to the application. HTTP Commander distribution archive includes an example page BasicLoginExample.html in the Manual folder.

  To enable SSO you need:

  • Add the HttpCommanderAuthModule module in IIS to your main web site:
    • Copy the Manual\HttpCommanderAuthModule.dll file to the Bin folder of your main site.
    • Open IIS Manager and navigate to the site. In Features View double-click Modules. On the Modules page, in the Actions pane, click Add Managed Module. In the Add Managed Module dialog box, in the Name box, type a name for the managed module, e.g. HttpCommanderAuthModule. In the Type box, enter exactly the following: HttpCommander.HttpCommanderAuthModule. Click OK (Note. If you see warning as on the 2nd screenshot click "Yes").
      Screenshots

      
      
      

      
      Or you can add in the file Web.config of site in the section system.webServer/modules a line

      <add name="HttpCommanderAuthModule" type="HttpCommander.HttpCommanderAuthModule, HttpCommander" preCondition="integratedMode" />

      Screenshot

      

  • Open for editing the BasicLoginExample.html file. Copy its content to any page of your site where users will start HTTP Commander. File includes openHTTPCommander(URL) javascript function. Replace URL with correct HTTP Commander URL like 'http://yoursite/HTCOMNET/Default.aspx'.
  • Contact Element-IT technical support if you have troubles with this.

  Details — how it works

  Let's explore openHTTPCommander Javascript function in BasicLoginExample.html file. First, it sends asynchronous HEAD request to the current web page, that is BasicLoginExample.html. We add an "r" parameter to the current page with random value. The request URL should look like this "BasicLoginExample.html?r=0.061323485323896254". The value of the parameter does not matter, it's needed to force the browser to send the request instead of returning a cached response. Javascript sets a special "X-HttpCommander-Auth" header that is processed by the HttpCommanderAuthModule. When the module encounters the "X-HttpCommander-Auth" header in the request, it returns the user name and password of the logged in user with "X-HttpCommander-Auth" header to the client. JavaScript code reads the "X-HttpCommander-Auth" header from the response, gets the user name and password of the user logged into the web site. Using these credentials, Javascript sends asynchronous an HEAD request to Default.aspx page of HTTP Commander. If the logged in user is allowed access to HTTP Commander, authentication procedure succeeds. Web browser opens HTTP Commander and log ins automatically.

• Forms Authentication on the other site: If you have a login page where users type their name and password, then you can pass these credentials to HTTP Commander so users will be authenticated in it as well. To authenticate the user, you need to send an AJAX request with the credentials to the application. HTTP Commander has a working example page testSSO.html in the application root folder for user login via Form on page. You can look at the code of the page and move it to your login Form or contact us to get help.
  
  For testSSO.html page the only thing you need is to set anonymous authentication in IIS:

  • Copy and rename the file testSSO.html (for example to login.html) into a directory of your site.
  • Configure anonymous access for this file. If you use ASP.NET, in IIS for this file enable only Anonymous Authentication, and also in the Web.config file add in configuration section next section:

    <location path="your_new_name_for_testSSO.html">
        <system.web>
            <authorization>
                <allow users="*" />
            </authorization>
        </system.web>
    </location>

    Screenshots

    
    
    
    
    
    
    

  • Open for editing the file testSSO.html. Find the line:

    onclick="openHttpCommander(

    and replace Default.aspx with URL of HTTP Commander (for example http://yourdomainname/HTCOMNET/). Save the file.
    Screenshots

    
    
    

  • Check if it works. Open in a browser the testSSO.html page from your site. Enter valid credentials and login. If everything was correct, then HTTP Commander will be opened.
    Screenshots

    
    
    

If Default.aspx page is displayed incorrectly, as on a screenshot below
Screenshot
please check the following:

• Whether it is allowed to display CSS in the browser
• Whether check there is an Images\themes\[theme_name]\resources\ folders exists, with nonblank contents and contain the files hc-all.css and have access to them (NTFS rights).
• Open page in Chrome browser, press F12 and click on Console tab in Developer tools. Look, whether there are errors and what.

This error means that in IIS installed URLScan ISAPI Filter and it is configured so that not allowed URLs in which path there are folders having in the name of a dots (parameter AllowDotInPath=0).
For the solution of this problem see how to configure URLScan Tool below:

This error can arise when reading to the network folder if the site in IIS with HTTPCommander works at a 64-bit platform, and in settings of a pool indicated value True for the Enable 32-Bit Applications parameter.
Specify False value for the Enable 32-Bit Applications parameter in advanced settings of a pool and restart it
(Application Pools → htcomnetpool → Advanced Settings).
Screenshot
See about Wow64FsRedirection in FindFirstFile article.

