Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Well done and problem gone!</p> <p>There was not "properly" an issue with my code. The usage of the plugin was generally correct but there was an issue with the authentication mechanism. </p> <p>As everybody can find on the internet the flash plugin does not share the authentication cookie with the server-side code and this was the reason behind the usage of the "scriptData" section inside my code that contained the Authentication Cookie.</p> <p>The problem was related to the fact that the controller was decorated with the [Authorize] attribute and this was never letting the request reach its destination.</p> <p>The solution, found with the help of another user on the uploadify forum, is to write a customized version of the AuthorizeAttribute like you can see in the following code.</p> <pre><code>/// &lt;summary&gt; /// A custom version of the &lt;see cref="AuthorizeAttribute"/&gt; that supports working /// around a cookie/session bug in Flash. /// &lt;/summary&gt; /// &lt;remarks&gt; /// Details of the bug and workaround can be found on this blog: /// http://geekswithblogs.net/apopovsky/archive/2009/05/06/working-around-flash-cookie-bug-in-asp.net-mvc.aspx /// &lt;/remarks&gt; [AttributeUsage( AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true )] public class TokenizedAuthorizeAttribute : AuthorizeAttribute { /// &lt;summary&gt; /// The key to the authentication token that should be submitted somewhere in the request. /// &lt;/summary&gt; private const string TOKEN_KEY = "AuthenticationToken"; /// &lt;summary&gt; /// This changes the behavior of AuthorizeCore so that it will only authorize /// users if a valid token is submitted with the request. /// &lt;/summary&gt; /// &lt;param name="httpContext"&gt;&lt;/param&gt; /// &lt;returns&gt;&lt;/returns&gt; protected override bool AuthorizeCore( System.Web.HttpContextBase httpContext ) { string token = httpContext.Request.Params[TOKEN_KEY]; if ( token != null ) { FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt( token ); if ( ticket != null ) { FormsIdentity identity = new FormsIdentity( ticket ); string[] roles = System.Web.Security.Roles.GetRolesForUser( identity.Name ); GenericPrincipal principal = new GenericPrincipal( identity, roles ); httpContext.User = principal; } } return base.AuthorizeCore( httpContext ); } } </code></pre> <p>Using this to decorate teh controller/action that does the upload made everything to work smoothly.</p> <p>The only strange thing that remain unsolved, but does not affect the execution of the code, is that, strangely, Fiddler does not show the HTTP post. I do not understand why....</p> <p>I am posting this to make it available to the community.</p> <p>thanks!</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload