Implement Simple Authentication

In order to authenticate the user that uploads files on the server-side of your application, you have to validate the user on the client and pass a parameter with his status to the server. To learn more about passing parameters to the Upload Handler read here.

On the server you have to read the parameter and take the respective actions, depending on its value. There are several things that you have to do in order to achieve a reliable authentication on the server. First you have to override the SaveChunkData() method of the RadUploadHandler class.

Example 1: Overriding the SaveChunkData method

public override bool SaveChunkData( string filePath, long position, byte[] buffer, int contentLength, out int savedBytes ) 
{ 
    return base.SaveChunkData( filePath, position, buffer, contentLength, out savedBytes ); 
} 
Public Overrides Function SaveChunkData(filePath As String, position As Long, buffer As Byte(), contentLength As Integer, savedBytes As Integer) As Boolean 
 Return MyBase.SaveChunkData(filePath, position, buffer, contentLength, savedBytes) 
End Function 

Then you have to check if the parameter sent by the client indicates whether the user is valid or not. If the user is valid you have to call the base method.

To learn how to work with parameters read here.

Example 2: Authenticate the user

public override bool SaveChunkData( string filePath, long position, byte[] buffer, int contentLength, out int savedBytes ) 
{ 
    string authorized = this.GetQueryParameter("Authorized"); 
    bool isAuthorized = !string.IsNullOrEmpty( authorized ) && authorized.ToLower() == "true"; 
    if ( !isAuthorized ) 
    { 
    } 
    return base.SaveChunkData( filePath, position, buffer, contentLength, out savedBytes ); 
} 
Public Overrides Function SaveChunkData(filePath As String, position As Long, buffer As Byte(), contentLength As Integer, savedBytes As Integer) As Boolean 
 Dim authorized As String = Me.GetQueryParameter("Authorized") 
 Dim isAuthorized As Boolean = Not String.IsNullOrEmpty(authorized) AndAlso authorized.ToLower() = "true" 
 If Not isAuthorized Then 
 End If 
 Return MyBase.SaveChunkData(filePath, position, buffer, contentLength, savedBytes) 
End Function 

If the user is not valid, you have to skip the execution of the base method and return the following set of parameters to the client.

Example 3: Skipping the chunk saving if the user is not valid

public override bool SaveChunkData( string filePath, long position, byte[] buffer, int contentLength, out int savedBytes ) 
{ 
    string authorized = this.GetQueryParameter( "Authorized" ); 
    bool isAuthorized = !string.IsNullOrEmpty( authorized ) && authorized.ToLower() == "true"; 
    if ( !isAuthorized ) 
    { 
        this.AddReturnParam( RadUploadConstants.ParamNameMessage, "Security token is required. Please login." ); 
        string fileName = this.GetQueryParameter( RadUploadConstants.ParamNameFileName ); 
        this.AddReturnFileParam( RadUploadConstants.ParamNameSuccess, false ); 
        this.AddReturnFileParam( RadUploadConstants.ParamNameFileName, fileName ); 
        this.AddReturnFileParam( RadUploadConstants.ParamNameFinalFileRequest, true ); 
        savedBytes = 0; 
        return false; 
    } 
    return base.SaveChunkData( filePath, position, buffer, contentLength, out savedBytes ); 
} 
Public Overrides Function SaveChunkData(filePath As String, position As Long, buffer As Byte(), contentLength As Integer, savedBytes As Integer) As Boolean 
 Dim authorized As String = Me.GetQueryParameter("Authorized") 
 Dim isAuthorized As Boolean = Not String.IsNullOrEmpty(authorized) AndAlso authorized.ToLower() = "true" 
 If Not isAuthorized Then 
  Me.AddReturnParam(RadUploadConstants.ParamNameMessage, "Security token is required. Please login.") 
  Dim fileName As String = Me.GetQueryParameter(RadUploadConstants.ParamNameFileName) 
  Me.AddReturnFileParam(RadUploadConstants.ParamNameSuccess, False) 
  Me.AddReturnFileParam(RadUploadConstants.ParamNameFileName, fileName) 
  Me.AddReturnFileParam(RadUploadConstants.ParamNameFinalFileRequest, True) 
  savedBytes = 0 
  Return False 
 End If 
 Return MyBase.SaveChunkData(filePath, position, buffer, contentLength, savedBytes) 
End Function 

Here is a snapshot of the RadUpload control, after an invalid upload attempt.

Silverlight RadUpload Security Token Required Message Notification

See Also

In this article