views:

740

answers:

3

I am using SWFUpload to do file uploading in a ASP.NET MVC 1.0 website. It is working fine, but I am not able to authenticate the upload method. The HttpContext.User.Identity.Name returns an empty string. I am assuming this is because the Flash movie is making the post. I am also using the wrapper provided here: http://blog.codeville.net/2008/11/24/jquery-ajax-uploader-plugin-with-progress-bar/.

The controller action below gets fired, but as mentiond above the user object is not passed.

Any help is appreciated!

View

HTML

            <form enctype="multipart/form-data" method="post" action="/Media/Upload/Photo">
                <input type="file" id="userPhoto_Photo" name="userPhoto_Photo" />
            </form>

Javascript

    $(function() {
        $("#userPhoto").makeAsyncUploader({
            upload_url: '/Media/Upload',
            flash_url: '<%= Url.Content("~/Content/Flash/swfUpload-2.2.0.1.swf") %>',
            file_size_limit: '1 MB',
            file_types: '*.jpg; *.png; *.gif',

            button_action: SWFUpload.BUTTON_ACTION.SELECT_FILE, 
            button_width: 210,
            button_height: 35, 
            button_image_url: '<%= Url.Content("~/Content/Images/UploadPhoto.png") %>',
            button_text: '',
button_cursor: SWFUpload.CURSOR.HAND,
button_window_mode: SWFUpload.WINDOW_MODE.TRANSPARENT

        });
    });   

Controller Action

    [AcceptVerbs(HttpVerbs.Post)]
    public ActionResult Upload()
    {
        if (Request.Files.Count == 1)
        {
            //Upload work
        }
        return RedirectToAction("Index", "Profile");
    }
A: 

I believe this is because flash does not persist browser sessions when making requests. You would have to somehow explicitly have flash pass along some information regarding the user's session.

One way you could do this is set a cookie. Have JavaScript read the cookie and pass it off to flash. Then have flash send it along when doing uploads. This way, you are not passing in a cookie value with flash vars.

Are you using windows integrated auth?

Chris Gutierrez
A: 

This was easily resolved with passing a post parameter, which is part of the swfUpload API. Passing user name or user id is then authenticated on the action manually using forms authentication.

Dustin Laine
+1  A: 

You should also check out this post: http://trycatchfail.com/blog/post/2009/05/13/Using-Flash-with-ASPNET-MVC-and-Authentication.aspx
It perfectly explains what you need to do to keep your app secure and still use Flash upload plugins like Uploadify or swfupload.

brainnovative
This worked for me. I just also had to make sure i allowed requests to my upload url in web.config. The Authorize attribute should be enough. <location path="Member/Action/UploadImage"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location>
Johan Wikström