Web file manager Free Installation assistance Manual Home page

HTTP Commander common FAQ

How can I update my existing installation with the latest version without losing config and settings?
Answer: Please refer to the Upgrade section of documentation.
I got a "Request for the permission of type 'System.Web.AspNetHostingPermission..." error
Answer: Problem related to Windows Server security. You need to unblock HTTPCommanderAJSx.x.x.zip (distribution archive) file because it came from another PC (Internet) and then extract it to HTCOMNET folder again. Restart the application after this (close w3we.exe process).
See Installation section how to unblock files.
I got a "Compilation Error ... Compiler Error Message: CS1501: No overload for method 'AsHash' takes 0 arguments" error.
Answer: You must add a section system.codedom in the Web.config file with the latest version of the compiler. See Update Manual.
After auto-upgrade, i got a "Compilation Error ... Compiler Error Message: CS0009: Metadata file '...' could not be opened -- Illegal tables in compressed metadata stream." error.
Answer: see note for auto-upgrade.
I got a "Could not find part of the path '...\bin\roslyn\csc.exe'" error.
Answer: You must copy the bin\roslyn folder from the distribution to the bin folder with the HTTP Commander application installed.
I can't install the application. Is there anybody why can help me?
Answer: You can run Diagnostics and look for known problems. If you can't run the application or configure folders, we offer free installation assistance for both trial and commercial licenses. You can get help via email, instant messenger or via remote access to your server. You only need a few minutes to get online help.
How can I restart the application?
Answer: To restart the application, click the "Restart" button in the Admin panel. Also to restart the application, you can make some changes in the Web.config file (e.g. add a spacer in any comment). The Application will restart automatically.
For full application restart (only if you have some system errors!):
How can I use my own login page?
Answer: You can use your own login page with your custom design and layout.
Read more about custom login page configuration for usage with HTTP Commander.
Answer: You can add a logo to the toolbar or to the top panel (at the top of file manager window) , or to the login page.

Click here to read more about setting your logo.
How to branding of e-mail for sending public links?
Answer: see Branding manual.
How does HTTP Commander control user's count?
Answer: HTTP Commander controls user session count and unique user's names. A new session is created for every visitor. Each user can have a few sessions if he doesn't clicked logout button. But after 1 hour, the session is closed automatically. To terminate existing sessions by yourself, you need to restart the application.
How can I use HTTP Commander with SSL?

Answer: HTTP Commander works both with http and https protocols. http protocol works out of box. To enable https protocol, you need to install an SSL certificate on IIS. The instructions below describe how to order a certificate from a globally recognized certificate authority (recommended option) and how to create a self-signed certificate.

A self-signed certificate will allow you to use the https protocol, but the web browser will warn that the certificate is not valid since it comes from an unknown authority. To get a certificate that passes verification, you need to either order a certificate at a globally recognized certificate authority, or establish a trusted authority inside your corporate network.

Order certificate at a globally recognized certificate authority

As an example we consider ordering a certificate at Thawte. You may choose any other authority you trust.

Install Self-Signed certificate

A self-signed certificate is untrusted by definition. The web browser will warn you about the problem when you try to open a web site with untrusted certificate.


WebDAV over https with invalid certificate works unreliably. While web browser will warn you about the problem and allow you to proceed, WebDAV may refuse to connect to the web folder with a misleading error message. You may circumvent the problem by installing self-signed certificate into the trusted authorities container on the client machine.

Install untrusted certificate into trusted authorities container

  1. Open Edge (or IE) with administrative rights
  2. Open target site using https

  3. Confirm that you want to proceed in spite of the security problem

  4. Click "Certificate Error" Security report on the address bar, then click the "View certificates" link in the pop-up window.

  5. Click the "Install Certificate" button in the certificate properties window.

  6. Click "Next" in the Certificate Import Wizard. On the next step, "Certificate Store", select "Place all certificates in the following store", in the "Certificate store" field select "Trusted Root Certification Authorities". Click "Next".

