Uploadify (Session and authentication) with ASP.NET MVC

asp.net-mvc authentication session uploadify
Dragouf picture Dragouf · Nov 13, 2009 · Viewed 19.1k times · Source

When I use Authorize filter on an action or a controller used by uplodify (http://www.uploadify.com/) the action isn't reach...

moreover Session are not retrieved.

I found this to retrieved user session :

http://geekswithblogs.net/apopovsky/archive/2009/05/06/working-around-flash-cookie-bug-in-asp.net-mvc.aspx

But how to use it with [Authorize] filter and retrieved session ?

Answer

Dragouf picture Dragouf · Nov 13, 2009

To correct this I propose you a solution... Send the auth cookie value and session id cookie value with uploadify and recreate it before session is retrieved.

here is the code to implent in the view :

<script>
    var auth = "<% = Request.Cookies[FormsAuthentication.FormsCookieName]==null ? string.Empty : Request.Cookies[FormsAuthentication.FormsCookieName].Value %>";
    var ASPSESSID = "<%= Session.SessionID %>";

    $("#uploadifyLogo").uploadify({
        ...
        formData: { ASPSESSID: ASPSESSID, AUTHID: auth }
    });

And then in Global.asax :

protected void Application_BeginRequest(object sender, EventArgs e)
    {
      /* we guess at this point session is not already retrieved by application so we recreate cookie with the session id... */
        try
        {
            string session_param_name = "ASPSESSID";
            string session_cookie_name = "ASP.NET_SessionId";

            if (HttpContext.Current.Request.Form[session_param_name] != null)
            {
                UpdateCookie(session_cookie_name, HttpContext.Current.Request.Form[session_param_name]);
            }
            else if (HttpContext.Current.Request.QueryString[session_param_name] != null)
            {
                UpdateCookie(session_cookie_name, HttpContext.Current.Request.QueryString[session_param_name]);
            }
        }
        catch
        {
        }

        try
        {
            string auth_param_name = "AUTHID";
            string auth_cookie_name = FormsAuthentication.FormsCookieName;

            if (HttpContext.Current.Request.Form[auth_param_name] != null)
            {
                UpdateCookie(auth_cookie_name, HttpContext.Current.Request.Form[auth_param_name]);
            }
            else if (HttpContext.Current.Request.QueryString[auth_param_name] != null)
            {
                UpdateCookie(auth_cookie_name, HttpContext.Current.Request.QueryString[auth_param_name]);
            }

        }
        catch
        {
        }
    }

    private void UpdateCookie(string cookie_name, string cookie_value)
    {
        HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(cookie_name);
        if (null == cookie)
        {
            cookie = new HttpCookie(cookie_name);
        }
        cookie.Value = cookie_value;
        HttpContext.Current.Request.Cookies.Set(cookie);
    }

And voila, with that method it's totally transparent.

hope it help some!! ;)

EDITED : use formData instead of scriptData

Related questions

MVC 5 Access Claims Identity User Data

I am developing an MVC 5 web application using Entity Framework 5 Database First approach. I am using OWIN for the authentication of Users. Below shows my Login method within my Account Controller. public ActionResult Login(LoginViewModel model, string returnUrl) { if (ModelState.…

Read More
Adding ASP.NET MVC5 Identity Authentication to an existing project

I have seen lots of similar pages on the web, but most of them use a new project instead of an existing one, or don't have the necessary features. So, I have an existing MVC 5 project and want to integrate …

Read More
Why does AuthorizeAttribute redirect to the login page for authentication and authorization failures?

In ASP.NET MVC, you can mark up a controller method with AuthorizeAttribute, like this: [Authorize(Roles = "CanDeleteTags")] public void Delete(string tagName) { // ... } This means that, if the currently logged-in user is not in the "CanDeleteTags" role, the controller method …

Read More