Geek Answers Handbook

Uploadify (flash file upload) and integrated Windows authentication

I have a problem with Uploadify, and I hope someone can help. I put Uploadify in my application and everything works fine in dev (using VS web server). Everything worked fine and verified until I deployed the application in my test environment, which uses integrated Windows authentication.

When I actually download the file, the browser calls up a login prompt. At this point, even if you enter the correct username and password, the request does not seem to end, and even if you tell the browser to remember the password, it still calls the login prompt.

When it started, I decided to deploy Fiddler and see what happens. But guess that when Fiddler is running, the problem does not occur.

Unfortunately, I cannot run Fiddler in reuqierment to run the application. Therefore, anyone has ideas. I know that there are some problems with Uploadify / flash when using forms authentication, but I did not think that they were ported to the built-in Windows authentication.

+5
source share
1 answer

I saw this page and I almost gave up, but then I looked at this article from Craig at PluralSight. This gave me an idea of ​​returning 401 from ASP.Net instead of IIS, so anonymous authentication is included in IIS.

Here are the steps to help solve the problem.

Step 1: Enable Anonymous Authentication and Windows Auth in IIS.

2: Global.asax.cs
/: ( ) ASP.NET MVC
: POST- , , . , GET. , GET.

protected void Application_BeginRequest(object sender, EventArgs e)
{
    /* we guess at this point session is not already retrieved by application so we recreate cookie with the session id... */
    try
    {
        string session_param_name = "ASPSESSID";
        string session_cookie_name = "ASP.NET_SessionId";

        if (HttpContext.Current.Request.Form[session_param_name] != null)
        {
            UpdateCookie(session_cookie_name, HttpContext.Current.Request.Form[session_param_name]);
        }

    }
    catch
    {
    }

    try
    {
        string auth_param_name = "AUTHID";
        string auth_cookie_name = FormsAuthentication.FormsCookieName;

        if (HttpContext.Current.Request.Form[auth_param_name] != null)
        {
            UpdateCookie(auth_cookie_name, HttpContext.Current.Request.Form[auth_param_name]);
            return; // this is an uploadify request....get out of here.
        }

    }
    catch
    {
    }

    // handle the windows authentication while keeping anonymous turned on in IIS.
    // see: https://stackoverflow.com/questions/2549914/uploadify-flash-file-upload-integrated-windows-authentication

    if (Request.ServerVariables["LOGON_USER"].Length == 0) // They haven't provided credentials yet
    {
        Response.StatusCode = 401;
        Response.StatusDescription = "Unauthorized";
        Response.End();
        return;
    }

    FormsAuthentication.SetAuthCookie(Request.ServerVariables["LOGON_USER"], true); 

}

private void UpdateCookie(string cookie_name, string cookie_value)
{
    HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(cookie_name);
    if (null == cookie)
    {
        cookie = new HttpCookie(cookie_name);
    }
    cookie.Value = cookie_value;
    HttpContext.Current.Request.Cookies.Set(cookie);
}

3: javascript, auth .

<script> 
    var auth = "<% = Request.Cookies[FormsAuthentication.FormsCookieName]==null ? string.Empty : Request.Cookies[FormsAuthentication.FormsCookieName].Value %>"; 
    var ASPSESSID = "<%= Session.SessionID %>"; 

    $("#uploadifyLogo").uploadify({ 
        ... 
        scriptData: { ASPSESSID: ASPSESSID, AUTHID: auth } 
    });

4: web.config

  <system.web>
    ...
    <authentication mode="Forms">
      <forms defaultUrl="/" />
    </authentication>
    ...
+2

More articles:


All Articles