Authorization for file upload via an external application

[Guest]

Hello,

I would like to ask for any ideas how to do user authorization for file
upload which is done via an external application (not HtmlInputFile control).

I have an asp.net web site which uses Forms authentication to protect
pages in "members area". I've also created an application (upload wizard)
that allows users to easily upload their files, using "upload.aspx" in
members area. The problem is how to perform user authentication from within
this upload wizard - because the upload page is in members area, it is
protected by Forms authentication and thus all requests are automatically
redirected to a login page.

IMHO there are two ways how to accomplish this:

1) detect redirect to a login page and then POST form with filled user name
and password controls (if this is possible?),

2) Implement custom authentication - use http headers for upload.aspx to
pass user name and password and call FormsAuthentication methods for the rest
of pages...

Has anyone already done something similar? Thanks in advance for any
comments, suggestions, ideas...

Regards,

 

[Guest]

Typically the way people do this is storing the user's permissions in
Page.Session. You shouldn't pass around the username and password. Get that
information on the login page, authenticate the user, then just work off of
the session object.