I am having a scenario where I need to access a service but when accessing it, I get an HTTP authentication popup of browser. I don't the users to see this. I talked to a guy working on same thing in some other technology and he mentioned that they are using Digest Authentication. I need to know how this can be achieved in Flash.
View 1 RepliesAccording to the Adobe help in order to optimize a RSL you need to do the following:
Create an RSL by compiling a library project in Flash Builder or building a SWC file with the compc command line tool.
[Code]...
I need to authorise my Flash game (which runs on Facebook) users against my game server. I'm able to get their data like id, access token, etc, from Facebook on the client (I'm using the Flash Facebook API) but I'm not sure how to authorize them on my game server (e.g. do a login with a database query). One scenario that I have on my mind:
If I could get the same access token from Facebook on both the client (which I already do) and the server (with, for example, a redirect URL, which I tried but does not seems to work), then I could easily compare the two tokens (together with the user IDs) and thus authorize the user. UPDATE To put it simpler, I want to catch the token that is returned from Facebook on the server-side before it gets to the client (it can be a simple PHP script that parses the URL token parameter). Next, store it in the DB on the server, and when the client queries the server, I can do the comparison.
I am creating a website which will contain both ASP.NET pages and a Flash applet.I want to encapsulate my business logic in a WCF service which will be exposed through two endpoints: One accesssible over the Internet through HTTP(S), for use by the Flash client, and one accessible within the data center for use by the application servers.If this does not seem like a good approach, then stop me here; otherwise, I'll move on...
The question is how to authenticate requests coming from the Flash client. Since I don't want to store the user's password in a browser cookie, don't want to send the password with every request, and don't want to have to use HTTPS after the initial login, I plan on using a token-based authentication system. I also don't want the user to have to log into the Flash client after already logging into the site itself, so I plan on using Javascript to pass the token to the Flash client when it starts.
I know WCF supports using the .NET Framework's built-in security framework (System.Security) to enforce access control, and I would like to take advantage of this.The question, then, is: How do I pass the token to the WCF service when it is called by Flash, and how do I process the token on the server? WCF has an "issued token" authentication mode, but it appears this is intended to be used in a full-blown federation scenario with a Secure Token Service and SAML tokens--a bit more complexity that I really want. It is possible to use this mode with my own "simple random-string" tokens? If so, how? Keep in mind this needs to be compatible with Flash.I could potentially pass the token in a header (either a SOAP header or an HTTP header). In this case, once I've determined which user is making the request, how do I inform the framework so that the System.Security checks will work?Is there a different approach altogether that I should consider?Anything that avoids sending passwords in every request, lets me use System.Security, and works with Flash is a possibility.
i have a flash application connected with a script on a remote server(X)different from the server hosting the website(Y)the application on server X needs to get some user information so i need to identify the user by what i have in the cookie
remote server X will get those informations from server Y is there any way i can get the user name or user id from the CAKEPHP cookie var?the authentication is the one found on cakephp website
[flash]----request---->[server X]----request---->[server Y]----response---->[server Y]...
What I would like to do is to use ASP.NET impersonation to authenticate a Flash app as a user in IIS so that the file dependencies related to the flash file ( XML config files, and PHP API calls ) are not anonymously accessible when users try to access them directly through the URL. So, instead of displaying the contents of an XML config file, it should tell the unauthenticated user they do not have permission to view the file.
Is this possible? Right now I'm looking into request headers and the settings in IIS for authentication.
So I found out how to use Basic Authentication through help posted here. The problem I'm running into is that even though the flash app sends the appropriate request. Which is handled fine in FF, Chrome, and Safari. It still displays the login pop-up box for Opera and IE. Does anyone know why IE and Opera behave differently with Basic Authentication?
it there any way to create an advanced password authentication in flash ? I saw the tutorial here :[URL] but I want to take it to the next level an create a more advanced authentication that will draw the passwords from a database or something external ( asp, php ). what is the most secure way to do it ?
View 5 RepliesI have a site that has the main path under password protection. I also have a subfolder that have a separate (htaccess/htpasswd) password protection. For some reason, when I access the subfolder, I'm asked to put in my id/password twice. All of the files that are referenced are under the subfolder.
What should I be doing to troubleshoot this? I've tried this on different browsers and it's the same behavior. There is one main html page with a .swf (the only thing on the page)...it loads other assets but they are within the same subfolder.
I'm running into an issue with Uploadify. I have put Uploadify into my app and all works fine in dev (using the VS web server). All worked fine and checked until I deployed the app into my test environment which uses Integrated Windows Authentication. When I actually go to upload the file, the browser brings up a login prompt. At this point, even if you type in the correct username and password, the request seems not to complete and even if you tell the browser to remember the password it still brings up the login prompt.
When this started to occur, I decided to spin up Fiddler and see what was going on. But guess what, when ever Fiddler is running the issue doesn't occur. Unfortunately I can't make running Fiddler a reuqierment for running the app. I know there are some issues with Uploadify/flash when using forms authentication but I didn't think they carried across to Integrated Windows Authentication.