First of all check settings of work with WebDAV and read article Using MS Office and OpenOffice to work with documents.
Also check before opening of the document, having refreshed the file list, whether it is opened by other user (an icon The file is locked on the right or in the Labels column):
Screenshot
Also check NTFS persmissions for a read-write for a pool of applications and the user who opens the file.
And in addition check the file for block (the Unblock button in properties of the file) and if it is blocked, remove block (privileges of the administrator are necessary):
Screenshot
If the problem isn't fixed clear Microsoft Office WebDAV cache in registry on computer of user.
Microsoft Office reads WebDAV server options when connecting to server first time and stores them for later use.
The Microsoft Office WebDAV cache is stored under the key:

HKEY_CURRENT_USER\Software\Microsoft\Office\<version>\Common\Internet\Server Cache\

To clear cache just delete all keys under this key.
Also set OpenDocumentsReadWriteWhileBrowsing DWORD Value to 1 on a user machine under the key

HKEY_CURRENT_USER\Software\Microsoft\Office\<version>\Common\Internet

Note! After change registry keys restart computer or WebClient service.

Screenshot
Solution: in Web.config file replace Newtonsoft.Json assembly version x.0.0.0 to 12.0.0.0 (where x < 12).
See Update to version 5.

There are 2 ways to completely disable WebDav feature in HTTP Commander.

1. With settings on settings tab in Admin Panel.
   You will need to set to false the values of following parameters:
   • EnableMSOfficeEdit
   • EnableOpenOfficeEdit
   • EnableWebFoldersLinks
2. Edit Web.config file of HTTP Commander and remove from modules section (system.webserver → modules and at system.web → httpModules sections) following module:

   <add name="FileWebDavModule" type="HttpCommander.FileWebDAVServer.FileWebDavModule, FileWebDAVServer" precondition="integratedMode" />

This issue is fixed in HTTP Commander 4.5 an later. Here are steps to fix this issue on version prior 4.5:

1. Open Default.aspx page in text editor.
2. Search for body tag
3. Append to body tag following code:
   <% if(isMobileBrowser) { %> style="overflow-y: hidden;" <% } %>
4. Result should look like this:
   <body id="pageBody" class="<%= pageBodyStyle %>" onload="<%= Utils.GetSetTimeOutScript() %>" <% if(isMobileBrowser) { %> style="overflow-y: hidden;" <% } %>>

To fix this, enable the "Play animations in webpages" option in the IE setting:
Internet options → Advanced → Multimedia → Play animations in webpages.

Answer: This feature is controlled by Windows Server. You need to use ABE (Access Based Enumerations) for share. Windows Server (2008 R2 SP1, 2012, 2012 R2, 2016 and 2019) have ABE installed. But the ABE is disabled by default. To enable it (for each folder you need):

• Open Server Manager
• Select File and Storage Services → Shares
• Select shared folder and go to properties from context menu by right click
• In the properties window that opens, in Settings section, check the box Enable access-based enumeration.
  Then click the Apply and OK buttons.

Screenshot

In HTTP Commander you then create share. You should type your real share path like "\\servername\sharename". Don't use a full folder path like "c:\foldername" becouse ABE won't work in this case! After ABE is enabled, HTTP Commander will show only the files which user has rights to read and will not show other users files (if there are no read permissions).

Answer: First, you need to create the folder on your server file system and configure users NTFS permissions. It is possible to configure the NTFS permissions for students to enable them to create or modify their own files and to disable reading other users files from this folder. You can also configure to enable teachers to view all files. So this folder will be as dropbox there students can upload their own works and teachers can view their works. For this folder it is recommended to enable ABE to hide files which the user does not have rights to read (other students files).
In HTTP Commander you can share this folder with students and teachers groups. You can disable some actions you don't want in right "permissions" window. HTTP Commander supports NTFS so users won't be able to modify or view other users files if it is disabled by NTFS. Also if ABE is enabled, then files which the user does not have rights to read will be hidden.

Answer:

• Check if the logon user has read NTFS permissions for the HTCOMNET folder. See NTFS permissions section of the Documentation.
• Try inserting the domain name prefix e.g. "domainname\username".
• For Basic Authentication, check that you set the correct default domain name at Basic Authentication settings at IIS. See "Application install" section of the Documentation.

Answer:
You can use Windows Integrated Authentication (our demo works under this auth). But if you want to use Windows authentication, you will have some limitations:

• You can make access only to the local files stored on the same server (you can not use folders stored at remote servers).
  However if you web server is member of Domain, you can configure Delegation for correct work withNetwork Shares when Windows Integrated Authentication enabled.
• Dynamic user group membership detection won't work if the application is installed at a non domain controller (but you can make it work if you will use static file as AD info storage. See ADAccountsFilePath key).
  However it is still possible to get list of user groups from Windows auth token when Windows Integrated Authentication used.
• On some Android-based devices browsers don't support Windows Authentication but work great with Basic.

