I was integrating a JQuery plugin for file uploads, uploadify, in my app when I saw a very strange behavior. The plugin reported an error transmitting the file to the server and debugging the controller code I noticed the target action wasn’t being called at all. Debugging the client code I found out that the server was redirecting the upload to the login page. The Controller was marked with the AuthorizeAttribute but the user was already authenticated. After a google search I found this article explaining the problem and a workaround that didn’t work for me.
One easy solution was to remove the Authorize attribute from that action but that would open a big security hole, allowing anybody to upload files to the server. I finally implemented a manual authentication that seems to work fine.
In the client I extract the value from the forms authentication cookie and send it with my file as data:
var auth =
"<% = Request.Cookies[FormsAuthentication.FormsCookieName]==null ? string.Empty : Request.Cookies[FormsAuthentication.FormsCookieName].Value %>";
:
: //File upload
: $('#photoUpload').fileUpload({
: uploader: '/Content/uploader.swf',
: script: '/Files/UploadPicture',
: scriptData: { token: auth },
: cancelImg: '/Content/images/cancel.png',
: auto: true,
: folder: '/uploads',
: fileDesc: 'Image',
: fileExt: '*.jpg;*.jpeg;*.png;*.gif'
: });
:
I think this technique could be easily applied to SWFUpload as well.
The server receives the security token so I needed to authenticate it. This action does the trick:
public ActionResult UploadPicture(string token, HttpPostedFileBase fileData) : {
: FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(token);
: if(ticket!=null)
: {
: var identity = new FormsIdentity(ticket);
: if(identity.IsAuthenticated)
: {
: /*************************************
: *
: * HANDLE FILE
: *
: * ***********************************/
: return Content("OK");
:
}
:
}
: throw new InvalidOperationException("The user is not authenticated.");
:
:
}
:
I think I’ll move the authentication to an action filter to keep the action code cleaner but this works fine for now.
Technorati Tags: ASP.net MVC,ASP.net,Uploadify,JQuery,SWFupload
Print | posted on Wednesday, May 06, 2009 11:44 PM | Filed Under [ ASP.net MVC ]