Telerik Forums / UI for ASP.NET AJAX
This is a migrated thread and some comments may be shown as answers.

RadAsyncUpload and Custom-body-field

5 Answers 156 Views
AsyncUpload
This is a migrated thread and some comments may be shown as answers.
Gururaj
Top achievements
Rank 1
Gururaj asked on 19 Sep 2016, 02:06 PM
radasyncupload-payload.png

I'm seeing that while uploading the file, RadAsyncUpload is also sending set of additional information as part of the payload (form-data fields) like "rauPostData", "fileName", "contentType", and others data pieces (see attachment).

I'm thinking whether it is possible to add additional custom fields to the payload mainly the CSRF token which will help me evaluate the authenticity of the file upload before it gets processed on the server.

I'm doing all CSRF validation through HttpModule and hence I cannot use Custom RadAsyncUpload Handler which for me is not a viable solution as the module will not let the request reach till this point.

Is there any degree of customization which can help me through this? Any help will be truly appreciated.

Thanks,
Gururaj

5 Answers, 1 is accepted

Sort by
0
Plamen
Telerik team
answered on 22 Sep 2016, 05:06 AM
Hi,

There is not such inbuilt functionality in RadAsyncUpload without implementing a custom handler.

One possible way to achieve similar behavior is to use a approach from this demo where additional field is added to the uploaded file.

Regards,
Plamen
Telerik by Progress
Do you need help with upgrading your ASP.NET AJAX, WPF or WinForms projects? Check the Telerik API Analyzer and share your thoughts.
0
Gururaj
Top achievements
Rank 1
answered on 22 Sep 2016, 06:32 AM

Thanks Plamen for you response and suggestion.

I'm afraid that's not a viable option for me as it leads to a security concern where the user (in worst case scenario the attacker) can upload a file without going through CSRF verification (though it is going to copy the file in a temporary file unless the submit button is clicked).

This possible approach you're suggesting violates the whole purpose of me having CSRF verification.

Thanks,
Gururaj

0
Plamen
Telerik team
answered on 22 Sep 2016, 06:40 AM
Hello,

In such case the only possible solution will be to use a custom handler.

Regards,
Plamen
Telerik by Progress
Do you need help with upgrading your ASP.NET AJAX, WPF or WinForms projects? Check the Telerik API Analyzer and share your thoughts.
0
Gururaj
Top achievements
Rank 1
answered on 26 Sep 2016, 06:12 AM

The architecture of the product involves doing CSRF verification before any requests gets processed. And in case of Custom Handler it is something which has to be done only when after the file has been uploaded and that also means a bespoke implementation due a limitation in the software.

Thanks for your help.

0
Plamen
Telerik team
answered on 27 Sep 2016, 06:58 AM
Hi,

Custom handler solution gives free customization of the file uploading where you are able to override the Process method and perform your logic before the file is processed - it provides possibility to use the layout of RadAsyncUpload and use custom logic for the upload of the files as you would do with any other upload component.

Hope this information will be helpful.

Regards,
Plamen
Telerik by Progress
Do you need help with upgrading your ASP.NET AJAX, WPF or WinForms projects? Check the Telerik API Analyzer and share your thoughts.
Tags
AsyncUpload
Asked by
Gururaj
Top achievements
Rank 1
Answers by
Plamen
Telerik team
Gururaj
Top achievements
Rank 1
Share this question
or