Welcome Guest Search | Active Topics | Sign In | Register

AJAXUploader and Form Authentication Options
Sana
Posted: Friday, August 31, 2007 1:30:05 AM
Rank: Member
Groups: Member

Joined: 6/20/2007
Posts: 17
Hi,

I am using AJAXUploader on a website that implements form authentication. AJAXUploader doesn't seem to work on unsecured pages.

This is a part of the web.config:

Code: XML
<system.web>
   <authentication mode="Forms"  >
        <forms loginUrl="Login.aspx" path="/" name ="authexp" />
   </authentication>
   <authorization>
        <deny users="?" />
   </authorization>
</system.web>


<location path="WebForm1.aspx">
	<system.web>
		<authorization>
			<allow users="*" />
			<allow users="?" />
		</authorization>
	</system.web>
</location>


I placed AJAXUploader on WebForm1.aspx. Whenever I hit Upload button it displays an error message and redirects me to login page. Everything seems to be fine if I change authentication method back to Windows.

Please help!
Sana
Posted: Friday, August 31, 2007 1:37:36 AM
Rank: Member
Groups: Member

Joined: 6/20/2007
Posts: 17
I guess I am that type that asks a question and doesn't wait for an answer Angel

I didn't find solution for this issue anywhere on this forum, nor in help, but I found a workaround (though I still think it's an issue that hopefully will be resolved in future releases). Here's the workaround, just in case someone else runs into the same problem:

Code: XML
<!--Include following part in your web.config -->
<location path="eo_web.ashx">
	<system.web>
		<authorization>
			<allow users="*" />
			<allow users="?" />
		</authorization>
	</system.web>
</location>
Sana
Posted: Friday, August 31, 2007 2:34:54 AM
Rank: Member
Groups: Member

Joined: 6/20/2007
Posts: 17
Well, I was able to avoid login form to popup using my clever workaround, but uploader only uploads first 50kb of the file and stops. Have no idea how to fix that.

Please help!
eo_support
Posted: Friday, August 31, 2007 6:29:32 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,217
Sana wrote:
Well, I was able to avoid login form to popup using my clever workaround, but uploader only uploads first 50kb of the file and stops. Have no idea how to fix that.

Please help!


Hi Sana,

Try add the following settings in your web.config:

Code: HTML/ASPX
<httpRuntime executionTimeout="1000" />


The default executionTimeout is 90 seconds, so when a file upload goes over that, ASP.NET automatically kills the request. You can try to set it to a larger number and see if it helps.

Thanks
Sana
Posted: Friday, August 31, 2007 8:38:48 AM
Rank: Member
Groups: Member

Joined: 6/20/2007
Posts: 17
That doesn't seem to fix the problem. What definitely fixes the problem is changing authentication method back to Windows. As long as I stay away from forms authentication upload works beautifuly. The moment I change it back to forms, it only uploads first 50kb of a file. Unfortunately, Windows authentication is not an option in my project. Is there a reason for such behanior?
eo_support
Posted: Friday, August 31, 2007 8:45:40 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,217
There could be a quota issue where an authenticated windows user gets more quota than an anonymous user but a restriction of 50kb sounds quite ridiculous. Is it possible for you to put it online and also create a temporary test ftp account for us so that we can upload test DLLs to see if we can figure out what's wrong with it?
Sana
Posted: Friday, August 31, 2007 9:10:11 AM
Rank: Member
Groups: Member

Joined: 6/20/2007
Posts: 17
Let me ask you this. If this is a problem with anonymous user quota, would you say that just using <input type="file" /> with code behind file saving should fail as well?
eo_support
Posted: Friday, August 31, 2007 9:15:20 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,217
No. It will not because <input type="file" /> does not actually save the file onto the disk. Our AJAXUploader saves the file into a tempoary directory, that's when the quota and permissions kicks in. Do you see any files get created in your TempFileLocation at all? The problem might be related to your NT permissions on that directory.
Sana
Posted: Friday, August 31, 2007 9:29:19 AM
Rank: Member
Groups: Member

Joined: 6/20/2007
Posts: 17
Well, I actually added button and wrote server side code to manually save file with <input type="file" /> to the same temp directory as AJAXUploader saves file to. It saves file in full for anonymous user. So, I guess the problem is not with NT permissions.

