How do you allow multiple file uploads on an internal windows-authentication intranet?

Question

I have a couple of solutions, but none of them work perfectly.

Platform

1. ASP.NET / VB.NET / .NET 2.0
2. IIS 6
3. IE6 (primarily), with some IE7; Firefox not necessary, but useful

Allowed 3rd Party Options

1. Flash
2. ActiveX (would like to avoid)
3. Java (would like to avoid)

Current Attempts

Gmail Style: You can use javascript to add new Upload elements (input type='file'), then upload them all at once with the click of a button. This works, but still requires a lot of clicks. (I was able to use an invisible ActiveX control to detect things like File Size, which would be useful.)

Flash Uploader: I discovered a couple of Flash Upload controls that use a 1x1 flash file to act as the uploader, callable by javascript. (One such control is FancyUpload, another is Dojo's Multiple File Uploader, yet another is one by darick_c at CodeProject.) These excited me, but I quickly ran into two issues:

1. Flash 10 will break the functionality that is used to call the multiple file upload dialogue box. The workaround is to use a transparent flash frame, or just use a flash button to call the dialogue box. That's not a huge deal.
2. The integrated windows authentication used on our intranet is not used when the Flash file attempts to upload the files, prompting the user for credentials. The workaround for this is to use cookieless sessions, which would be a nightmare for our project due to several other reasons.

Java Uploader: I noticed several Java-based multiple-file uploaders, but most of the appear to cost money. If I found one that worked really well, I could arrange to purchase it. I'd just rather not. I also don't like the look of most of them. I liked FancyUpload because it interacted with html/javascript so that I could easily style and manage it any way I want.

ActiveX Uploader: I found an ActiveX solution as well. It appears that ActiveX will work. I would just write my own instead of buying that one. This will be my last resort, I think.

Resolution

I would love to be able to use something like FancyUpload. If I can just get by the credentials prompt some way, it would be perfect. But, from my research, it appears that the only real workaround is cookieless sessions, which I just can't do.

So, the question is: Is there a way to resolve the issues presented above OR is there a different solution that I have not listed which accomplishes the same goal?

Answer 1

You could try SWFUpload as well - it would fit in your Flash Uploader "category".

Answer 2

It looks like ActiveX could work, but I can't get the .NET examples to work. Any further thoughts would be appreciated.

Answer 3

In Internet Explorer, FileReference.upload (flash upload) will send cookies along as well.

This behavior breaks only when running in other browsers.

Answer 4

I don't think there is any work around for the integrated windows authentication. What you could possibly do is save the files to a generic unprotected folder and, in the case of swfupload, use a handler to move the file when its fully uploaded

Answer 5

@davidinbcn.myopenid.co: That's basically how I solved this issue. But, in an effort to provide a more detailed answer, I'm posting my solution here.

The Solution!

Create two web applications, or websites, or whatever.

Application A is a simple web application. The purpose of this application is to receive file uploads and save them to the proper place. Set this up as an anonymous access allowed. Then make a single ASPX page that accepts posted files and saves them to a given location. (I'm doing this on an intranet. Internet sites may be exposing themselves to security issues by doing this. Take extra precautions if that is the case.) The code behind for this page would look something like this:

Dim uploads As HttpFileCollection = HttpContext.Current.Request.Files
If uploads.Count > 0 Then
    UploadFiles(uploads)
Else
    result = "error"
    err = "File Not Uploaded"
End If

Application B is your primary site that will allow file uploads. Set this up as an authenticated web application that does not allow anonymous access. Then, place the FancyUpload (or similar solution) on a page on this site. Configure it to post its files to Application A's upload ASPX page.

Answer 6

Our company use ajaxuploader.com which support this feature.

Answer 7

EM - I am trying to do the same as you were - except I'm using swfupload. I am having a problem - Request.Files is empty when I get to the Anonymous Access page which is going to move the file.

Did you run into that? Maybe I need to add something to the web.config. Or when you allowed Anon Access, did you disable Windows Auth?

Thanks