As conclusion: We recommend to use Windows Integrated Authentication when Web Server is joined into Domain and delegation can be configured.
For standalone Web Server we recommend to use Basic auth if you plan to use Network Shares in HTTP Commander and Windows Intergated Authentication if all folders will be local to the web server.
If you worry about sending password as a clear text while Basic authentication, you can use SSL.

Answer:
Yes, you can use Network folders with Windows Integrated Authentication when Web Server is member of Domain. But you will need to configure Delegation.
On the domain controller for your Web Server’s domain, complete the following steps:

• Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
• Expand domain, and then expand the Computers folder.
• In the right pane, right-click the computer name for the Web Server, select Properties, and then click the Delegation tab.
• Click to select Trust this computer for delegation to specified services only.
• Ensure that Use any authentication protocol is selected, and then click OK.
• Click the Add button. In the Add Services dialog box, click Users or Computers, and then browse to or type the name of the File server that is to be used in HTTP Commander. Click OK.
• In the Available Services list, select the CIFS service. Click OK.

It may take some time for new settings to take effect.

Answer: You need to check if the application reads groups correctly. You can see group list in Diagnostics.aspx page.
If the group list is empty in the diagnostics page or some error happens:

• Check if Basic Authentication is enabled in IIS settings, not Windows Integrated.
• Check permissions for a user to read its own membership info. See how to grant permissions at ReadWindowsUsersGroupMembership key description.

Answer: Yes, you can. Set UseUniversalWayToReadGroups parameter in the Application settings to "false" and for LDAPContainer parameter value of LDAP path of needed OU (like "LDAP://OU=staff,DC=HOMEELEMENT-IT,DC=COM" ("staff" OU of "homeelement-it.com" domain)). In such a case for the logon user, groups will be detected only from this OU (you can run Diagnostics.aspx to see groups list of logon user).

Answer: Yes, you can. You can install the application at the server in DMZ. Open HTTP (80) and HTTPS (443) ports. If you want to use Active Directory groups membership and home folder info then open LDAP port 389 and set UseUniversalWayToReadGroups parameter in the Application settings to "false" and for the LDAPContainer parameter, the value of the LDAP path to your domain controller.

Answer: It can be because of reading user group membership info and AD home folder. This needs some time because code connects to AD. You can disable this feature by ReadWindowsUsersGroupMembership parameter or play with UseUniversalWayToReadGroups and LDAPContainer parameters at Application settings.

Answer: yes. You have a number of options.

Solution 1. testSSO.html page

HTTP Commander distribution includes testSSO.html file for this purpose. You need to configure anonymous authentication for this page in IIS Manager:

Screenshots

Note This solution only works in the Windows version of HTTP Commander. IIS authentication on the target web application (HTTP Commander) should be set to Basic or Windows.

Details - how testSSO.html works

testSSO.html page presents the user with an HTML form where they will enter their user name, password, and select the language of the HTTP Commander interface. After clicking on the Login button, JavaScript code sends an asynchronous HEAD request to Default.aspx page — the main page of the HTTP Commander application. JavaScript code authenticate in the Default.aspx page using the credentials supplied by the user. Note that Default.aspx page should be configured for Basic or Windows authentication, Forms authentication will not work here. If authentication succeeds, the web browser is redirected to the Default.aspx page. Since the browser already authenticated in that page (and hence to the application), the user is logged on to HTTP Commander. If authentication fails, the user sees an error message and is presented with the same login form on testSSO.html.

Simply put, testSSO.html page provides an HTML logon form for a web application requiring Windows authentication.

Solution 2. "Forms with Windows users" authentication mode

• Open the Admin panel in the HTTP Commander web interface.
• Set "true" value for the WindowsUsersWithFormAuth parameter at Settings tab.
• Revise NTFS permission.

Note This solution only works in the Standard (Forms) version of HTTP Commander.

Solution 3. Proxy server in front of HTTP Commander.

You may configure a proxy server to handle authentication using web form (cookie-based authentication) while the web application is using windows authentication.

Some our customers using MS ISA Server successfully replaced Basic Authentication with Forms by ISA settings. Read more info at http://technet.microsoft.com/en-us/library/bb794733.aspx. See also our article Publishing HTTP Commander through Forefront Threat Management Gateway 2010.

Answer: Contemporary web browsers cache credentials a user supplied to authenticate to a web application. Unfortunately, they do not provide an interface to clear authentication data on demand (with the exception of Microsoft Internet Explorer). Web browsers clear authentication data when you close the browser, but they normally do not clear them when you simply close the tab. The practical result of this issue is that the Log out button in HTTP Commander does not in fact log the user out in any browser except Internet Explorer. After log out you may continue to use HTTP Commander under the same user you used to log in the last time. You'll not be asked to authenticate again. The only reliable method to log out is to terminate the browser process.