Also, while logged in (form authentication) AJAXUploader also uploads file correctly. It seems like only when not logged in it only uploads first 50kb of file.
eo_support
Posted: Friday, August 31, 2007 9:36:37 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,217
Then we will have to see the problem. I can't think of anything else to check except for the version number. You do want to verify whether you have the latest version (2007.1.30), we did fix something similar but it wasn't as little as 50K, and it had nothing to do with form authentication; however running the same version as we run would definitely help troubleshooting.
eo_support
Posted: Friday, August 31, 2007 9:38:51 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,217
eo_support wrote:
Then we will have to see the problem. I can't think of anything else to check except for the version number. You do want to verify whether you have the latest version (2007.1.30), we did fix something similar but it wasn't as little as 50K, and it had nothing to do with form authentication; however running the same version as we run would definitely help troubleshooting.


Never mind, based on previous post you are probably already on 2007.1.30.
Sana
Posted: Friday, August 31, 2007 9:43:33 AM
Rank: Member
Groups: Member

Joined: 6/20/2007
Posts: 17
Here is the sample project. See if you can recreate this issue:

web.config
=======================
Code: XML

<configuration>
    
  <system.web>
  
	<httpRuntime executionTimeout="5000" />

    <!--  DYNAMIC DEBUG COMPILATION
          Set compilation debug="true" to enable ASPX debugging.  Otherwise, setting this value to
          false will improve runtime performance of this application. 
          Set compilation debug="true" to insert debugging symbols (.pdb information)
          into the compiled page. Because this creates a larger file that executes
          more slowly, you should set this value to true only when debugging and to
          false at all other times. For more information, refer to the documentation about
          debugging ASP.NET files.
    -->
    <compilation 
         defaultLanguage="c#"
         debug="true"
    />

    <!--  CUSTOM ERROR MESSAGES
          Set customErrors mode="On" or "RemoteOnly" to enable custom error messages, "Off" to disable. 
          Add <error> tags for each of the errors you want to handle.

          "On" Always display custom (friendly) messages.
          "Off" Always display detailed ASP.NET error information.
          "RemoteOnly" Display custom (friendly) messages only to users not running 
           on the local Web server. This setting is recommended for security purposes, so 
           that you do not display application detail information to remote clients.
    -->
    <customErrors 
    mode="RemoteOnly" 
    /> 

    <!--  AUTHENTICATION 
          This section sets the authentication policies of the application. Possible modes are "Windows", 
          "Forms", "Passport" and "None"

          "None" No authentication is performed. 
          "Windows" IIS performs authentication (Basic, Digest, or Integrated Windows) according to 
           its settings for the application. Anonymous access must be disabled in IIS. 
          "Forms" You provide a custom form (Web page) for users to enter their credentials, and then 
           you authenticate them in your application. A user credential token is stored in a cookie.
          "Passport" Authentication is performed via a centralized authentication service provided
           by Microsoft that offers a single logon and core profile services for member sites.
    -->
    <authentication mode="Forms"  >
		<forms loginUrl="Login.aspx" path="/" name ="authexp" />
    </authentication>
    
   <!--<authentication mode="Windows"  >
    </authentication>-->
	<!--  AUTHORIZATION 
          This section sets the authorization policies of the application. You can allow or deny access
          to application resources by user or role. Wildcards: "*" mean everyone, "?" means anonymous 
          (unauthenticated) users.
    -->

    <authorization>
        <deny users="?" />
        <!--<allow users="*"/>-->
        
            <!--  <allow     users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
                  <deny      users="[comma separated list of users]"
                             roles="[comma separated list of roles]"/>
            -->
    </authorization>

    <!--  APPLICATION-LEVEL TRACE LOGGING
          Application-level tracing enables trace log output for every page within an application. 
          Set trace enabled="true" to enable application trace logging.  If pageOutput="true", the
          trace information will be displayed at the bottom of each page.  Otherwise, you can view the 
          application trace log by browsing the "trace.axd" page from your web application
          root. 
    -->
    <trace
        enabled="false"
        requestLimit="10"
        pageOutput="false"
        traceMode="SortByTime"
		localOnly="true"
    />

    <!--  SESSION STATE SETTINGS
          By default ASP.NET uses cookies to identify which requests belong to a particular session. 
          If cookies are not available, a session can be tracked by adding a session identifier to the URL. 
          To disable cookies, set sessionState cookieless="true".
    -->
    <sessionState 
            mode="InProc"
            stateConnectionString="tcpip=127.0.0.1:42424"
            sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes"
            cookieless="false" 
            timeout="20" 
    />

