Bug? Bad design?

Topics: ASP.NET 2.0, Business Logic Layer
Feb 15, 2009 at 6:02 PM
Edited Feb 15, 2009 at 6:32 PM

Hi,

I converted from DasBlog today to Blog Engine .NET.  First thing I modified was the web.config adding:
authorization / deny ?   Forcing everyone to log on.

I then made a post with an uploaded "wmv" file. The file couldn't be viewed. I checked the source and made the following modifcations to "filehandler.cs"
 else if (fileName.EndsWith(".wmv"))
context.Response.AddHeader(
"Content-Type", "video/x-ms-wmv");

 Then it worked on the developer platform. But not on the real site. Conclusion:  The request is served by another context that is not authorized?

// Lazze

Feb 15, 2009 at 7:23 PM
Edited Feb 15, 2009 at 7:24 PM

I belive I have found the answer... seems that the ticket can't crossover to the mediaplayer. Suggested solution here:
http://mvolo.com/blogs/serverside/archive/2008/11/16/IIS-7.0-Forms-Authentication-and-Embedded-Media-Players.aspx

// Lazze
Coordinator
Feb 16, 2009 at 5:28 PM
Edited Feb 16, 2009 at 5:29 PM
Hi.  If you're retrieving a file with the file handler (file.axd), then forms authentication is not required for this.  Forms authentication is used to log into the Admin section of BE and to do some administrative tasks on the main blog.  Any visitor to your site can click on one of the file.axd links without needing to log in first.  No cookies are being used for file.axd to work.  So I don't see how the link to mvolo.com's blog is relevant here.

Regarding content type, t's true you can set the content-type to "video/x-ms-wmv".  You can modify the BE core to do that (which you may have done already).  But I don't believe the file handler was designed to send the corresponding content type for each type of file.  Instead, I'm pretty sure it was designed as a generic method to allow people to download files from your blog.  The handler currently sets the content-type to "application/octet-stream" for all files except for PDFs.  The "application/octet-stream" content type is a generic way to tell the browser to just download something.

I mentioned in the other thread that I was able to click on a file.axd link on my blog and successfully both view and download a WMV file.  I could do that without even setting content-type to "video/x-ms-wmv".  I'd suggest you try the file handler with another WMV, and if that doesn't work, have someone else try clicking on the file.axd link from their computer.  You can even post a link to the file.axd for your WMV file here and someone here can try it.
Coordinator
Feb 16, 2009 at 5:46 PM
So I just saw your other post and re-read your first message here.  I didn't catch the part in your first post here where you were requiring forms authentication for your entire blog.  Apologies for not reading carefully enough!
Feb 16, 2009 at 5:55 PM

Ben,

You are excused :-) Please, see my other entry "Guide to making BE a private blog".

I'm using BE as a family blog with pictures of our childrens and stuff like that - I'd like it to be "somewhat" private.

I'm finding it REALLY easy and simple to modify BE - good structure of code ... more comments in the code should be welcomed :-)

Regards,

   Lazze