PDA

View Full Version : [CLOSED] MultiUpload with Firefox - Unauthorized



ViDom
Jul 24, 2014, 3:47 PM
Hi,
This is my sample:
Test.aspx

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="test.aspx.cs" Inherits="test" %>
<%@ Register assembly="Ext.Net" namespace="Ext.Net" tagprefix="ext" %>
<script runat="server">
protected void MultiUpload1_FileUpload(object sender, FileUploadEventArgs e)
{
System.Threading.Thread.Sleep(3000); // for testing purposing only
X.Msg.Notify("File is uploaded", "Name: " + e.FileName).Show();
}
</script>
<!DOCTYPE html>
<html>
<head runat="server">
<title>Simple MultiUpload - Ext.NET Examples</title>
<link href="/resources/css/examples.css" rel="stylesheet" />
<script type="text/javascript">
var uploadError = function (item, file, errorCode, message) {
alert("Error Code: " + errorCode + ", File name: " + file.name + ", File size: " + file.size + ", Message: " + message);
};

var fileSelectionError = function (item, file, errorCode, message) {
alert("Error Code: " + errorCode + ", File name: " + file.name + ", File size: " + file.size + ", Message: " + message);
};
</script>
</head>
<body>
<form runat="server">
<ext:ResourceManager runat="server" />

<h1>Simple MultiUpload</h1>

<ext:MultiUpload
ID="MultiUpload1"
runat="server"
OnFileUpload="MultiUpload1_FileUpload"
AutoStartUpload="true"
FileDropAnywhere="true"
FileSizeLimit="15 MB"
FileTypes="*.*"
FileTypesDescription="All Files"
FileUploadLimit="100"
FileQueueLimit="0">
<Listeners>
<UploadStart Handler="Ext.Msg.wait('Uploading...');" />
<UploadError Fn="uploadError" />
<FileSelectionError Fn="fileSelectionError" />
<UploadComplete Handler="Ext.Msg.hide();" />
</Listeners>
</ext:MultiUpload>
</form>
</body>
</html>


Web.config

<?xml version="1.0"?>
<configuration>
<system.web>
<httpHandlers>
<add path="*/ext.axd" verb="*" type="Ext.Net.ResourceHandler" validate="false" />
</httpHandlers>

<httpModules>
<add name="DirectRequestModule" type="Ext.Net.DirectRequestModule, Ext.Net" />
</httpModules>

<pages>
<controls>
<add assembly="Ext.Net" namespace="Ext.Net" tagPrefix="ext" />
</controls>
</pages>
<compilation debug="true" targetFramework="4.0" />

<authorization>
<deny users="?" />
</authorization>

<authentication mode="Windows"/>

</system.web>

<system.webServer>
<validation validateIntegratedModeConfiguration="false" />

<modules>
<add name="DirectRequestModule" preCondition="managedHandler" type="Ext.Net.DirectRequestModule, Ext.Net" />
</modules>

<handlers>
<add name="DirectRequestHandler" verb="*" path="*/ext.axd" preCondition="integratedMode" type="Ext.Net.ResourceHandler" />
</handlers>
</system.webServer>

</configuration>

and Global.aspx

<%@ Application Language="C#" %>

<script runat="server">
void Application_BeginRequest(object sender, EventArgs e)
{
try
{
string session_param_name = "ASPSESSID";
string session_cookie_name = "ASP.NET_SESSIONID";

if (HttpContext.Current.Request.Form[session_param_name] != null)
{
UpdateCookie(session_cookie_name, HttpContext.Current.Request.Form[session_param_name]);
}
else if (HttpContext.Current.Request.QueryString[session_param_name] != null)
{
UpdateCookie(session_cookie_name, HttpContext.Current.Request.QueryString[session_param_name]);
}
}
catch (Exception)
{
Response.StatusCode = 500;
Response.Write("Error Initializing Session");
}

try
{
string auth_param_name = "AUTHID";
string auth_cookie_name = FormsAuthentication.FormsCookieName;

if (HttpContext.Current.Request.Form[auth_param_name] != null)
{
UpdateCookie(auth_cookie_name, HttpContext.Current.Request.Form[auth_param_name]);
}
else if (HttpContext.Current.Request.QueryString[auth_param_name] != null)
{
UpdateCookie(auth_cookie_name, HttpContext.Current.Request.QueryString[auth_param_name]);
}

