RE: [flexcoders] Re: HTTP Header Web Service Authentication
Hey Phil,
It's interesting that you bring that up. That's what I was trying to do with
the Socket connection. Unfortunately, and as was expected, it's disconnected
from the rest of the session so subsequent web service calls aren't within the
authenticated session and then challenge again. I was able to work around this
by creating a way to get the session id through the socket and then invoking an
httpservice with the session id properly formed. The problem is that it was
arguably a security risk so I opted out of that solution.
All this being said, you can also do this with form auth doing the following if
you're using j2ee.
1. Request a secure resource.
2. Ignore the form login dialog that is returned.
3. Submit an httprequest to j_security_check sending j_username and j_password.
4. Check the response to see if the content returned is valid. You could have
the originally requested page have some value in there that you can easily
recognize as a positive response such as "ok".
The kicker here is that if your session times out, at the next call you're
going to get the form login page rather than the service response which will
make the web service choke due to the poorly formed content. You could also
look into multiple web apps that have different login mechanisms using SSO
within the container. Most J2EE servers support this. Then you could have the
login web app use form auth and the services web app use basic auth. When a
basic auth request comes back after timeout, you can trap that pretty easily,
or at least more easily than with form auth.
Just a few things to think about.
Carson
Carson Hager
Cynergy Systems, Inc.
http://www.cynergysystems.com <http://www.cynergysystems.com/>
Email: [EMAIL PROTECTED]
Office: 866-CYNERGY
Mobile: 1.703.489.6466
From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of
phipzkillah
Sent: Thursday, December 14, 2006 4:00 PM
To: flexcoders@yahoogroups.com
Subject: [flexcoders] Re: HTTP Header Web Service Authentication
Carson,
Thanks for your reply.
I can connect to the web services as long as there is an active
session open, ie: I authenticate through our web gui and keep the
browser open.
Can you think of a possible work-around where I can authenticate an
http session before calling my web services? If I can do this, I
won't need to authenticate through the web service.
Any ideas?
Thanks,
Phil
--- In flexcoders@yahoogroups.com <mailto:flexcoders%40yahoogroups.com> ,
"Carson Hager" <[EMAIL PROTECTED]>
wrote:
>
> The only way you can do this is through the proxy, unfortunately. I
don't know if this is a limitation of the player or the flex
framework. I have only been able to coax basic auth using the Socket
class but that clearly won't work with web services.
>
>
> Carson
>
>
>
> -Original Message-
> From: flexcoders@yahoogroups.com <mailto:flexcoders%40yahoogroups.com>
> mailto:flexcoders%40yahoogroups.com> >
> To: flexcoders@yahoogroups.com <mailto:flexcoders%40yahoogroups.com>
> mailto:flexcoders%40yahoogroups.com> >
> Sent: Thu Dec 14 18:27:13 2006
> Subject: [flexcoders] Re: HTTP Header Web Service Authentication
>
> Dave,
>
> I understand that. I need to authenticate using BASIC authentication.
> I have form inputs where the user enters their user name and
> password. I then use base64 and encode it.
>
> I am stuck at this point. How can I add in an HTTP header that
> includes the encoded authorization string?
>
> This is my current web service call:
>
> private function init():void{
> var ws:WebService = new WebService;
> var qname:QName = new QName(null, "Authorization");
> var str:String = new String("Basic Y2xhcnVzYWRtaW46Y2xhcnVzYWRtaW4=");
> var header:SOAPHeader = new SOAPHeader(qname, str);
>
> ws.useProxy = false;
>
>
ws.addHeader(header);ws.loadWSDL("http://sc-vmx-03:4040/clarusipc/services/InventoryService?wsdl
<http://sc-vmx-03:4040/clarusipc/services/InventoryService?wsdl>
<http://sc-vmx-03:4040/clarusipc/services/InventoryService?wsdl
<http://sc-vmx-03:4040/clarusipc/services/InventoryService?wsdl> > ");
> ws.makeObjectsBindable = true;
>
> var op:Operation = ws.getOperation("getPhoneCount") as Operation;
> op.arguments.projectId = 1;
> op.addEventListener("result", resultHandler);
> op.addEventListener("fault", faultHandler);
> op.resultFormat= "e4x";
>
> var call:AsyncToken = op.send();
> }
>
> As you can see, I can easily add a SOAP header to the request.
