Uploadify (sesión y autenticación) con ASP.NET MVC

Cuando uso Authorize filter en una acción o un controlador utilizado por uplodify ( http://www.uploadify.com/ ) la acción no se alcanza …

además, la sesión no se recupera.

Encontré esto para recuperar la sesión del usuario:

http://geekswithblogs.net/apopovsky/archive/2009/05/06/working-around-flash-cookie-bug-in-asp.net-mvc.aspx

¿Pero cómo usarlo con el filtro [Authorize] y la sesión recuperada?

Para corregir esto, le propongo una solución … Envíe el valor de cookie de autenticación y el valor de la cookie de id de sesión con uploadify y vuelva a crearlo antes de recuperar la sesión.

aquí está el código para implementar en la vista:

  

Y luego en Global.asax:

 protected void Application_BeginRequest(object sender, EventArgs e) { /* we guess at this point session is not already retrieved by application so we recreate cookie with the session id... */ try { string session_param_name = "ASPSESSID"; string session_cookie_name = "ASP.NET_SessionId"; if (HttpContext.Current.Request.Form[session_param_name] != null) { UpdateCookie(session_cookie_name, HttpContext.Current.Request.Form[session_param_name]); } else if (HttpContext.Current.Request.QueryString[session_param_name] != null) { UpdateCookie(session_cookie_name, HttpContext.Current.Request.QueryString[session_param_name]); } } catch { } try { string auth_param_name = "AUTHID"; string auth_cookie_name = FormsAuthentication.FormsCookieName; if (HttpContext.Current.Request.Form[auth_param_name] != null) { UpdateCookie(auth_cookie_name, HttpContext.Current.Request.Form[auth_param_name]); } else if (HttpContext.Current.Request.QueryString[auth_param_name] != null) { UpdateCookie(auth_cookie_name, HttpContext.Current.Request.QueryString[auth_param_name]); } } catch { } } private void UpdateCookie(string cookie_name, string cookie_value) { HttpCookie cookie = HttpContext.Current.Request.Cookies.Get(cookie_name); if (null == cookie) { cookie = new HttpCookie(cookie_name); } cookie.Value = cookie_value; HttpContext.Current.Request.Cookies.Set(cookie); } 

Y listo, con ese método es totalmente transparente.

Espero que ayude a algunos !! 😉

EDITADO : use formData en lugar de scriptData

Esta solución funciona genial. Traducí el código a vb si alguien lo quiere:

  Protected Sub Application_BeginRequest(ByVal sender As Object, ByVal e As System.EventArgs) 'we guess at this point session is not already retrieved by application so we recreate cookie with the session id... Try Dim session_param_name = "ASPSESSID" Dim session_cookie_name = "ASP.NET_SessionId" If Not HttpContext.Current.Request.Form(session_param_name) Is Nothing Then UpdateCookie(session_cookie_name, HttpContext.Current.Request.Form(session_param_name)) ElseIf Not HttpContext.Current.Request.QueryString(session_param_name) Is Nothing Then UpdateCookie(session_cookie_name, HttpContext.Current.Request.QueryString(session_param_name)) End If Catch ex As Exception End Try Try Dim auth_param_name = "AUTHID" Dim auth_cookie_name = FormsAuthentication.FormsCookieName If Not HttpContext.Current.Request.Form(auth_param_name) Is Nothing Then UpdateCookie(auth_cookie_name, HttpContext.Current.Request.Form(auth_param_name)) ElseIf Not HttpContext.Current.Request.QueryString(auth_param_name) Is Nothing Then UpdateCookie(auth_cookie_name, HttpContext.Current.Request.QueryString(auth_param_name)) End If catch ex As Exception End Try End Sub Private Sub UpdateCookie(ByVal cookie_name As String, ByVal cookie_value As String) Dim cookie = HttpContext.Current.Request.Cookies.Get(cookie_name) If cookie Is Nothing Then cookie = New HttpCookie(cookie_name) End If cookie.Value = cookie_value HttpContext.Current.Request.Cookies.Set(cookie) End Sub 

Aquí está la parte para la asignación de la variable javascript:

 var auth = "<%=IIf(Request.Cookies(FormsAuthentication.FormsCookieName) Is Nothing, "", Request.Cookies(FormsAuthentication.FormsCookieName).Value)%>"; var ASPSESSID = "<%=Session.SessionID%>"; 

Tal vez alguien que trabaje en VB pueda beneficiarse de eso.

Para código convertido VB * comience el bloque de código con <% # en vez de <% =

es decir

 var auth='<%# IIf(Request.Cookies(FormsAuthentication.FormsCookieName) Is Nothing, "", Request.Cookies(FormsAuthentication.FormsCookieName).Value)%>'; var ASPSESSID = '<%# Session.SessionID%>';