}
catch (Exception)
{
Response.StatusCode = 500;
Response.Write("Error Initializing Forms Authentication");
}
}
void UpdateCookie(string cookie_name, string cookie_value)
{
HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(cookie_nam e);
if (cookie == null)
{
cookie = new HttpCookie(cookie_name);
HttpContext.Current.Request.Cookies.Add(cookie);
}
cookie.Value = cookie_value;
HttpContext.Current.Request.Cookies.Set(cookie);
}


</script>

MultiUpload doesn't work with FireFox (my ver. is 31.0), I get 401 error when upload with 'Browse' button, it works fine with drag&drop.
What am I doing wrong?

Vladimir
Jul 24, 2014, 5:03 PM
Hi

Unfortunatelly, it is known bug in Flash, SwfUpload will not work with Windows authentication
https://code.google.com/p/swfupload/issues/detail?id=236

ViDom
Jul 24, 2014, 8:19 PM
Ok, but I've changed authentication to 'forms' and now I get 302 error in the same place.
My Logon.aspx

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Logon.aspx.cs" Inherits="Logon" %>

<%@ Import Namespace="System.Web.Security" %>

<script runat="server">
protected void Page_Load(object sender, EventArgs e)
{
FormsAuthentication.RedirectFromLoginPage("test", false);
}

</script>
<!DOCTYPE html>
<html>
<head id="Head1" runat="server">
<title>Forms Authentication - Login</title>
</head>
<body>
<form id="form1" runat="server">

</form>
</body>
</html>

New Web.config

<?xml version="1.0"?>
<configuration>
<system.web>
<httpHandlers>
<add path="*/ext.axd" verb="*" type="Ext.Net.ResourceHandler" validate="false" />
</httpHandlers>

<httpModules>
<add name="DirectRequestModule" type="Ext.Net.DirectRequestModule, Ext.Net" />
</httpModules>

<pages>
<controls>
<add assembly="Ext.Net" namespace="Ext.Net" tagPrefix="ext" />
</controls>
</pages>
<compilation debug="true" targetFramework="4.0" />

<authorization>
<deny users="?" />
</authorization>

<authentication mode="Forms">
<forms loginUrl="Logon.aspx" name=".ASPXFORMSAUTH">
</forms>
</authentication>

</system.web>

<system.webServer>
<validation validateIntegratedModeConfiguration="false" />

<modules>
<add name="DirectRequestModule" preCondition="managedHandler" type="Ext.Net.DirectRequestModule, Ext.Net" />
</modules>

<handlers>
<add name="DirectRequestHandler" verb="*" path="*/ext.axd" preCondition="integratedMode" type="Ext.Net.ResourceHandler" />
</handlers>
</system.webServer>

</configuration>

Vladimir
Jul 24, 2014, 8:50 PM
302 status code means redirection
It occurs because you always call 'FormsAuthentication.RedirectFromLoginPage' in page load

Vladimir
Jul 24, 2014, 8:52 PM
Oh, it is login page (with FormsAuthentication.RedirectFromLoginPage)
We will try to reproduce the issue.

Daniil
Jul 25, 2014, 12:13 PM
Somehow FireFox doesn't send ASP.NET's session and authentication's ids with cookies. It is why it breaks.

At this point, I cannot understand why it happens.

As a solution you could send those ids manually via a MultiUpload's PostParams and analyze in Global.asax, setting up the ids.

Daniil
Jul 25, 2014, 2:29 PM
We have found two approaches to overcome the issue.

1. Sending session and authentication ids via a querystring by setting cookieless="UseUri".

<forms loginUrl="Logon.aspx" name=".ASPXFORMSAUTH" cookieless="UseUri" />

or

2. Sending them manually via a MultiUpload's PostParams. Then they will be picked up by the code in Global.asax.

<PostParams>
<ext:Parameter Name="ASPSESSID" Value="<%# Session.SessionID %>" Mode="Value" AutoDataBind="true" />
<ext:Parameter Name="AUTHID" Value="<%# Request.Cookies[FormsAuthentication.FormsCookieName] == null ? string.Empty : Request.Cookies[FormsAuthentication.FormsCookieName].Value %>" Mode="Value" AutoDataBind="true" />
</PostParams>

ViDom
Jul 28, 2014, 8:18 AM
Ok, it works. Thread can be closed, thanks.