Authentication is performed with Basic auth over SSL (although the password inside the basic auth is SHA-2'ed). The issue is that using basic authentication for the Flash client is causing the standard browser log-in box to appear because of "WWW-Authentication: Basic" in the header. Flash is unable to bypass this by manually setting the Authorization header prior to the request.Other clients need to be able to authenticate via the existing mechanisms, so rewriting the authentication logic would not be ideal.
I have the idea that the authorization headers sent to and received from flash client could be dynamically rewritten to use another name for Basic auth which would cause the browser not to understand the auth mechanism and not present the dialog box. Authentication headers to and from Tomcat could be rewritten from "WWW-Authenticate: Basic" to "WWW-Authenticate: PretendBasic" but ideally the built in container security could still handle the basic auth after the rewrite.
I wrote a filter to rewrite inbound headers as "WWW-Authenticate: PretendBasic" as "WWW-Authenticate: Basic" hoping the next filter chain would be auth and the request would be handled as normal. Unfortunately the Servlet specification states that a filter cannot be inserted prior to authentication. I think the only possibility of this working is to create a stackable JAAS authentication module that would first perform a header rewrite on requests if coming from the Flash client, and then pass authentication through to the existing container managed security systems.
Is there a way to automate authentication via adding the username/password in the profile XML of flash media encoder live (3.2)? I'm not referring to the command line parameters, but placing a tag in the xml file that contains the username/password for both the primary and backup server.
View 2 RepliesI have installed the Authentication Add-In on a FMS 3.5.5 Development version, running Windows 2008 Server.I can easily get to the users.exe command prompt and add users with no problem.BUT, when I open the Flash Media Live Encoder and go to enter a username/password when connecting to the server, I keep getting "User Not Found".I've went back several times using users.exe and tested for my user credentials and it always states that the user is there.
View 1 RepliesI have a windows server(2003) with FMS 3.01 and already installed Authentication Add-in (3)... Already open' up a command prompt and added users using users.exe ($ROOT/conf) and checking them after, but when i go and publish something with FMLE 3, it still doesn't promp for a user and pass login. Restarted the server and everything else, and nothing seems to work!
View 16 RepliesPreferably something that integrates well with a Flex front end. Yes the Spring Security guys say this is possible, but all examples seem to use legacy jsp tag libraries making them half useless as examples.I don't want to spend a month setting up and learning how to use a security tool. I would like a tool which supports using annotations (@RolesAllowed etc), MINIMAL XML, and 'remember-me' features (not cookie based).Apache Shiro seems to support Flex/Silverlight/Swing as well but I'd like to know if there are any other alternatives that are NOT container specific.
View 3 RepliesI'm building a site that is placed behind a client login tool. I simply need my site to verify the users "authentication level" so they are forwarded to the correct "label/frame" on my time line.
I.E. Owners go to the "Owners" label on the time line, Managers go to the "Managers" label on the time line and Employees go to the "Employees" label on the time line.
I know Flash is accessing the PHP file as when I change the name of the PHP file, Flash provides an error. Therefore, I'm assuming it's reaching the file as I'm not getting any compiler/output errors.
My Actionscript
stop();
loadVariablesNum("newlogin.php", 0, "POST");
{
if(_root.checkLog = 100)
[Code].....
This PHP file is stored in the same folder as the FLASH SOURCE files and is pointed to it through it's local address ("newlogin.php", 0, "POST);
I'm using FMS 3.5.3 Developer edition and trying some VOD solution before I can proceed to purchase FMIS 3.5. Basically, I need to have a mechanism for certain sets of flash movies to be secured by user authentication.
Now, for Apache, I can secure a directory of webpages by using .htaccess; whilst for IIS or Windows Media Service, I can use NTFS ACL at directory level. My question is: How can I setup a VOD subdirectory that every video files inside need to be authenticated before streaming to client. The authentication authority can be either Active Directory or LDAP.
I've read the developer guide and notice that such authentication requires both client-side and server-side ActionScript. But I'm not a Flash author and I don't have Adobe Flash CSx installed. Can't this simple authentication be done at configuration level?
when i enter the following commend users add -u username -p password it returned the following error users: invalid option -- u
View 7 RepliesI'm trying to download Flash CS5 through Download Accelerator Plus (DAP). I've already logged into Adobe website but my DAP keeps on asking username and password authentication for trials2.adobe.com. It does not accept my Adobe username and password. What then is the username and password for trials2.adobe.com supposed to be?
View 1 RepliesThe FMS_auth_addin_win_v3.msi insists to put the files into C:Program Files (x86)AdobeFlash Media Server 4conf but the server is installed in C:Program FilesAdobeFlash Media Server 4. I nuked all the Abobe content in the 32 bit area, but it keeps re-installing it there. The server used to run 32-bit FMS 3.5, but since we upgraded, I can't get the authentication addin to work. Can I just copy the thing over?
