No more normal way with Flex than with html. Worse, really. There are
just too many communication options, too many web server options and too
many degrees of secure. Then the Flash Player weighs in with its own
restrictions on things like WebService headers and it just gets worse.
Tracy Spratt,
Lariat Services, development services available
_
From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On
Behalf Of Michael Pengi
Sent: Wednesday, April 08, 2009 8:09 PM
To: flexcoders@yahoogroups.com
Subject: RE: [flexcoders] Newbie SOA question (maintaining login state)
I'd be interested in hearing more about this. Isn't there a 'normal' way to
do this with flex? Maintaining login state would seem to be a basic
requirement for web apps. Just curious.
Tracy Spratt wrote:
I have a lot to learn about security, and had difficulty wading through
all
of the levels and options, so I devised my own programmatic solution.
When a user logs in from the Flex app (md5 hash on the password), I create
a
sessionId, store it in a hashtable in the .net app, and pass it back to
the
Flex app. The Flex app sends this token with each call. The server
checks
the passed in session id and compares the timestamp to the current time.
If
it is within the timeout period specified, it updates the timestamp and
authorizes the call. If authorization fails, the user must log in again.
I am certainly open to a better approach.
Tracy Spratt,
Lariat Services, development services available
_
From: flexcod...@yahoogro mailto:flexcoders%40yahoogroups.com ups.com
[mailto:flexcod...@yahoogro mailto:flexcoders%40yahoogroups.com ups.com]
On
Behalf Of variableop
Sent: Friday, April 03, 2009 4:07 PM
To: flexcod...@yahoogro mailto:flexcoders%40yahoogroups.com ups.com
Subject: [flexcoders] Newbie SOA question
I would like to provide a solution to maintaining login state over
multiple
calls to my .NET web service layer. So basically, the user logs in, then
stores a login token internally on the Flex side so that each web
service
call can be authenticated as being made by someone who has already logged
in to the system. Does anyone have any ideas on how to approach this? My
initial approach was to cache the user's username/password and
authenticate
on each web service call (Direct Authentication). I was told, for obvious
reasons, that this is insecure method and requires database hit each call.
I
am trying to implement WSE 3.0 enabled web services on the .NET side. Is
this an SSO problem, or should I be using STS/Brokered Authentication
approach? We just started our upgrade to VS2008, so maybe I should just
pursue WCF methods instead? Any experiences with this would be greatly
appreciated.
TIA,
variable
--
View this message in context: http://www.nabble.
http://www.nabble.com/Newbie-SOA-question-tp22875841p22962243.html
com/Newbie-SOA-question-tp22875841p22962243.html
Sent from the FlexCoders mailing list archive at Nabble.com.