> However, this is of no use to me â€" I need to send a HT
[flexcoders] Re: HTTP Header Web Service Authentication
Carson,
Thanks for your reply.
I can connect to the web services as long as there is an active
session open, ie: I authenticate through our web gui and keep the
browser open.
Can you think of a possible work-around where I can authenticate an
http session before calling my web services? If I can do this, I
won't need to authenticate through the web service.
Any ideas?
Thanks,
Phil
--- In flexcoders@yahoogroups.com, "Carson Hager" <[EMAIL PROTECTED]>
wrote:
>
> The only way you can do this is through the proxy, unfortunately. I
don't know if this is a limitation of the player or the flex
framework. I have only been able to coax basic auth using the Socket
class but that clearly won't work with web services.
>
>
> Carson
>
>
>
> -Original Message-
> From: flexcoders@yahoogroups.com
> To: flexcoders@yahoogroups.com
> Sent: Thu Dec 14 18:27:13 2006
> Subject: [flexcoders] Re: HTTP Header Web Service Authentication
>
> Dave,
>
> I understand that. I need to authenticate using BASIC authentication.
> I have form inputs where the user enters their user name and
> password. I then use base64 and encode it.
>
> I am stuck at this point. How can I add in an HTTP header that
> includes the encoded authorization string?
>
> This is my current web service call:
>
> private function init():void{
> var ws:WebService = new WebService;
> var qname:QName = new QName(null, "Authorization");
> var str:String = new String("Basic Y2xhcnVzYWRtaW46Y2xhcnVzYWRtaW4=");
> var header:SOAPHeader = new SOAPHeader(qname, str);
>
> ws.useProxy = false;
>
>
ws.addHeader(header);ws.loadWSDL("http://sc-vmx-03:4040/clarusipc/services/InventoryService?wsdl
<http://sc-vmx-03:4040/clarusipc/services/InventoryService?wsdl> ");
> ws.makeObjectsBindable = true;
>
> var op:Operation = ws.getOperation("getPhoneCount") as Operation;
> op.arguments.projectId = 1;
> op.addEventListener("result", resultHandler);
> op.addEventListener("fault", faultHandler);
> op.resultFormat= "e4x";
>
> var call:AsyncToken = op.send();
> }
>
> As you can see, I can easily add a SOAP header to the request.
> However, this is of no use to me â" I need to send a HTTP Basic
> authorization header.
>
> The header should be in the format "Authorization = Basic
> Y2xhcnVzYWRtaW46Y2xhcnVzYWRtaW4=".
>
> Is this possible? If so, can you provide an example that illustrates
> how to add a custom HTTP header into a web service request?
>
> Thanks,
> Phil
>
> --- In flexcoders@yahoogroups.com
<mailto:flexcoders%40yahoogroups.com> , "Dave Wolf" wrote:
> >
> >
> > What exactly are you trying to do. You can secure web service calls
> > using standard HTTP authentication headers. We do this with both
> > BASIC and FORM auth.
> >
> > --
> > Dave Wolf
> > Cynergy Systems, Inc.
> > Adobe Flex Alliance Partner
> > http://www.cynergysystems.com <http://www.cynergysystems.com>
> > http://www.cynergysystems.com/blogs
<http://www.cynergysystems.com/blogs>
> >
> > Email: dave.wolf@
> > Office: 866-CYNERGY
> >
> > --- In flexcoders@yahoogroups.com
<mailto:flexcoders%40yahoogroups.com> , "phipzkillah" wrote:
> > >
> > > Does anyone know if it's possible to add a custom HTTP header to the
> > > web service request?
> > >
> > > All authentication methods described through Flex seem to be
oriented
> > > around SOAP headers.
> > >
> > > Can we authenticate a web service through HTTP headers?
> > >
> > > This has been driving me crazy for the past few days. Any ideas or
> > > suggestions??
> > >
> > > -phil
> > >
> >
>
Re: [flexcoders] Re: HTTP Header Web Service Authentication
The only way you can do this is through the proxy, unfortunately. I don't know
if this is a limitation of the player or the flex framework. I have only been
able to coax basic auth using the Socket class but that clearly won't work with
web services.