    <!--  GLOBALIZATION
          This section sets the globalization settings of the application. 
    -->
    <globalization 
            requestEncoding="utf-8" 
            responseEncoding="utf-8" 
   />
   
 </system.web>


<location path="UnsecuredPage.aspx">
	<system.web>
		<authorization>
			<allow users="*" />
			<allow users="?" />
		</authorization>
	</system.web>
</location>
<location path="eo_web.ashx">
	<system.web>
		<authorization>
			<allow users="*" />
			<allow users="?" />
		</authorization>
	</system.web>
</location>

</configuration>


UnsecuredPage.aspx
=======================================
Code: HTML/ASPX
<%@ Page language="c#" Codebehind="UnsecuredPage.aspx.cs" AutoEventWireup="false" Inherits="WebApplication2.UnsecuredPage" %>
<%@ Register TagPrefix="eo" Namespace="EO.Web" Assembly="EO.Web" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
	<HEAD>
		<title>WebForm3</title>
		<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
		<meta name="CODE_LANGUAGE" Content="C#">
		<meta name="vs_defaultClientScript" content="JavaScript">
		<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">
	</HEAD>
	<body MS_POSITIONING="GridLayout">
		<form id="Form1" method="post" runat="server">
			<asp:Label id="Label1" style="Z-INDEX: 101; LEFT: 8px; POSITION: absolute; TOP: 16px" runat="server">Unsercured content</asp:Label>
			<eo:AJAXUploader id="AJAXUploader1" style="Z-INDEX: 102; LEFT: 8px; POSITION: absolute; TOP: 40px"
				runat="server" Width="250px" TempFileLocation="c:/inetpub/wwwroot/WebApplication2/tmp/" ForceSSL="True"></eo:AJAXUploader>
			<INPUT style="Z-INDEX: 103; LEFT: 8px; POSITION: absolute; TOP: 304px" type="file" runat="server"
				id="Uploader1">
			<asp:Button id="Button1" style="Z-INDEX: 104; LEFT: 248px; POSITION: absolute; TOP: 304px" runat="server"
				Text="Upload"></asp:Button>
			<asp:LinkButton id="LinkButton1" style="Z-INDEX: 105; LEFT: 176px; POSITION: absolute; TOP: 16px"
				runat="server">Logout</asp:LinkButton>
			<asp:LinkButton id="LinkButton2" style="Z-INDEX: 106; LEFT: 136px; POSITION: absolute; TOP: 16px"
				runat="server">Login</asp:LinkButton>
		</form>
	</body>
</HTML>


UnsecuredPage.aspx.cs
=======================================
Code: C#
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Web.Security;

namespace WebApplication2
{
	/// &lt;summary&gt;
	/// Summary description for WebForm3.
	/// &lt;/summary&gt;
	public class UnsecuredPage : System.Web.UI.Page
	{
		protected System.Web.UI.WebControls.Label Label1;
		protected EO.Web.AJAXUploader AJAXUploader1;
		protected System.Web.UI.WebControls.Button Button1;
		protected System.Web.UI.WebControls.LinkButton LinkButton1;
		protected System.Web.UI.WebControls.LinkButton LinkButton2;
		protected HtmlInputFile Uploader1;
	
		private void Page_Load(object sender, System.EventArgs e)
		{
			// Put user code to initialize the page here

			LinkButton2.Visible = true;
			LinkButton1.Visible = false;
		}

		private string UploadFile(HtmlInputFile uploadFile)
		{
			if (uploadFile.PostedFile != null)
			{
				// Check file size (mustn’t be 0)
				HttpPostedFile myFile = uploadFile.PostedFile;

				string ext = System.IO.Path.GetExtension(myFile.FileName).ToLower();
				int nFileLen = myFile.ContentLength;

				if (nFileLen == 0)
				{
					return null;
				}

				// Read file into a data stream
				byte[] myData = new Byte[nFileLen];
				myFile.InputStream.Read(myData,0,nFileLen);
				//
				string sFilename = System.IO.Path.GetFileName(myFile.FileName);
				
				// Save the stream to disk
				string uploadFileName = AJAXUploader1.TempFileLocation + sFilename;

