|
Rank: Member Groups: Member
Joined: 6/20/2007 Posts: 17
|
Hi, I am using AJAXUploader on a website that implements form authentication. AJAXUploader doesn't seem to work on unsecured pages. This is a part of the web.config:
Code: XML
<system.web>
<authentication mode="Forms" >
<forms loginUrl="Login.aspx" path="/" name ="authexp" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="WebForm1.aspx">
<system.web>
<authorization>
<allow users="*" />
<allow users="?" />
</authorization>
</system.web>
</location>
I placed AJAXUploader on WebForm1.aspx. Whenever I hit Upload button it displays an error message and redirects me to login page. Everything seems to be fine if I change authentication method back to Windows. Please help!
|
|
Rank: Member Groups: Member
Joined: 6/20/2007 Posts: 17
|
I guess I am that type that asks a question and doesn't wait for an answer I didn't find solution for this issue anywhere on this forum, nor in help, but I found a workaround (though I still think it's an issue that hopefully will be resolved in future releases). Here's the workaround, just in case someone else runs into the same problem:
Code: XML
<!--Include following part in your web.config -->
<location path="eo_web.ashx">
<system.web>
<authorization>
<allow users="*" />
<allow users="?" />
</authorization>
</system.web>
</location>
|
|
Rank: Member Groups: Member
Joined: 6/20/2007 Posts: 17
|
Well, I was able to avoid login form to popup using my clever workaround, but uploader only uploads first 50kb of the file and stops. Have no idea how to fix that.
Please help!
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,217
|
Sana wrote:Well, I was able to avoid login form to popup using my clever workaround, but uploader only uploads first 50kb of the file and stops. Have no idea how to fix that.
Please help! Hi Sana, Try add the following settings in your web.config:
Code: HTML/ASPX
<httpRuntime executionTimeout="1000" />
The default executionTimeout is 90 seconds, so when a file upload goes over that, ASP.NET automatically kills the request. You can try to set it to a larger number and see if it helps. Thanks
|
|
Rank: Member Groups: Member
Joined: 6/20/2007 Posts: 17
|
That doesn't seem to fix the problem. What definitely fixes the problem is changing authentication method back to Windows. As long as I stay away from forms authentication upload works beautifuly. The moment I change it back to forms, it only uploads first 50kb of a file. Unfortunately, Windows authentication is not an option in my project. Is there a reason for such behanior?
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,217
|
There could be a quota issue where an authenticated windows user gets more quota than an anonymous user but a restriction of 50kb sounds quite ridiculous. Is it possible for you to put it online and also create a temporary test ftp account for us so that we can upload test DLLs to see if we can figure out what's wrong with it?
|
|
Rank: Member Groups: Member
Joined: 6/20/2007 Posts: 17
|
Let me ask you this. If this is a problem with anonymous user quota, would you say that just using <input type="file" /> with code behind file saving should fail as well?
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,217
|
No. It will not because <input type="file" /> does not actually save the file onto the disk. Our AJAXUploader saves the file into a tempoary directory, that's when the quota and permissions kicks in. Do you see any files get created in your TempFileLocation at all? The problem might be related to your NT permissions on that directory.
|
|
Rank: Member Groups: Member
Joined: 6/20/2007 Posts: 17
|
Well, I actually added button and wrote server side code to manually save file with <input type="file" /> to the same temp directory as AJAXUploader saves file to. It saves file in full for anonymous user. So, I guess the problem is not with NT permissions.
Also, while logged in (form authentication) AJAXUploader also uploads file correctly. It seems like only when not logged in it only uploads first 50kb of file.
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,217
|
Then we will have to see the problem. I can't think of anything else to check except for the version number. You do want to verify whether you have the latest version (2007.1.30), we did fix something similar but it wasn't as little as 50K, and it had nothing to do with form authentication; however running the same version as we run would definitely help troubleshooting.
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,217
|
eo_support wrote:Then we will have to see the problem. I can't think of anything else to check except for the version number. You do want to verify whether you have the latest version (2007.1.30), we did fix something similar but it wasn't as little as 50K, and it had nothing to do with form authentication; however running the same version as we run would definitely help troubleshooting. Never mind, based on previous post you are probably already on 2007.1.30.
|
|
Rank: Member Groups: Member
Joined: 6/20/2007 Posts: 17
|
Here is the sample project. See if you can recreate this issue: web.config =======================
Code: XML
<configuration>
<system.web>
<httpRuntime executionTimeout="5000" />
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to enable ASPX debugging. Otherwise, setting this value to
false will improve runtime performance of this application.