Carson
-Original Message-
From: flexcoders@yahoogroups.com
To: flexcoders@yahoogroups.com
Sent: Thu Dec 14 18:27:13 2006
Subject: [flexcoders] Re: HTTP Header Web Service Authentication
Dave,
I understand that. I need to authenticate using BASIC authentication.
I have form inputs where the user enters their user name and
password. I then use base64 and encode it.
I am stuck at this point. How can I add in an HTTP header that
includes the encoded authorization string?
This is my current web service call:
private function init():void{
var ws:WebService = new WebService;
var qname:QName = new QName(null, "Authorization");
var str:String = new String("Basic Y2xhcnVzYWRtaW46Y2xhcnVzYWRtaW4=");
var header:SOAPHeader = new SOAPHeader(qname, str);
ws.useProxy = false;
ws.addHeader(header);ws.loadWSDL("http://sc-vmx-03:4040/clarusipc/services/InventoryService?wsdl
<http://sc-vmx-03:4040/clarusipc/services/InventoryService?wsdl> ");
ws.makeObjectsBindable = true;
var op:Operation = ws.getOperation("getPhoneCount") as Operation;
op.arguments.projectId = 1;
op.addEventListener("result", resultHandler);
op.addEventListener("fault", faultHandler);
op.resultFormat= "e4x";
var call:AsyncToken = op.send();
}
As you can see, I can easily add a SOAP header to the request.
However, this is of no use to me – I need to send a HTTP Basic
authorization header.
The header should be in the format "Authorization = Basic
Y2xhcnVzYWRtaW46Y2xhcnVzYWRtaW4=".
Is this possible? If so, can you provide an example that illustrates
how to add a custom HTTP header into a web service request?
Thanks,
Phil
--- In flexcoders@yahoogroups.com <mailto:flexcoders%40yahoogroups.com> , "Dave
Wolf" <[EMAIL PROTECTED]> wrote:
>
>
> What exactly are you trying to do. You can secure web service calls
> using standard HTTP authentication headers. We do this with both
> BASIC and FORM auth.
>
> --
> Dave Wolf
> Cynergy Systems, Inc.
> Adobe Flex Alliance Partner
> http://www.cynergysystems.com <http://www.cynergysystems.com>
> http://www.cynergysystems.com/blogs <http://www.cynergysystems.com/blogs>
>
> Email: [EMAIL PROTECTED]
> Office: 866-CYNERGY
>
> --- In flexcoders@yahoogroups.com <mailto:flexcoders%40yahoogroups.com> ,
> "phipzkillah" wrote:
> >
> > Does anyone know if it's possible to add a custom HTTP header to the
> > web service request?
> >
> > All authentication methods described through Flex seem to be oriented
> > around SOAP headers.
> >
> > Can we authenticate a web service through HTTP headers?
> >
> > This has been driving me crazy for the past few days. Any ideas or
> > suggestions??
> >
> > -phil
> >
>
[flexcoders] Re: HTTP Header Web Service Authentication
Dave,
I understand that. I need to authenticate using BASIC authentication.
I have form inputs where the user enters their user name and
password. I then use base64 and encode it.
I am stuck at this point. How can I add in an HTTP header that
includes the encoded authorization string?
This is my current web service call:
private function init():void{
var ws:WebService = new WebService;
var qname:QName = new QName(null, "Authorization");
var str:String = new String("Basic
Y2xhcnVzYWRtaW46Y2xhcnVzYWRtaW4=");
var header:SOAPHeader = new SOAPHeader(qname, str);
ws.useProxy = false;
ws.addHeader(header);ws.loadWSDL("http://sc-vmx-03:4040/clarusipc/services/InventoryService?wsdl";);
ws.makeObjectsBindable = true;
var op:Operation = ws.getOperation("getPhoneCount") as
Operation;
op.arguments.projectId = 1;
op.addEventListener("result", resultHandler);
op.addEventListener("fault", faultHandler);
op.resultFormat= "e4x";
var call:AsyncToken = op.send();
}
As you can see, I can easily add a SOAP header to the request.
However, this is of no use to me I need to send a HTTP Basic
authorization header.
