1

I have created a HttpHandler to be used with SWFUpload to upload images to the server. This upload is done in an administration backend so users need to be authenticated to upload images.

Initially I made the whole administration area deny annonymous users but because of the way SWFUpload appears to work it wouldn't work correctly with Forms authentication and would return a 302 status code.

I had thought it would be possible to make the location of my handler public in Web.config and use context.User.Identity.IsAuthenticated in my handler to determine if the user is logged in.

My problem: is that context.User.Identity.IsAuthenticated always seems false in the handler after I have logged in. Does anyone have any thoughts on why this might be?

abatishchev
  • 98,240
  • 88
  • 296
  • 433
Jason
  • 1,065
  • 1
  • 16
  • 26

3 Answers3

1

Yes, you'll need to use IRequiresSessionState:

public class CustomGenericHandler : IHttpHandler, System.Web.SessionState.IRequiresSessionState
{
//code
}

All your sessions will then be usable in the generic handler. Hope this helps!

Mouhannad
  • 2,209
  • 1
  • 14
  • 12
  • Seems like it's still coming up false for me. Maybe I'm doing something odd here? – Jason Sep 01 '10 at 14:54
  • You do not need IRequiresSessionState if You are using FormsAuthentication. It is only needed if you access Session directly. – Andreas Paulsson Sep 01 '10 at 14:55
  • FormsAuthentication uses sessions as well. Jason, this is strange as this is what I had to do to make my code work. – Mouhannad Sep 01 '10 at 14:57
  • Could it be because the handler is called from the client side in SWFUpload? – Jason Sep 01 '10 at 15:00
  • No because I'm calling it from jquery ajax. Can you make sure the user is logged in, I'm just thinking sometimes when developing the sessions get restarted while the developer doesn't notice- so just make sure the user is logged in and then try to run it. – Mouhannad Sep 01 '10 at 15:03
  • User is logged in. But I've discovered that it's my own fault. Will post the answer. – Jason Sep 01 '10 at 15:09
0

Which browser are you using when testing?

Your solution should work in IE but will fail in FireFox since SwfUpload is Flash based and Flash always send IE cookies to the server since you are logging in (and thereby creating a ASP.NET session cookie) in Firefox but SwfUpload send a different set of cookies.

Andreas Paulsson
  • 7,745
  • 3
  • 25
  • 31
0

My problem was specific to some code added to Global.asax to fix SWFUpload cookie bug for non-IE browsers. I had modified the value of the session_cookie_name variable in the Application_BeginRequest event handler to be the same name as I had set in Web.config.

Doing this breaks the functionality across all browsers. The variable value should be left set to its default "ASP.NET_SESSIONID".

Jason
  • 1,065
  • 1
  • 16
  • 26