jquery.uploadify不支持MVC的Authorize

原文发布时间为：2011-10-18 —— 来源于本人的百度文章 [由搬家工具导入]

为什么jquery.uploadify不支持MVC的Authorize呢，因为flash的cookie跟服务端的不一样。

http://stackoverflow.com/questions/1729179/uploadify-session-and-authentication-with-asp-net-mvc

There was not "properly" an issue with my code. The usage of the plugin was generally correct but there was an issue with the authentication mechanism.

As everybody can find on the internet the flash plugin does not share the authentication cookie with the server-side code and this was the reason behind the usage of the "scriptData" section inside my code that contained the Authentication Cookie.

The problem was related to the fact that the controller was decorated with the [Authorize] attribute and this was never letting the request reach its destination.

The solution, found with the help of another user on the uploadify forum, is to write a customized version of the AuthorizeAttribute like you can see in the following code.

/// <summary>
/// A custom version of the <see cref="AuthorizeAttribute"/> that supports working
/// around a cookie/session bug in Flash.  
/// </summary>
/// <remarks>
/// Details of the bug and workaround can be found on this blog:
/// http://geekswithblogs.net/apopovsky/archive/2009/05/06/working-around-flash-cookie-bug-in-asp.net-mvc.aspx
/// </remarks>
[AttributeUsage(AttributeTargets.Class|AttributeTargets.Method,Inherited=true,AllowMultiple=true)]
publicclassTokenizedAuthorizeAttribute:AuthorizeAttribute
{
    /// <summary>
    /// The key to the authentication token that should be submitted somewhere in the request.
    /// </summary>
    privateconststring TOKEN_KEY ="AuthenticationToken";

    /// <summary>
    /// This changes the behavior of AuthorizeCore so that it will only authorize
    /// users if a valid token is submitted with the request.
    /// </summary>
    /// <param name="httpContext"></param>
    /// <returns></returns>
    protectedoverrideboolAuthorizeCore(System.Web.HttpContextBase httpContext ){
        string token = httpContext.Request.Params[TOKEN_KEY];

        if( token !=null){
            FormsAuthenticationTicket ticket =FormsAuthentication.Decrypt( token );

            if( ticket !=null){
                FormsIdentity identity =newFormsIdentity( ticket );
                string[] roles =System.Web.Security.Roles.GetRolesForUser( identity.Name);
                GenericPrincipal principal =newGenericPrincipal( identity, roles );
                httpContext.User= principal;
            }
        }

        returnbase.AuthorizeCore( httpContext );
    }
}

http://www.uploadify.com/download/