Set compilation debug="true" to insert debugging symbols (.pdb information)
into the compiled page. Because this creates a larger file that executes
more slowly, you should set this value to true only when debugging and to
false at all other times. For more information, refer to the documentation about
debugging ASP.NET files.
-->
<compilation
defaultLanguage="c#"
debug="true"
/>
<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.
"On" Always display custom (friendly) messages.
"Off" Always display detailed ASP.NET error information.
"RemoteOnly" Display custom (friendly) messages only to users not running
on the local Web server. This setting is recommended for security purposes, so
that you do not display application detail information to remote clients.
-->
<customErrors
mode="RemoteOnly"
/>
<!-- AUTHENTICATION
This section sets the authentication policies of the application. Possible modes are "Windows",
"Forms", "Passport" and "None"
"None" No authentication is performed.
"Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to
its settings for the application. Anonymous access must be disabled in IIS.
"Forms" You provide a custom form (Web page) for users to enter their credentials, and then
you authenticate them in your application. A user credential token is stored in a cookie.
"Passport" Authentication is performed via a centralized authentication service provided
by Microsoft that offers a single logon and core profile services for member sites.
-->
<authentication mode="Forms" >
<forms loginUrl="Login.aspx" path="/" name ="authexp" />
</authentication>
<!--<authentication mode="Windows" >
</authentication>-->
<!-- AUTHORIZATION
This section sets the authorization policies of the application. You can allow or deny access
to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<deny users="?" />
<!--<allow users="*"/>-->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>
<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page within an application.
Set trace enabled="true" to enable application trace logging. If pageOutput="true", the
trace information will be displayed at the bottom of each page. Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your web application
root.
-->
<trace
enabled="false"
requestLimit="10"
pageOutput="false"
traceMode="SortByTime"
localOnly="true"
/>
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong to a particular session.
If cookies are not available, a session can be tracked by adding a session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
cookieless="false"
timeout="20"
/>
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization
requestEncoding="utf-8"
responseEncoding="utf-8"
/>
</system.web>
<location path="UnsecuredPage.aspx">
<system.web>
<authorization>
<allow users="*" />
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="eo_web.ashx">
<system.web>
<authorization>
<allow users="*" />
<allow users="?" />
</authorization>
</system.web>
</location>
</configuration>
UnsecuredPage.aspx =======================================
Code: HTML/ASPX
<%@ Page language="c#" Codebehind="UnsecuredPage.aspx.cs" AutoEventWireup="false" Inherits="WebApplication2.UnsecuredPage" %>
<%@ Register TagPrefix="eo" Namespace="EO.Web" Assembly="EO.Web" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
<HEAD>
<title>WebForm3</title>
<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
<meta name="CODE_LANGUAGE" Content="C#">
<meta name="vs_defaultClientScript" content="JavaScript">
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
</HEAD>
<body MS_POSITIONING="GridLayout">
<form id="Form1" method="post" runat="server">
<asp:Label id="Label1" style="Z-INDEX: 101; LEFT: 8px; POSITION: absolute; TOP: 16px" runat="server">Unsercured content</asp:Label>
<eo:AJAXUploader id="AJAXUploader1" style="Z-INDEX: 102; LEFT: 8px; POSITION: absolute; TOP: 40px"
runat="server" Width="250px" TempFileLocation="c:/inetpub/wwwroot/WebApplication2/tmp/" ForceSSL="True"></eo:AJAXUploader>
<INPUT style="Z-INDEX: 103; LEFT: 8px; POSITION: absolute; TOP: 304px" type="file" runat="server"
id="Uploader1">
<asp:Button id="Button1" style="Z-INDEX: 104; LEFT: 248px; POSITION: absolute; TOP: 304px" runat="server"
Text="Upload"></asp:Button>
<asp:LinkButton id="LinkButton1" style="Z-INDEX: 105; LEFT: 176px; POSITION: absolute; TOP: 16px"
runat="server">Logout</asp:LinkButton>
<asp:LinkButton id="LinkButton2" style="Z-INDEX: 106; LEFT: 136px; POSITION: absolute; TOP: 16px"
runat="server">Login</asp:LinkButton>
</form>
</body>
</HTML>
UnsecuredPage.aspx.cs =======================================
Code: C#
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Web.Security;
namespace WebApplication2
{
/// <summary>
/// Summary description for WebForm3.