  7. Click Finish to close the Certificate Import Wizard

How can I use site common authentication with the application?
Answer: If you have your own ASP.NET authentication at your site you can pass users to HTTP Commander without extra authentication. Also in such a case you don't need to create users in the HTTP Commander Admin panel. You can create just the folders and assign folders to the users by typing their names in text box (not from list).
To make common authentication at site and application you need to modify your site Web.Config file and application Web.config file: Place the same line in both of the files inside the <system.web> area:

For more information, read this article Forms Authentication Across Applications.
See CommonAuthentication section for more detailed info and examples.
How can I skip Forms authentication?
Answer: If you have provided an access to some files for all visitors, but there's no need to use Forms authentication for all users or only some of them, you can use the following methods:
We have our own users/folders database. How we can use it in HTTP Commander?
Answer: First, read the 2 previous questions (How can I skip Forms authentication?, How can I use site common authentication at application?).
If it is not enough then you can modify the code of Default.aspx and programmatically control authentication and folders:
Find the function called "SetPersonalConfiguration" and see its code example. Don't forget to "uncomment" it (remove "//" at the line of its call).
Contact Element-IT support if you need help in code modifications for your needs.
Can the first loading process be faster?
Answer: The HTTP Commander has AJAX and 100% Javascript interface so it works rather quickly like a local application. When a visitor logons the HTTP Commander for the first time, it takes some time to load *.js, *.css and *.svg (image/svg+xml mime type) files. Such files are stored in a browser cache for some months, so the next logons will be much quicker.

HTTP Commander have caching enabled by default for /Images, /Scripts folders and for styles.css. styles-min.css files. Max-Age used to control caching of these resources and it set to 365 days by default. Caching is not enabled for whole application to prevent caching of downloaded files.
If you want to disable caching, you need to find and remove following sections from web.config file :
Please note, that profiles of caching section is cleared to make IIS correctly send Cache-Control header in response. If this section is not cleared, IIS still adding no-cache attribute to Cache-Control header.