The header should be in the format "Authorization = Basic
Y2xhcnVzYWRtaW46Y2xhcnVzYWRtaW4=".
Is this possible? If so, can you provide an example that illustrates
how to add a custom HTTP header into a web service request?
Thanks,
Phil
--- In flexcoders@yahoogroups.com, "Dave Wolf" <[EMAIL PROTECTED]> wrote:
>
>
> What exactly are you trying to do. You can secure web service calls
> using standard HTTP authentication headers. We do this with both
> BASIC and FORM auth.
>
> --
> Dave Wolf
> Cynergy Systems, Inc.
> Adobe Flex Alliance Partner
> http://www.cynergysystems.com
> http://www.cynergysystems.com/blogs
>
> Email: [EMAIL PROTECTED]
> Office: 866-CYNERGY
>
> --- In flexcoders@yahoogroups.com, "phipzkillah" wrote:
> >
> > Does anyone know if it's possible to add a custom HTTP header to the
> > web service request?
> >
> > All authentication methods described through Flex seem to be oriented
> > around SOAP headers.
> >
> > Can we authenticate a web service through HTTP headers?
> >
> > This has been driving me crazy for the past few days. Any ideas or
> > suggestions??
> >
> > -phil
> >
>
[flexcoders] Re: HTTP Header Web Service Authentication
What exactly are you trying to do. You can secure web service calls using standard HTTP authentication headers. We do this with both BASIC and FORM auth. -- Dave Wolf Cynergy Systems, Inc. Adobe Flex Alliance Partner http://www.cynergysystems.com http://www.cynergysystems.com/blogs Email: [EMAIL PROTECTED] Office: 866-CYNERGY --- In flexcoders@yahoogroups.com, "phipzkillah" <[EMAIL PROTECTED]> wrote: > > Does anyone know if it's possible to add a custom HTTP header to the > web service request? > > All authentication methods described through Flex seem to be oriented > around SOAP headers. > > Can we authenticate a web service through HTTP headers? > > This has been driving me crazy for the past few days. Any ideas or > suggestions?? > > -phil >
[flexcoders] HTTP Header Web Service Authentication
Does anyone know if it's possible to add a custom HTTP header to the web service request? All authentication methods described through Flex seem to be oriented around SOAP headers. Can we authenticate a web service through HTTP headers? This has been driving me crazy for the past few days. Any ideas or suggestions?? -phil
[flexcoders] Web Service Authentication - SOAP header?
-- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/flexcoders/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/flexcoders/join (Yahoo! ID required) <*> To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Re: Web Service Authentication
Yes, same page. If I open a page and use the send method, I get the 401 error in the fault event, then I set the user name and passeword and everything works fine. But from then on, the proxy seems to re- use these same credentials over and over again. Even if I set the credentials to an invalid user with the setUsernamePassword method, it will still re-use the the first credentials specified. Also, if on the first 401 error fault event I set a bad username and password, I can never connect to that named service until I bounce the Flex server. Bill --- In flexcoders@yahoogroups.com, "t0mruggles" <[EMAIL PROTECTED]> wrote: > > Changing the order to setting credentials before the first send does > not show me any difference. Regardless, if I attempt to use the same > named service again with no credentials a 401 is thrown indicating > that these credentials are not cached in any way. > > Are you trying to use different credentials from the same page? > > --- In flexcoders@yahoogroups.com, "billheit" <[EMAIL PROTECTED]> wrote: > > > > Yes, I was doing it differently. Before calling the send method, I > > was trying to set the credentials using the setUsernamePassword > > method. With the way you are doing it below, you can only set > > credentials if you get a fault 401 error. This means that the > first > > cedentials that work will always be used by the proxy. Maybe that > > is by design? > > > > Bill > > > > --- In flexcoders@yahoogroups.com, "t0mruggles" <[EMAIL PROTECTED]> > > wrote: > > > > > > Hi Bill, > > > > > > I just retested your scenario and am unable to produce your > > results. > > > Please see my code and service below. I've tried with 1.5 final > > and > > > with both HS and WS and all work for me for a Flex app contacting > > an > > > IIS secured resource hosted on a different server. Every time I > > run > > > this file I see the same expected results indicating that the > > first > > > request is denied with a 401 until credentials are set. > > > > > > Are you doing something differently? > > > > > > Tom Ruggles > > > Macromedia