Flash won't include ASP.NET authentication when posting

Ever wanted to use a Flash application posting to your ASP.NET pages, for instance a multiple upload component, and at the same time ensure that the poster is authenticated? This works fine without any additional work in Internet Explorer, but any other browser will fail. This is because Flash won't inherit the cookies from the ASP.NET page it runs at. Thus loosing sessions and authentication.

The solution is pretty easy to implement. First of all, you cannot have the pages you post to behind authentication in the web.config. You need to do all authentication manually.

First of all you need to pass a variable containing encrypted user data to the Flash and then post it together with whatever you are posting.
string userData;

if(User.Identity.IsAuthenticated) {
userData = FormsAuthentication.Encrypt(((FormsIdentity)User.Identity).Ticket);

You pass userData to your Flash and then post it to the server where you use it to authenticate the call:
string encrypted = Request.QueryString["UserData"];
FormsAuthenticationTicket ticket = FormsAuthentication.Decrypt(encrypted);

if (!ticket.Expired) {
// The user is authenticated
// Do your stuff here..

Related posts:


comments powered by Disqus