SWFUpload Authentication

Question

I am using SWFUpload to do file uploading in a ASP.NET MVC 1.0 website. It is working fine, but I am not able to authenticate the upload method. The HttpContext.User.Identity.Name returns an empty string. I am assuming this is because the Flash movie is making the post. I am also using the wrapper provided here: http://blog.codeville.net/2008/11/24/jquery-ajax-uploader-plugin-with-progress-bar/.

The controller action below gets fired, but as mentiond above the user object is not passed.

Any help is appreciated!

View

HTML

            <form enctype="multipart/form-data" method="post" action="/Media/Upload/Photo">
                <input type="file" id="userPhoto_Photo" name="userPhoto_Photo" />
            </form>

Javascript

    $(function() {
        $("#userPhoto").makeAsyncUploader({
            upload_url: '/Media/Upload',
            flash_url: '<%= Url.Content("~/Content/Flash/swfUpload-2.2.0.1.swf") %>',
            file_size_limit: '1 MB',
            file_types: '*.jpg; *.png; *.gif',

            button_action: SWFUpload.BUTTON_ACTION.SELECT_FILE, 
            button_width: 210,
            button_height: 35, 
            button_image_url: '<%= Url.Content("~/Content/Images/UploadPhoto.png") %>',
            button_text: '',
button_cursor: SWFUpload.CURSOR.HAND,
button_window_mode: SWFUpload.WINDOW_MODE.TRANSPARENT

        });
    });   

Controller Action

    [AcceptVerbs(HttpVerbs.Post)]
    public ActionResult Upload()
    {
        if (Request.Files.Count == 1)
        {
            //Upload work
        }
        return RedirectToAction("Index", "Profile");
    }

Answer 1

I believe this is because flash does not persist browser sessions when making requests. You would have to somehow explicitly have flash pass along some information regarding the user's session.

One way you could do this is set a cookie. Have JavaScript read the cookie and pass it off to flash. Then have flash send it along when doing uploads. This way, you are not passing in a cookie value with flash vars.

Are you using windows integrated auth?

Answer 2

This was easily resolved with passing a post parameter, which is part of the swfUpload API. Passing user name or user id is then authenticated on the action manually using forms authentication.

Answer 3

You should also check out this post: http://trycatchfail.com/blog/post/2009/05/13/Using-Flash-with-ASPNET-MVC-and-Authentication.aspx
It perfectly explains what you need to do to keep your app secure and still use Flash upload plugins like Uploadify or swfupload.