Flex QA > > > > > > > > > > > > > > xmlns:mx="http://www.macromedia.com/2003/mxml";> > > > > > > > > serviceName="secureIISEchoServiceDynamic" > > > fault="serviceFault(event.fault);" > > > result="serviceLoaded()" > > > resultFormat="text"> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Named HTTP Service: > > > > > > http://myservicehost/secureAsmx/simple.asmx? > > > wsdl > > > true > > authentication> > > > > > > > > > > > > > > > --- In flexcoders@yahoogroups.com, "billheit" <[EMAIL PROTECTED]> > > wrote: > > > > > > > > Yes I had the problem in 1.0. Then I upgraded to 1.5, hoping > to > > > fix > > > > the problem, but it didn't. I am still having the same issue. > > It > > > > seems that what ever credentials are first used to log into the > > web > > > > service are then continued to be used until the Flex server is > > > > bounced. > > > > > > > > Bill > > > > > > > > --- In flexcoders@yahoogroups.com, Matt Chotin <[EMAIL PROTECTED]> > > wrote: > > > > > You're using Flex 1.5 right? Not 1.0? Apparently we had a > > bug > > > in > > > > 1.0 that > > > > > showed itself like this. In 1.5 it was hopefully fixed, but > > you > > > > could also > > > > > try to set 0 in flex- > > > config.xml > > > > for the > > > > > right service. > > > > > > > > > > > > > > > > > > > > Matt > > > > > > > > > > > > > > > > > > > > _ > > > > > > > > > > From: billheit [mailto:[EMAIL PROTECTED] > > > > > Sen
Re: Web Service Authentication
Changing the order to setting credentials before the first send does not show me any difference. Regardless, if I attempt to use the same named service again with no credentials a 401 is thrown indicating that these credentials are not cached in any way. Are you trying to use different credentials from the same page? --- In flexcoders@yahoogroups.com, "billheit" <[EMAIL PROTECTED]> wrote: > > Yes, I was doing it differently. Before calling the send method, I > was trying to set the credentials using the setUsernamePassword > method. With the way you are doing it below, you can only set > credentials if you get a fault 401 error. This means that the first > cedentials that work will always be used by the proxy. Maybe that > is by design? > > Bill > > --- In flexcoders@yahoogroups.com, "t0mruggles" <[EMAIL PROTECTED]> > wrote: > > > > Hi Bill, > > > > I just retested your scenario and am unable to produce your > results. > > Please see my code and service below. I've tried with 1.5 final > and > > with both HS and WS and all work for me for a Flex app contacting > an > > IIS secured resource hosted on a different server. Every time I > run > > this file I see the same expected results indicating that the > first > > request is denied with a 401 until credentials are set. > > > > Are you doing something differently? > > > > Tom Ruggles > > Macromedia Flex QA > > > > > > > > > xmlns:mx="http://www.macromedia.com/2003/mxml";> > > > > > serviceName="secureIISEchoServiceDynamic" > > fault="serviceFault(event.fault);" > > result="serviceLoaded()" > > resultFormat="text"> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Named HTTP Service: > > > > http://myservicehost/secureAsmx/simple.asmx? > > wsdl > > true > authentication> > > > > > > > > > > --- In flexcoders@yahoogroups.com, "billheit" <[EMAIL PROTECTED]> > wrote: > > > > > > Yes I had the problem in 1.0. Then I upgraded to 1.5, hoping to > > fix > > > the problem, but it didn't. I am still having the same issue. > It > > > seems that what ever credentials are first used to log into the > web > > > service are then continued to be used until the Flex server is > > > bounced. > > > > > > Bill > > > > > > --- In flexcoders@yahoogroups.com, Matt Chotin <[EMAIL PROTECTED]> > wrote: > > > > You're using Flex 1.5 right? Not 1.0? Apparently we had a > bug > > in > > > 1.0 that > > > > showed itself like this. In 1.5 it was hopefully fixed, but > you > > > could also > > > > try to set 0 in flex- > > config.xml > > > for the > > > > right service. > > > > > > > > > > > > > > > > Matt > > > > > > > > > > > > > > > > _ > > > > > > > > From: billheit [mailto:[EMAIL PROTECTED] > > > > Sent: Wednesday, March 02, 2005 5:36 PM > > > > To: flexcoders@yahoogroups.com > > > > Subject: [flexcoders] Web Service Authentication > > > > > > > > > > > > > > > > > > > > I have a .NET web service that allows access to various levels > of > > > > resources (data) depending on what user logs into IIS using > Basic > > > > authentication. > > > > > > > > In my Flex application, which is not running on the same > server > > as > > > > my web service, I would like to have the user login with a > user > > > name > > > > and password. Then pass these credentials along to the .NET > web > > > > service. I don't care if the flex app itself is secure; it is > > > only > > > > the web service that has sensitive data. > > > > > > > > I have tried to use named HttpService and assign the user's > > > > credentials using the setUsernamePassword method but it > doesn't > > > seem > > > > to work after the first use. Once the proxy connects to the > web > > > >