You can make even the first loading process faster if you enable gzip compression in the IIS settings. With gzip enabled, the loading is 4-5 times faster. You need to enable gzip for static and dynamic content (*.js, *.css and *.svg (image/svg+xml mime type) files). See article how to enable compression in IIS.
Download the trial HTTP Sniffer to test if the compression works successfully.
Can I make the application faster (increase performance)?
Answer: Yes. There are a few things that can help you make the application faster. You can do all or just some of them:
Loading of folders/files list is very slow (specially for a network folder) and takes several seconds.
It could be related to usage of NTFS alternate streams by HTTP Commander to store/read custom metadata on files and folders.
They used to store such information as Labels, Comments, File history, downloads counting and custom details fields.
By default HTTP Commander configured to display in file list some information stored in metadata for each file, e.q. existance of comments or other metadata and labels. If you do not plan to use mentioned functionalities feel free to disable them by configuring following parameters: Configuring these parameters is enough to disable load of metadata for each file during load of file list for folder, which may significantly speed up loading for network folders.
While you still will be able to see downloads count (if download counting is enabled), comments, description and other custom metadata fields in file properties window and in file details panel.
If I map a folder I get the error "The folder you entered does not appear to be valid..."?
Answer: First, try to map folder "https://demo.element-it.com/windows/hcwebdav" (without quotes). If it doesn't show the error and asks for credentials then it works (you can use demo/demo credentials). If mapping demo folder works but it doesn't map your application link, then the problem is with the application or WebDAV configuration. Check web folders mapping setup or contact us.
You cannot map folders in Server OS like Windows 2008, 2012, 2016 or 2019 by default. So, please test mapping from a non-server PC. For Servers 2008, 2012, 2016, 2019:
Click Start → Administration Tools → Server Manager → Features → Add Features → check WebDAV Redirector (or Desktop Experience for Windows 2008-2012) and click Next and Install buttons
I got an "Access to path '...' is denied" error.
Answer: The problem is related to the NTFS permissions. Check the NTFS permissions for HTCOMNET, data and your main content folders. See the NTFS Permissions section of the Documentation.
I got The page cannot be found error (error 404) when I open http://localhost/HTCOMNET/default.aspx or any other page.
Answer: If you are sure that the path http://localhost/HTCOMNET/default.aspx exists but you are still getting the error, it means that the IIS doesn't execute ASP.NET code. This problem occurs if your IIS was installed after the .NET Framework installation.
Reinstall the .NET Framework (v4.7.2 or above) or execute the following commands as administrator:
%WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i
and (for 64-bit systems):
%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -i
I see the page with ASP.NET tags at the top e.g. "<%@ Page Language="C#" %>".
Answer: ASP.NET has not started on the server and you have opened pages like clear HTML. See the "Application Install" section.
I got a "Required permissions cannot be acquired" error.
I got a " Request for the permission of type 'System.Security.Permissions... " error.
Answer: Both errors can be related to "Full trust" level. Check if "Full trust" is enabled for HTCOMNET application. See the Application Install section.
Also, check the permissions for IIS APPPOOL\DefaultAppPool" user on the HTCOMNET folder as well.
See the NTFS permissions section.
I got a "Internet Explorer cannot download Download.ashx from [domainname]" error while a file was being downloaded.
Answer: If you are using SSL, check Internet Explorer settings:
Tools → Internet Options → Advanced → Security → uncheck "Do not save encrypted pages to disk".
By default this option is unchecked. If the option is checked, the files cannot be saved from any SSL website.
I got a "Server Application Unavailable" error.
Answer: There are two reasons for such error:
  1. The problem can appear because ASP.NET 4.5 and ASP.NET 2.0 applications are being used by the same pool. Check all your applications in IIS and set one application pool for the applications running under .NET 4.5 and another pool for applications running under .NET 2.0.
  2. There are not enough NTFS permissions to HTCOMNET folder. See the NTFS permissions section of the Documentation.
  3. There can also be some other reasons. You can try to restart the application.
I got the Error "500.19" at web.config file ("modules" section).
Answer: This error can occur if you you have disabled some features of Web.config to delegate. In most cases it occurs with the "modules" feature. You should open IIS, click the server root in the left tree. At the right panel, open "Feature Delegation", then Select "Modules" and change its delegation type to "Read/Write". If you have the error with other features, then set the delegation type for the other features.
Does HTTP Commander support Web garden or Web farm?
Answer: No. HTTP Commander is running but does not work correctly if you have web garden or web farm enabled in IIS. Check if you have enabled web garden in the application pool settings and disable it or create a new pool for HTTP Commander. You should use only one worker process for the application.
Is HTTP Commander supports file solutions like DFS folders, UNC folders, ABE, NAS?
Answer: Yes, it supports DFS, UNC, ABE, NAS and most other file related Windows Server technologies. First you would set up the folder in the Admin panel. Then type the path to the DFS folder like \\domain\foldername or UNC like \\servername\share\folder. For ABE see more info here.
How Can I configure documents management features like Google Docs, MS Office and OpenOffice online edit?
Answer: All info related to documents management features is described in the Application settings section.
Can my users type their address and other info while performing self registration?
Answer: Yes, there is a special free custom field in the Accounts.xml file to store any extra info. In the Default.aspx code file you can find txtRegisterExtraInfo textarea — this textarea visible at registration form. You can make its size greater if you need to.
Also for localization of XML files there is a parameter: <RegisterExtraInfo>Extra info</RegisterExtraInfo>
You can replace "Extra info" text with your custom like "Type your address here".
Can I pass some settings in URL?
Answer: Yes, you can pass some settings in the URL:
How can I share remote folders (stored at another server within internal network)?
Answer: You can share remote folders but you need to take the steps listed below:
How can I add Static Content Role service at IIS7?
Answer: To add Static Content role go to
Start → Administrative Tools → Server Manager → Roles.
Find in the right list the Web Server (IIS) role and click the Add Role Services link.
In the new window check Static Content, and then click Next and then Install buttons.
How do I protect configuration files (prevent them to be retrieved by users)?
Answer: HTTP Commander stores configuration data on the server in a number of files. For security reasons, it is recommended to prevent users from retrieving them, since they expose sensitive information about the application. Configuration files are: Web.config, HttpCommanderSettings.config, .xml, .db files in the Data folder. Web.config, HttpCommanderSettings.config files are protected by default. .xml and .db files in Data folder are protected via the following section in Web.config file (in case of trouble make sure these settings are present in the configuration file).
  <location path="Data">
        <clear />
        <add name="HttpForbiddenHandlerXml" path="*.xml" verb="*" type="System.Web.HttpForbiddenHandler" />
        <add name="HttpForbiddenHandlerDb" path="*.db" verb="*" type="System.Web.HttpForbiddenHandler" />
            <remove fileExtension=".xml" />
            <add fileExtension=".xml" allowed="false" />
            <remove fileExtension=".db" />
            <add fileExtension=".db" allowed="false" />
In IIS configuration is restricted to Web.config file.
To test the settings, try to download the configuration files with a browser (http://server/HttpCommander/Data/Accounts.xml). You should see:
See also, how to prevent files download from Data folder.
Can I use SSO?
HTTP Commander includes examples of Single Sign-On (SSO) both for Basic Authentication and authentication via Form (for Active Directory users).



In all cases except Forms authentication across applications, you should have valid credentials to authenticate in HTTP Commander. Thus SSO topic breaks up into two subtopics: obtaining credentials and authenticating in the Web file manager.