View 11 RepliesI'm making an Air file that uploads and overwrites an XML file.
So far, the php is very simple:
$everything = $_POST['saveThisXML'];
$everything = stripslashes($everything); $toSave = $everything;
$fp = fopen("settings.xml", "w"); if(fwrite($fp, $toSave)) echo "writing=Ok"; else echo "writing=Error"; fclose($fp);
I'd like to set up a user name and passowrd that the user enters in the Air app. Is it then just a matter of sending POST data to the php file, and have it check the user and pass variables? Is that a reasonably safe way to do it? If not, can someone please point me in th edirection of a good tutorial that they're used on this topic?
I want to have flex portlets side by side with JSP portlets. How can we implement the authentication mechanism? [ Authentication will be handled by the portal and how can we share the same session with flex portlets ]
View 1 RepliesI am developing an application in Adobe Flex. This application is to be hosted on a Joomla Website. I want to achieve Single Sign On between my Joomla website and this Flex Application. The Users log in using the default Joomla Mechanisms however I want the username as well as some other details about the user inside my Flex Application.
View 1 RepliesSome background: I have a Flex app embedded in an HTML page and am using Flex to send a soap request to my Java backend that does some authentication depending on the username and password entered in the Flex form. If I enter the correct login everything works fine and the Flex app can continue making further requests. But with an incorrect username/password, an "Authentication Required" dialog box pops up in my Browser and my Flex app won't respond with its proper handler until I click cancel. I'd like to get rid of the dialog box somehow,
View 2 RepliesHow would one create a video or audio stream using OSMF when there must be basic authentication on the url?Can one feed in Audio/Video using HTTPService to provide the header authentication?
View 2 RepliesI'm writing a basic RSS reader in ActionScript 3 that accesses the RSS feed in a WordPress blog. It works fine for standard WordPress blogs, but I need to access one that requires users to log in with a username and password.
Is is possible to somehow send the username/password in the URLRequest? Perhaps by appending to the end of URLRequest something like [code]...
i would like to open a URL in a new browser tab from Flash (by clicking on a button). The page is protected with basic http authentication (the browser displays the login window), but i would like this authentication to be automatic.
The code i have now is this:
Code:
var urlRequest:URLRequest = new URLRequest("some_URL");
urlRequest.data = new URLVariables("name=John+Doe");
urlRequest.method = URLRequestMethod.GET;
[Code]....
I have a system where users authenticate over Flash and then they should be able to browse various folders on the server, which are protected with the same user/pass and i don't want them to enter the authentication twice.
I have heard that Web Service class is not available in AS3.implementing a WebService in AS3 with authentication.
View 2 RepliesI was pretty confused while stetting up a FMS and reading the docs. Live Streaming is by default enabled for everyone without password. Then I discovered and installed the authentication module. But this does not work and is not well documented. Also the download page states that it will work with FMS but some lines below it is stated that: "the Flash Media Server Authentication Add-In is only available for the Flash Media Interactive Server and the Flash Media Developer Server. This Add-In does not work with the Flash Media Streaming Server." hmmm. Confusing. How can I prevent that everyone is using my server for live streaming?
View 16 RepliesGot a site almost complete however the user authentication isn't working. Simply put, I wish my website to reference a PHP file, which is echoing a users authentication level. Via the Actionscript, Flash pushes the user to the frame on the timeline they have the authority to view.
My PHP Code
<?phpecho 'checkLog=999';?>
My AS2 Code - This code is pasted in the first frame of the timeline
appname="mikesapp"loadVariablesNum("newlogin.php", 0, "POST");
//This verifies the users status and forwards them to the portion of the website they are authorized to access.////Auth Level 100 = Regional Access, Auth Level 200 = Franchise Access, Auth Level 300 = Employee Access, Auth Level 400 = Denied Access and Back Button as they do not have the privileges to move forward from there.//
this.onEnterFrame = function () {
if(_root.checkLog == 100){
_root.gotoAndStop("regional");
} if(_root.checkLog == 200){
_root.gotoAndStop("partner");
} if(_root.checkLog == 300){
_root.gotoAndStop("employee");
} if(_root.checkLog == 999){
_root.gotoAndStop("denied"); }}
Because the "checkLog" value is 999, the user should be forwarded to the "denied" label in the timeline however it is not as the site simply loops over and over. I'm sure Flash is accessing the "newlogin.php" file as when I rename it, flash errors stating it cannot locate the file. I have changed it back to the correct name since.
I use Ubuntu server 10.4 64bit and have Flash streaming server 3.5.5 working fine For security reason I also installed Authentication Addin on FMS and was able to add user using command /opt/adobe/fms/conf/users add -u FlashSAC -p pass. I verified and the user FlashSAC was added to the User.dat located opt/adobe/fms/conf. However when I used Live Encoder 3.1 to send a live stream to FMS, it worked without prompting for username and password at all. I tested Authentication Addin with Flash streaming server 3.5.5 on Windows XP and it prompted for username and password.
View 6 Replies