zoukankan      html  css  js  c++  java
  • jquery.uploadify不支持MVC的Authorize

    原文发布时间为:2011-10-18 —— 来源于本人的百度文章 [由搬家工具导入]

    为什么jquery.uploadify不支持MVC的Authorize呢,因为flash的cookie跟服务端的不一样。

    http://stackoverflow.com/questions/1729179/uploadify-session-and-authentication-with-asp-net-mvc

    There was not "properly" an issue with my code. The usage of the plugin was generally correct but there was an issue with the authentication mechanism.

    As everybody can find on the internet the flash plugin does not share the authentication cookie with the server-side code and this was the reason behind the usage of the "scriptData" section inside my code that contained the Authentication Cookie.

    The problem was related to the fact that the controller was decorated with the [Authorize] attribute and this was never letting the request reach its destination.

    The solution, found with the help of another user on the uploadify forum, is to write a customized version of the AuthorizeAttribute like you can see in the following code.

    /// <summary>
    /// A custom version of the <see cref="AuthorizeAttribute"/> that supports working
    /// around a cookie/session bug in Flash.  
    /// </summary>
    /// <remarks>
    /// Details of the bug and workaround can be found on this blog:
    /// http://geekswithblogs.net/apopovsky/archive/2009/05/06/working-around-flash-cookie-bug-in-asp.net-mvc.aspx
    /// </remarks>
    [AttributeUsage(AttributeTargets.Class|AttributeTargets.Method,Inherited=true,AllowMultiple=true)]
    publicclassTokenizedAuthorizeAttribute:AuthorizeAttribute
    {
        /// <summary>
        /// The key to the authentication token that should be submitted somewhere in the request.
        /// </summary>
        privateconststring TOKEN_KEY ="AuthenticationToken";

        /// <summary>
        /// This changes the behavior of AuthorizeCore so that it will only authorize
        /// users if a valid token is submitted with the request.
        /// </summary>
        /// <param name="httpContext"></param>
        /// <returns></returns>
        protectedoverrideboolAuthorizeCore(System.Web.HttpContextBase httpContext ){
            string token = httpContext.Request.Params[TOKEN_KEY];

            if( token !=null){
                FormsAuthenticationTicket ticket =FormsAuthentication.Decrypt( token );

                if( ticket !=null){
                    FormsIdentity identity =newFormsIdentity( ticket );
                    string[] roles =System.Web.Security.Roles.GetRolesForUser( identity.Name);
                    GenericPrincipal principal =newGenericPrincipal( identity, roles );
                    httpContext.User= principal;
                }
            }

            returnbase.AuthorizeCore( httpContext );
        }
    }

    http://www.uploadify.com/download/

  • 相关阅读:
    2017-10-11seowhy记录
    2017.8.23创业项目方向
    西安项目分析
    创业方法
    做seowhy官网需要三个人
    2017.8.2 高级长尾编辑技巧
    Golang 任务队列策略 -- 读《JOB QUEUES IN GO》
    Go 到底有没有引用传参(对比 C++ )
    使用xorm工具,根据数据库自动生成 go 代码
    golang的Channel
  • 原文地址:https://www.cnblogs.com/handboy/p/7182569.html
Copyright © 2011-2022 走看看