5

I'm running into an issue with Uploadify and I hope someone can help. I have put Uploadify into my app and all works fine in dev (using the VS web server). All worked fine and checked until I deployed the app into my test environment which uses Integrated Windows Authentication.

When I actually go to upload the file, the browser brings up a login prompt. At this point, even if you type in the correct username and password, the request seems not to complete and even if you tell the browser to remember the password it still brings up the login prompt.

When this started to occur, I decided to spin up Fiddler and see what was going on. But guess what, when ever Fiddler is running the issue doesn't occur.

Unfortunately I can't make running Fiddler a reuqierment for running the app. Hence does anyone have any ideas. I know there are some issues with Uploadify/flash when using forms authentication but I didn't think they carried across to Integrated Windows Authentication.

Kyle Trauberman
  • 25,414
  • 13
  • 85
  • 121
vdh_ant
  • 12,720
  • 13
  • 66
  • 86

1 Answers1

3

I saw this page and I almost gave up but then I ran across this article from Craig at PluralSight. Which gave me the idea of returning a 401 from ASP.Net instead of IIS which is why anonymous authentication is enabled in IIS.

Here are the steps to workaround the issue.

Step 1: Enable Anonymous Authentication and Windows Auth in IIS.

Step 2: Add this code to your Global.asax.cs
Credit/Thanks to: Uploadify (Session and authentication) with ASP.NET MVC
Note: In my version only POST requests use the special logic since I only want this code to work for uploadify. In other words I delete the code for GET requests. Take a look at the link above if you want to support GET.

protected void Application_BeginRequest(object sender, EventArgs e)
{
    /* we guess at this point session is not already retrieved by application so we recreate cookie with the session id... */
    try
    {
        string session_param_name = "ASPSESSID";
        string session_cookie_name = "ASP.NET_SessionId";

        if (HttpContext.Current.Request.Form[session_param_name] != null)
        {
            UpdateCookie(session_cookie_name, HttpContext.Current.Request.Form[session_param_name]);
        }

    }
    catch
    {
    }

    try
    {
        string auth_param_name = "AUTHID";
        string auth_cookie_name = FormsAuthentication.FormsCookieName;

        if (HttpContext.Current.Request.Form[auth_param_name] != null)
        {
            UpdateCookie(auth_cookie_name, HttpContext.Current.Request.Form[auth_param_name]);
            return; // this is an uploadify request....get out of here.
        }

    }
    catch
    {
    }

    // handle the windows authentication while keeping anonymous turned on in IIS.
    // see: https://stackoverflow.com/questions/2549914/uploadify-flash-file-upload-integrated-windows-authentication

    if (Request.ServerVariables["LOGON_USER"].Length == 0) // They haven't provided credentials yet
    {
        Response.StatusCode = 401;
        Response.StatusDescription = "Unauthorized";
        Response.End();
        return;
    }

    FormsAuthentication.SetAuthCookie(Request.ServerVariables["LOGON_USER"], true); 

}

private void UpdateCookie(string cookie_name, string cookie_value)
{
    HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(cookie_name);
    if (null == cookie)
    {
        cookie = new HttpCookie(cookie_name);
    }
    cookie.Value = cookie_value;
    HttpContext.Current.Request.Cookies.Set(cookie);
}

Step 3: Update the javascript invoking uploadify to include the form's auth key and session key.

<script> 
    var auth = "<% = Request.Cookies[FormsAuthentication.FormsCookieName]==null ? string.Empty : Request.Cookies[FormsAuthentication.FormsCookieName].Value %>"; 
    var ASPSESSID = "<%= Session.SessionID %>"; 

    $("#uploadifyLogo").uploadify({ 
        ... 
        scriptData: { ASPSESSID: ASPSESSID, AUTHID: auth } 
    });

Step 4: Update your web.config

  <system.web>
    ...
    <authentication mode="Forms">
      <forms defaultUrl="/" />
    </authentication>
    ...
Community
  • 1
  • 1
Peter Moresi
  • 2,509
  • 1
  • 14
  • 4
  • I'm having the exact same problem like the OP and I tried your solution but I can't get it to work. For some reason Request.ServerVariables["LOGON_USER"] is always empty. Any suggestions? – Simon Jan 28 '11 at 12:16
  • Are both anonymous authentication and windows authentication enabled in IIS? – Peter Moresi Feb 10 '11 at 18:00
  • I know it's late to comment/ask questions, but this means that the solution to using uploadify and Windows Authentication requires NOT using Windows Authentication? – bzarah May 05 '11 at 15:51
  • @bzarah That's what it seems like to me. Stinks, but no way around it that I can see. Using some AJAX to mimic it as best as possible. – pmarsh Oct 07 '11 at 01:16