Uploadify (flash file upload) & Integrated Windows Authentication
I'm running into an issue with Uploadify and I hope someone can help. I have put Uploadify into my app and all works fine in dev (using the VS web server). All worked fine and checked until I deployed the app into my test environment which uses Integrated Windows Authentication.
When I actually go to upload the file, the browser brings up a login prompt. At this point, even if you type in the correct username and password, the request seems not to complete and even if you tell the browser to remember the password it still brings up the login prompt.
When this started to occur, I decided to spin up Fiddler and see what was going on. But guess what, when ever 开发者_如何学编程Fiddler is running the issue doesn't occur.
Unfortunately I can't make running Fiddler a reuqierment for running the app. Hence does anyone have any ideas. I know there are some issues with Uploadify/flash when using forms authentication but I didn't think they carried across to Integrated Windows Authentication.
I saw this page and I almost gave up but then I ran across this article from Craig at PluralSight. Which gave me the idea of returning a 401 from ASP.Net instead of IIS which is why anonymous authentication is enabled in IIS.
Here are the steps to workaround the issue.
Step 1: Enable Anonymous Authentication and Windows Auth in IIS.
Step 2: Add this code to your Global.asax.cs
Credit/Thanks to: Uploadify (Session and authentication) with ASP.NET MVC
Note: In my version only POST requests use the special logic since I only want this code to work for uploadify. In other words I delete the code for GET requests. Take a look at the link above if you want to support GET.
protected void Application_BeginRequest(object sender, EventArgs e)
{
/* we guess at this point session is not already retrieved by application so we recreate cookie with the session id... */
try
{
string session_param_name = "ASPSESSID";
string session_cookie_name = "ASP.NET_SessionId";
if (HttpContext.Current.Request.Form[session_param_name] != null)
{
UpdateCookie(session_cookie_name, HttpContext.Current.Request.Form[session_param_name]);
}
}
catch
{
}
try
{
string auth_param_name = "AUTHID";
string auth_cookie_name = FormsAuthentication.FormsCookieName;
if (HttpContext.Current.Request.Form[auth_param_name] != null)
{
UpdateCookie(auth_cookie_name, HttpContext.Current.Request.Form[auth_param_name]);
return; // this is an uploadify request....get out of here.
}
}
catch
{
}
// handle the windows authentication while keeping anonymous turned on in IIS.
// see: https://stackoverflow.com/questions/2549914/uploadify-flash-file-upload-integrated-windows-authentication
if (Request.ServerVariables["LOGON_USER"].Length == 0) // They haven't provided credentials yet
{
Response.StatusCode = 401;
Response.StatusDescription = "Unauthorized";
Response.End();
return;
}
FormsAuthentication.SetAuthCookie(Request.ServerVariables["LOGON_USER"], true);
}
private void UpdateCookie(string cookie_name, string cookie_value)
{
HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(cookie_name);
if (null == cookie)
{
cookie = new HttpCookie(cookie_name);
}
cookie.Value = cookie_value;
HttpContext.Current.Request.Cookies.Set(cookie);
}
Step 3: Update the javascript invoking uploadify to include the form's auth key and session key.
<script>
var auth = "<% = Request.Cookies[FormsAuthentication.FormsCookieName]==null ? string.Empty : Request.Cookies[FormsAuthentication.FormsCookieName].Value %>";
var ASPSESSID = "<%= Session.SessionID %>";
$("#uploadifyLogo").uploadify({
...
scriptData: { ASPSESSID: ASPSESSID, AUTHID: auth }
});
Step 4: Update your web.config
<system.web>
...
<authentication mode="Forms">
<forms defaultUrl="/" />
</authentication>
...
加载中,请稍侯......
精彩评论