The Default.aspx page is incorrectly displayed.
If Default.aspx page is displayed incorrectly, as on a screenshot below
please check the following:
I got the "Error HTTP 403.18 - Forbidden" when open files from folders with dots in name.
This error means that in IIS installed URLScan ISAPI Filter and it is configured so that not allowed URLs in which path there are folders having in the name of a dots (parameter AllowDotInPath=0).
For the solution of this problem see how to configure URLScan Tool below:
Check URLScan ISAPI filter settings in IIS if it is installed.
I got the error The parameter is incorrect when open file list.
This error can arise when reading to the network folder if the site in IIS with HTTPCommander works at a 64-bit platform, and in settings of a pool indicated value True for the Enable 32-Bit Applications parameter.
Specify False value for the Enable 32-Bit Applications parameter in advanced settings of a pool and restart it
(Application PoolshtcomnetpoolAdvanced Settings).
See about Wow64FsRedirection in FindFirstFile article.
Why Microsoft Office still opens my document (View / Edit → Edit in MS Office) as read-only?
First of all check settings of work with WebDAV and read article Using MS Office and OpenOffice to work with documents.
Also check before opening of the document, having refreshed the file list, whether it is opened by other user (an icon The file is locked on the right or in the Labels column):
Also check NTFS persmissions for a read-write for a pool of applications and the user who opens the file.
And in addition check the file for block (the Unblock button in properties of the file) and if it is blocked, remove block (privileges of the administrator are necessary):
If the problem isn't fixed clear Microsoft Office WebDAV cache in registry on computer of user.
Microsoft Office reads WebDAV server options when connecting to server first time and stores them for later use.
The Microsoft Office WebDAV cache is stored under the key:
HKEY_CURRENT_USER\Software\Microsoft\Office\<version>\Common\Internet\Server Cache\
To clear cache just delete all keys under this key.
Also set OpenDocumentsReadWriteWhileBrowsing DWORD Value to 1 on a user machine under the key
Note! After change registry keys restart computer or WebClient service.
Error on download/upload with Dropbox or Box: Could not load file or assembly 'Newtonsoft.Json, Version=...'.
Solution: in Web.config file replace Newtonsoft.Json assembly version x.0.0.0 to (where x < 12).
See Update to version 5.
How to disable WebDav feature.
There are 2 ways to completely disable WebDav feature in HTTP Commander.
  1. With settings on settings tab in Admin Panel.
    You will need to set to false the values of following parameters:
  2. Edit Web.config file of HTTP Commander and remove from modules section (system.webserver → modules and at system.web → httpModules sections) following module:
    <add name="FileWebDavModule" type="HttpCommander.FileWebDAVServer.FileWebDavModule, FileWebDAVServer" precondition="integratedMode" />
Page reloaded when file list is scrolled up in Chrome browser on Android.
This issue is fixed in HTTP Commander 4.5 an later. Here are steps to fix this issue on version prior 4.5:
  1. Open Default.aspx page in text editor.
  2. Search for body tag
  3. Append to body tag following code:
    <% if(isMobileBrowser) { %> style="overflow-y: hidden;" <% } %>
  4. Result should look like this:
    <body id="pageBody" class="<%= pageBodyStyle %>" onload="<%= Utils.GetSetTimeOutScript() %>" <% if(isMobileBrowser) { %> style="overflow-y: hidden;" <% } %>>
IE browser does not rotate image loading.
To fix this, enable the "Play animations in webpages" option in the IE setting:
Internet options → Advanced → Multimedia → Play animations in webpages.
Can i use my own users database?
Yes, you can user your own users database with HTTP Commander. To do this you will need to:
  1. Configure integration with Auth0 platform
  2. and configure connection to your existing database.
Can users login with social accounts?
Yes, you can configure HTTP Commander to allow login with social account. To do this you will need to:
  1. Configure integration with Auth0 platform
  2. and configure social providers connection.
Are there any password strength settings?
You can set custom password security policy when integration with Auth0 is configured. To do this you will need to:
  1. Configure integration with Auth0 platform
  2. and configure password policy.
I enabled Auth0, but got an error ID7027: Could not load the identity configuration ....
To fix it, properly configure Web.config.
I enabled Auth0, but got an error Error occurred during a cryptographic operation.
To fix it, properly configure machineKey in Web.config.
I enabled Auth0, but when enter the correct username/password, the login screen is displayed again each time.
To fix it, make sure that the SessionAuthenticationModule present in the Web.config file. See Auth0 Web.config manual.