By default, it is not possible to perform authenticated uploads because AppletFile does not have access to the necessary authentication information. Without this information, upload requests created by AppletFile are sent anonymously causing them to be rejected.   To solve this problem you must set the authorization parameter to pass the authentication information from the browser back to AppletFile.  Because this information is not static, your upload form must be implemented as a server-side script.

The example below demonstrates how to pass authentication information using Active Server Pages scripting:

<!-- Pass authentication info to the applet -->
<% If Len(Request.ServerVariables("HTTP_AUTHORIZATION")) > 0 Then %>
<param name="authorization" value="<%=Request.ServerVariables("HTTP_AUTHORIZATION")%>">
<% ElseIf Len(Request.ServerVariables("AUTH_TYPE")) > 0 Then %>
<param name="authorization" value="<%=Request.ServerVariables("AUTH_TYPE")%>">
<% End If %>

In this example, the authorization parameter is set to the contents of the standard HTTP authorization header, if present. Otherwise it uses the IIS specific AUTH_TYPE variable that would indicate NTLM authentication if present.

This same technique can be applied using other scripting environments, such as Cold Fusion:

<!-- Pass authentication info to the applet -->
<CFIF CGI.HTTP_AUTHORIZATION IS NOT "">
<cfoutput><param name="authorization" value="#CGI.HTTP_AUTHORIZATION#"></cfoutput>
<CFELSEIF CGI.AUTH_TYPE IS NOT "">
<cfoutput><param name="authorization" value="#CGI.AUTH_TYPE#"></cfoutput>
</CFIF>

Note that the authorization information being passed to AppletFile does not contain the actual credentials or any information that would represent a security risk. In fact, this information is already being transmitted by the client to the server. The above examples simply send that information from the server back to the client.