HTTP Commander implements a workaround to this problem. That is it makes the browser to forget user credentials. The user has to authenticate in the application after logout to continue using HTTP Commander. You need to go through a few configuration steps to activate the solution.

Step 1. Enable anonymous authentication for ForceLogout.aspx

• Locate the HTTP Commander application in IIS Manager, switch to Context view.
• Locate ForceLogout.aspx, right-click on in, select "Switch to Features View".
• Open Authentication feature.
• Enable Anonymous authentication, disable all other authentication types.

Step 2. Specify basic authentication realm in IIS

• Open IIS Manager, click the HTTP Commander application on the tree panel.
• Open the Authentication feature.
• Select basic authentication (it should be enabled).
• Click Edit on the Actions panel.
• Specify the value of the realm field.
• Click OK to close the dialog.

You may use any non-blank string for the realm parameter, for example, name of the server machine. The point is you must specify the same value in both IIS manager and in HTTP Commander settings.

Step 3. Specify BasicAuthenticationRealm parameter in HTTP Commander

• Open the Admin panel in HTTP Commander.
• Click the "Show hidden parameters" button on the top panel if hidden parameters are not shown.
• Set the BasicAuthenticationRealm parameter in the main section to the value you've assigned in IIS.
• Click the "Save settings" button.

Answer: This problem can arise because of caching the mapping between the SID and the user name in a local cache on the computer.
For obtaining more detailed information and problem elimination, see LsaLookupSids .

Answer: This problem is because Anonymous Authentication is enabled in IIS. It is necessary to disable it.
To check it, you can open IIS or launch Diagnostics Page (Authentication Mode section).
See also Manual configuration authentication mode.

When Windows authentication version is used, it is possible to restrict access to the application with help of the Authorization rules. They are configured in the system.web/authorization section in the web.config file.
Here is an example of the rule to allow access to the application only for a "teachers" group:

    <authorization>
        <allow roles="element-it\Teachers"/>
        <deny users="*"/>
    </authorization>

For more information about authorization rules read article.

Answer: You can create separate html page which will be available without authentication and redirect to Default.aspx page immediately after load of this page.
This will result to render page with your custom text while users enter their credentials. For example you can explain which credentials should be entered, which users are allowed, what users will see after login, etc.
How to do that:

1. Create new html page in root folder of HTTP Commander. For example, index.html.
2. Edit contents of that page to display some useful information.
   Include following meta tag into head section of the page to automatically load default.aspx page:
   <meta http-equiv="refresh" content="1;url=default.aspx">
   Example:
   <!DOCTYPE HTML> <html> <head> <meta http-equiv="refresh" content="1;url=default.aspx" /> <title>Welcome to Web file manager</title> </head> <body> Hello, welcome to web file manager. Please login with your domain account ! </body> </html>
3. Configure Anonymous access to newly created index.html file:
   • Open the IIS console: Control panel → Administrative tools → Internet Information Services (IIS) Manager
   • Expand Web Sites, Default Web Site, HTCOMNET.
   • Right-click the "HTCOMNET" virtual folder and select Switch to content view in the context menu. In the list of files in the middle panel, select the index.html file and click the Switch to features view option. Now you may change settings pertaining to the index.html file. Click the Authentication feature on the central pane.
     • Enable Anonymous Authentication and ASP.NET Impersonation. Disable other items.
       Screenshot

       

4. Use link to HTCOMNET/index.html file to display contents of index.html page during login process.

Answer:
First of all, check if Impersonation is enabled for the application and Handlers folder.
Then check the NTFS folder rights.
If everything is correct, then follow these steps:

• Stop IIS (in IIS Manager, on the left in the Connections tree, highlight the server, and then on the right in the Actions - click Stop).
• In each of the files (or only one of these files, depending on what bitiness the Application Pool is working under):

  %WINDIR%\Microsoft.NET\Framework\v4.0.30319\Aspnet.config,
  %WINDIR%\Microsoft.NET\Framework64\v4.0.30319\Aspnet.config,

  set legacyImpersonationPolicy to false and alwaysFlowImpersonationPolicy to true:

  <?xml version="1.0" encoding="UTF-8" ?>
  <configuration>
      <runtime>
          <legacyUnhandledExceptionPolicy enabled="false" />
                  <legacyImpersonationPolicy enabled="false"/>
                  <alwaysFlowImpersonationPolicy enabled="true"/>
          <SymbolReadingPolicy enabled="1" />
          <shadowCopyVerifyByTimestamp enabled="true"/>
      </runtime>
      <startup useLegacyV2RuntimeActivationPolicy="true" />
  </configuration>

• Start IIS.
• See also Microsoft Docs.