Re: Web Service Authentication
Yes, I was doing it differently. Before calling the send method, I was trying to set the credentials using the setUsernamePassword method. With the way you are doing it below, you can only set credentials if you get a fault 401 error. This means that the first cedentials that work will always be used by the proxy. Maybe that is by design? Bill --- In flexcoders@yahoogroups.com, "t0mruggles" <[EMAIL PROTECTED]> wrote: > > Hi Bill, > > I just retested your scenario and am unable to produce your results. > Please see my code and service below. I've tried with 1.5 final and > with both HS and WS and all work for me for a Flex app contacting an > IIS secured resource hosted on a different server. Every time I run > this file I see the same expected results indicating that the first > request is denied with a 401 until credentials are set. > > Are you doing something differently? > > Tom Ruggles > Macromedia Flex QA > > > > xmlns:mx="http://www.macromedia.com/2003/mxml";> > > serviceName="secureIISEchoServiceDynamic" > fault="serviceFault(event.fault);" > result="serviceLoaded()" > resultFormat="text"> > > > > > > > > > > > > > > > > > > > > > > > > > > Named HTTP Service: > > http://myservicehost/secureAsmx/simple.asmx? > wsdl > true authentication> > > > > > --- In flexcoders@yahoogroups.com, "billheit" <[EMAIL PROTECTED]> wrote: > > > > Yes I had the problem in 1.0. Then I upgraded to 1.5, hoping to > fix > > the problem, but it didn't. I am still having the same issue. It > > seems that what ever credentials are first used to log into the web > > service are then continued to be used until the Flex server is > > bounced. > > > > Bill > > > > --- In flexcoders@yahoogroups.com, Matt Chotin <[EMAIL PROTECTED]> wrote: > > > You're using Flex 1.5 right? Not 1.0? Apparently we had a bug > in > > 1.0 that > > > showed itself like this. In 1.5 it was hopefully fixed, but you > > could also > > > try to set 0 in flex- > config.xml > > for the > > > right service. > > > > > > > > > > > > Matt > > > > > > > > > > > > _ > > > > > > From: billheit [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, March 02, 2005 5:36 PM > > > To: flexcoders@yahoogroups.com > > > Subject: [flexcoders] Web Service Authentication > > > > > > > > > > > > > > > I have a .NET web service that allows access to various levels of > > > resources (data) depending on what user logs into IIS using Basic > > > authentication. > > > > > > In my Flex application, which is not running on the same server > as > > > my web service, I would like to have the user login with a user > > name > > > and password. Then pass these credentials along to the .NET web > > > service. I don't care if the flex app itself is secure; it is > > only > > > the web service that has sensitive data. > > > > > > I have tried to use named HttpService and assign the user's > > > credentials using the setUsernamePassword method but it doesn't > > seem > > > to work after the first use. Once the proxy connects to the web > > > service, it seems to keep the same connection credentials. > > > > > > Does anyone know of a better way to pass along the user's > > > credentials? Or does anyone have a better idea on how to do > this? > > > > > > Thanks, > > > > > > Bill > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Yahoo! Groups Sponsor > > > > > > > > > > > > ADVERTISEMENT > > > > > > > > > <http://us.ard.yahoo.com/SIG=129qnatho/M=298184.6018725.7038619.30011 > > 76/D=gr > > > > > > oups/S=1705007207:HM/EXP=1109889378/A=2593423/R=0/SIG=11el9gslf/*http > > :/www.n > > > etflix.com/Default?mqso=60190075> click here > > > > > > > > > > > > <http://us.adserver.yahoo.com/l? > > M=298184.6018725.7038619.3001176/D=groups/S= > > > :HM/A=2593423/rand=138851879> > > > > > > > > > > > > _ > > > > > > Yahoo! Groups Links > > > > > > * To visit your group on the web, go to: > > > http://groups.yahoo.com/group/flexcoders/ > > > <http://groups.yahoo.com/group/flexcoders/> > > > > > > * To unsubscribe from this group, send an email to: > > > [EMAIL PROTECTED] > > > <mailto:[EMAIL PROTECTED] > > subject=Unsubscribe> > > > > > > * Your use of Yahoo! Groups is subject to the Yahoo! > > > <http://docs.yahoo.com/info/terms/> Terms of Service.