				System.IO.FileStream newFile
					= new System.IO.FileStream(uploadFileName, System.IO.FileMode.Create);
				newFile.Write(myData,0, myData.Length);
				newFile.Close();

				return uploadFileName;
				
			}

			return null;
		}


		#region Web Form Designer generated code
		override protected void OnInit(EventArgs e)
		{
			//
			// CODEGEN: This call is required by the ASP.NET Web Form Designer.
			//
			InitializeComponent();
			base.OnInit(e);
		}
		
		/// &lt;summary&gt;
		/// Required method for Designer support - do not modify
		/// the contents of this method with the code editor.
		/// &lt;/summary&gt;
		private void InitializeComponent()
		{    
			this.Button1.Click += new System.EventHandler(this.Button1_Click);
			this.LinkButton1.Click += new System.EventHandler(this.LinkButton1_Click);
			this.LinkButton2.Click += new System.EventHandler(this.LinkButton2_Click);
			this.Load += new System.EventHandler(this.Page_Load);

		}
		#endregion

		private void Button1_Click(object sender, System.EventArgs e)
		{
			this.UploadFile(Uploader1);
		}

		private void LinkButton1_Click(object sender, System.EventArgs e)
		{
			FormsAuthentication.SignOut();

			LinkButton2.Visible = true;
			LinkButton1.Visible = false;
		}

		private void LinkButton2_Click(object sender, System.EventArgs e)
		{
			// Create a new ticket used for authentication
			FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
				1, // Ticket version
				"Sana", // Username associated with ticket
				DateTime.Now, // Date/time issued
				DateTime.Now.AddMinutes(10), // Date/time to expire
				false, // "true" for a persistent user cookie
				"Sana", // User-data, in this case the roles
				FormsAuthentication.FormsCookiePath);// Path cookie valid for

			// Encrypt the cookie using the machine key for secure transport
			string hash = FormsAuthentication.Encrypt(ticket);
			HttpCookie cookie = new HttpCookie(
				FormsAuthentication.FormsCookieName, // Name of auth cookie
				hash); // Hashed ticket

			// Set the cookie's expiration time to the tickets expiration time
			if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;

			// Add the cookie to the list for outgoing response
			HttpContext.Current.Response.Cookies.Add(cookie);

			LinkButton2.Visible = false;
			LinkButton1.Visible = true;
		
		}
	}
}


Instructions:

1. Make sure you change AJAXUploader.TempFileLocation to where you want to save files
2. First try and upload file that is more than 50kb in size wihtout Login. At this point, at least on my local host only first 50kb get uploaded.
3. Try and upload the same file with <input type="file"/> (second upload on page). In my case, the whole file gets uploaded in split of a second.
4. Login, and upload the same file with AJAXUploader. In my case, the file gets uploaded in full as well.

You can also try and experiment with web.config changing authentication mode="Windows".

Let me know if this helps at all.
Sana
Posted: Friday, August 31, 2007 9:44:59 AM
Rank: Member
Groups: Member

Joined: 6/20/2007
Posts: 17
Just to confirm, I run 2007.1.30.
eo_support
Posted: Friday, August 31, 2007 10:25:47 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,217
I tried the code at here and it works fine regardless log in or not. Would you be available this afternoon? We can setup an online meeting with which you can share your screen/kb & mouse with us so that we can take a look.
Sana
Posted: Friday, August 31, 2007 10:55:00 AM
Rank: Member
Groups: Member

Joined: 6/20/2007
Posts: 17
I tried the code on two different web servers and get the same results: only first 50kb of a file gets uploaded when not logged in. That makes me think that we may use different versions of eo.web.dll. The one that I am using is Version 4.0.30.1.

I will be available for conference call this afternoon.
eo_support
Posted: Friday, August 31, 2007 11:18:50 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,217
I've setup an online meeting for you. Please see your private message for the meeting link.
eo_support
Posted: Monday, September 3, 2007 11:00:51 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,217
Hi Sana,

We have posted a new build that addressed this issue. Please see your private message for download location. With the new build you will need to modify your web.config in order for it to work with form authentication. The .chm help file in the new build has also been updated accordingly with details.

Thanks
Sana
Posted: Tuesday, September 4, 2007 8:18:23 AM
Rank: Member
Groups: Member

Joined: 6/20/2007
Posts: 17
Thanks guys! Works like a charm now ;)


You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.