/// </summary>
public class UnsecuredPage : System.Web.UI.Page
{
protected System.Web.UI.WebControls.Label Label1;
protected EO.Web.AJAXUploader AJAXUploader1;
protected System.Web.UI.WebControls.Button Button1;
protected System.Web.UI.WebControls.LinkButton LinkButton1;
protected System.Web.UI.WebControls.LinkButton LinkButton2;
protected HtmlInputFile Uploader1;
private void Page_Load(object sender, System.EventArgs e)
{
// Put user code to initialize the page here
LinkButton2.Visible = true;
LinkButton1.Visible = false;
}
private string UploadFile(HtmlInputFile uploadFile)
{
if (uploadFile.PostedFile != null)
{
// Check file size (mustn’t be 0)
HttpPostedFile myFile = uploadFile.PostedFile;
string ext = System.IO.Path.GetExtension(myFile.FileName).ToLower();
int nFileLen = myFile.ContentLength;
if (nFileLen == 0)
{
return null;
}
// Read file into a data stream
byte[] myData = new Byte[nFileLen];
myFile.InputStream.Read(myData,0,nFileLen);
//
string sFilename = System.IO.Path.GetFileName(myFile.FileName);
// Save the stream to disk
string uploadFileName = AJAXUploader1.TempFileLocation + sFilename;
System.IO.FileStream newFile
= new System.IO.FileStream(uploadFileName, System.IO.FileMode.Create);
newFile.Write(myData,0, myData.Length);
newFile.Close();
return uploadFileName;
}
return null;
}
#region Web Form Designer generated code
override protected void OnInit(EventArgs e)
{
//
// CODEGEN: This call is required by the ASP.NET Web Form Designer.
//
InitializeComponent();
base.OnInit(e);
}
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.Button1.Click += new System.EventHandler(this.Button1_Click);
this.LinkButton1.Click += new System.EventHandler(this.LinkButton1_Click);
this.LinkButton2.Click += new System.EventHandler(this.LinkButton2_Click);
this.Load += new System.EventHandler(this.Page_Load);
}
#endregion
private void Button1_Click(object sender, System.EventArgs e)
{
this.UploadFile(Uploader1);
}
private void LinkButton1_Click(object sender, System.EventArgs e)
{
FormsAuthentication.SignOut();
LinkButton2.Visible = true;
LinkButton1.Visible = false;
}
private void LinkButton2_Click(object sender, System.EventArgs e)
{
// Create a new ticket used for authentication
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1, // Ticket version
"Sana", // Username associated with ticket
DateTime.Now, // Date/time issued
DateTime.Now.AddMinutes(10), // Date/time to expire
false, // "true" for a persistent user cookie
"Sana", // User-data, in this case the roles
FormsAuthentication.FormsCookiePath);// Path cookie valid for
// Encrypt the cookie using the machine key for secure transport
string hash = FormsAuthentication.Encrypt(ticket);
HttpCookie cookie = new HttpCookie(
FormsAuthentication.FormsCookieName, // Name of auth cookie
hash); // Hashed ticket
// Set the cookie's expiration time to the tickets expiration time
if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
// Add the cookie to the list for outgoing response
HttpContext.Current.Response.Cookies.Add(cookie);
LinkButton2.Visible = false;
LinkButton1.Visible = true;
}
}
}
Instructions: 1. Make sure you change AJAXUploader.TempFileLocation to where you want to save files 2. First try and upload file that is more than 50kb in size wihtout Login. At this point, at least on my local host only first 50kb get uploaded. 3. Try and upload the same file with <input type="file"/> (second upload on page). In my case, the whole file gets uploaded in split of a second. 4. Login, and upload the same file with AJAXUploader. In my case, the file gets uploaded in full as well. You can also try and experiment with web.config changing authentication mode="Windows". Let me know if this helps at all.
|
|
Rank: Member Groups: Member
Joined: 6/20/2007 Posts: 17
|
Just to confirm, I run 2007.1.30.
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,217
|
I tried the code at here and it works fine regardless log in or not. Would you be available this afternoon? We can setup an online meeting with which you can share your screen/kb & mouse with us so that we can take a look.
|
|
Rank: Member Groups: Member
Joined: 6/20/2007 Posts: 17
|
I tried the code on two different web servers and get the same results: only first 50kb of a file gets uploaded when not logged in. That makes me think that we may use different versions of eo.web.dll. The one that I am using is Version 4.0.30.1.
I will be available for conference call this afternoon.
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,217
|
I've setup an online meeting for you. Please see your private message for the meeting link.
|
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,217
|
Hi Sana,
We have posted a new build that addressed this issue. Please see your private message for download location. With the new build you will need to modify your web.config in order for it to work with form authentication. The .chm help file in the new build has also been updated accordingly with details.
Thanks
|
|
Rank: Member Groups: Member
Joined: 6/20/2007 Posts: 17
|
Thanks guys! Works like a charm now ;)
|
|