Re: Web Service Authentication
Hi Bill, I just retested your scenario and am unable to produce your results. Please see my code and service below. I've tried with 1.5 final and with both HS and WS and all work for me for a Flex app contacting an IIS secured resource hosted on a different server. Every time I run this file I see the same expected results indicating that the first request is denied with a 401 until credentials are set. Are you doing something differently? Tom Ruggles Macromedia Flex QA http://www.macromedia.com/2003/mxml";> Named HTTP Service: http://myservicehost/secureAsmx/simple.asmx? wsdl true --- In flexcoders@yahoogroups.com, "billheit" <[EMAIL PROTECTED]> wrote: > > Yes I had the problem in 1.0. Then I upgraded to 1.5, hoping to fix > the problem, but it didn't. I am still having the same issue. It > seems that what ever credentials are first used to log into the web > service are then continued to be used until the Flex server is > bounced. > > Bill > > --- In flexcoders@yahoogroups.com, Matt Chotin <[EMAIL PROTECTED]> wrote: > > You're using Flex 1.5 right? Not 1.0? Apparently we had a bug in > 1.0 that > > showed itself like this. In 1.5 it was hopefully fixed, but you > could also > > try to set 0 in flex- config.xml > for the > > right service. > > > > > > > > Matt > > > > > > > > _ > > > > From: billheit [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, March 02, 2005 5:36 PM > > To: flexcoders@yahoogroups.com > > Subject: [flexcoders] Web Service Authentication > > > > > > > > > > I have a .NET web service that allows access to various levels of > > resources (data) depending on what user logs into IIS using Basic > > authentication. > > > > In my Flex application, which is not running on the same server as > > my web service, I would like to have the user login with a user > name > > and password. Then pass these credentials along to the .NET web > > service. I don't care if the flex app itself is secure; it is > only > > the web service that has sensitive data. > > > > I have tried to use named HttpService and assign the user's > > credentials using the setUsernamePassword method but it doesn't > seem > > to work after the first use. Once the proxy connects to the web > > service, it seems to keep the same connection credentials. > > > > Does anyone know of a better way to pass along the user's > > credentials? Or does anyone have a better idea on how to do this? > > > > Thanks, > > > > Bill > > > > > > > > > > > > > > > > > > > > Yahoo! Groups Sponsor > > > > > > > > ADVERTISEMENT > > > > > <http://us.ard.yahoo.com/SIG=129qnatho/M=298184.6018725.7038619.30011 > 76/D=gr > > > oups/S=1705007207:HM/EXP=1109889378/A=2593423/R=0/SIG=11el9gslf/*http > :/www.n > > etflix.com/Default?mqso=60190075> click here > > > > > > > > <http://us.adserver.yahoo.com/l? > M=298184.6018725.7038619.3001176/D=groups/S= > > :HM/A=2593423/rand=138851879> > > > > > > > > _ > > > > Yahoo! Groups Links > > > > * To visit your group on the web, go to: > > http://groups.yahoo.com/group/flexcoders/ > > <http://groups.yahoo.com/group/flexcoders/> > > > > * To unsubscribe from this group, send an email to: > > [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED] > subject=Unsubscribe> > > > > * Your use of Yahoo! Groups is subject to the Yahoo! > > <http://docs.yahoo.com/info/terms/> Terms of Service.
Re: Web Service Authentication
Yes I had the problem in 1.0. Then I upgraded to 1.5, hoping to fix the problem, but it didn't. I am still having the same issue. It seems that what ever credentials are first used to log into the web service are then continued to be used until the Flex server is bounced. Bill --- In flexcoders@yahoogroups.com, Matt Chotin <[EMAIL PROTECTED]> wrote: > You're using Flex 1.5 right? Not 1.0? Apparently we had a bug in 1.0 that > showed itself like this. In 1.5 it was hopefully fixed, but you could also > try to set 0 in flex-config.xml for the > right service. > > > > Matt > > > > _ > > From: billheit [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 02, 2005 5:36 PM > To: flexcoders@yahoogroups.com > Subject: [flexcoders] Web Service Authentication > > > > > I have a .NET web service that allows access to various levels of > resources (data) depending on what user logs into IIS using Basic > authentication. > > In my Flex application, which is not running on the same server as > my web service, I would like to have the user login with a user name > and password. Then pass these credentials along to the .NET web > service. I don't care if the flex app itself is secure; it is only > the web service that has sensitive data. > > I have tried to use named HttpService and assign the user's > credentials using the setUsernamePassword method but it doesn't seem > to work after the first use. Once the proxy connects to the web > service, it seems to keep the same connection credentials. > > Does anyone know of a better way to pass along the user's > credentials? Or does anyone have a better idea on how to do this? > > Thanks, > > Bill > > > > > > > > > > Yahoo! Groups Sponsor > > > > ADVERTISEMENT > > <http://us.ard.yahoo.com/SIG=129qnatho/M=298184.6018725.7038619.30011 76/D=gr > oups/S=1705007207:HM/EXP=1109889378/A=2593423/R=0/SIG=11el9gslf/*http :/www.n > etflix.com/Default?mqso=60190075> click here > > > > <http://us.adserver.yahoo.com/l? M=298184.6018725.7038619.3001176/D=groups/S= > :HM/A=2593423/rand=138851879> > > > > _ > > Yahoo! Groups Links > > * To visit your group on the web, go to: > http://groups.yahoo.com/group/flexcoders/ > <http://groups.yahoo.com/group/flexcoders/> > > * To unsubscribe from this group, send an email to: > [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED] subject=Unsubscribe> > > * Your use of Yahoo! Groups is subject to the Yahoo! > <http://docs.yahoo.com/info/terms/> Terms of Service.
RE: [flexcoders] Web Service Authentication
You’re using Flex 1.5 right? Not 1.0? Apparently we had a bug in 1.0 that showed itself like this. In 1.5 it was hopefully fixed, but you could also try to set 0 in flex-config.xml for the right service. Matt From: billheit [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 02, 2005 5:36 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Web Service Authentication I have a .NET web service that allows accessto various levels of resources (data) depending on what user logsinto IIS using Basic authentication. In my Flex application, which is not runningon the same server as my web service, I would like to have the user login with a user name and password. Then pass these credentials along to the .NET web service. I don't care if the flex app itself is secure; it is only the web service that has sensitive data. I have tried to use named HttpService and assign the user's credentials using the setUsernamePassword method but it doesn't seem to work after the first use. Once the proxy connects to the web service, it seems to keep the same connection credentials. Does anyone know of a better way to pass along the user's credentials? Or does anyone havea better idea on how to do this? Thanks, Bill
Web Service Authentication
I have a .NET web service that allows access to various levels of resources (data) depending on what user logs into IIS using Basic authentication. In my Flex application, which is not running on the same server as my web service, I would like to have the user login with a user name and password. Then pass these credentials along to the .NET web service. I don't care if the flex app itself is secure; it is only the web service that has sensitive data. I have tried to use named HttpService and assign the user's credentials using the setUsernamePassword method but it doesn't seem to work after the first use. Once the proxy connects to the web service, it seems to keep the same connection credentials. Does anyone know of a better way to pass along the user's credentials? Or does anyone have a better idea on how to do this? Thanks, Bill
