Flash :: Securing .net Web Services For Flex / AIR Applications
Oct 15, 2009
What would be the best way to secure .net web services used by a flex application (both desktop and browser) that requires login? I thought about requesting the user and password in every method of the web service, and having them stored as variables in the flex app, but I don't feel like this is the most elegant way.
my team is building a game in flash to be embeded in a asp.net application.When the game is over the player have the chance to type his name to save his score.This is done using web services called from flash. The webservice receives the name and score.Since the webservice is publicly available how can I make it only callable from my flash given the following conditions:The .swf is hosted by the same asp.net application There are two domains that can access the same application (I have run previously into cross domain issues).Using SSL is not an option. The webservice has to be consumed by the .swf file.
I finished a Flex app using FB4.5 and uploaded and tested it fine to a shared host. I'm now in the process of securing the app using https, but have landed in a quagmire.I forced the load of all pages to https with .htaccess so that the Flex app loads with SSL. Problem is that I get a connection failed ('BadVersion') when the app makes a data service call using the gateway.php file because of the .htaccess force (it is looking for http rather than https). I believe I can hardcode the https path in the Flash Builder class file, but I don't want prevent the app from working on my dev machine either.Also, even if the gateway.php file is called using SSL, will the following calls to the PHP files containing the actual SQL queries fail because of the forced SSL by the .htaccess directives.
Instead of using .htaccess, I have also successfully used PHP to secure the initial launch of the app with a https redirect statement in the beginning. This allows the app to work, calling the gateway.php file fine because it isn't forcing https on everything. BUT, this defeats the purpose of trying to get everything to be encrypted.Is is it necessary to have the gateway.php file launched on SSL because of transmitting in binary AMF?
I am using Flex/Flash to build a UI which front-ends my Rails server application. I am using WebORB as the communication mechanism. My question should apply beyond just WebORB, however. (I think).
Specifically, it has to do with the services-config.xml file. I have a local (laptop) dev environment, a remote dev and a remote production environment. I am sick of editing the URL in the services-config.xml file, rebuilding and deploying every time I want to test in a different environment.
[Code]...
By setting the URI="/weborb" and giving it a relative path, I figured it would work. locally--but it doesn't when I deploy it to my remote dev and prod environments (Heroku). Weird.
When I'm making projects with Flex (or Flash Builer) the end result usually performs much better than a similar level project made with the Flash authoring tool. I know Flash IDE is rather for animations and design heavy works so you can't really compare these 2 tools, but this question is bugging me for a long time.If apps made with Flex (or Flash Builder) are really faster and less CPU intensive - why is that?
m working on an Adobe Flex application that loads lots of Flex Modules and other Flash sub-applications and Flash resources. Each time one successfully loads the flashlog.txt and Flex Console show a trace like "[SWF] filename.swf - [filesize] bytes after decompression". Specifically:[SWF] Main.swf - 1,361,299 bytes after decompression [SWF] core/Core.swf - 516,390 bytes after decompression
I don't want to disable traces because I am debugging, but these traces are rather noisy. How can I suppress only the [SWF] loaded traces?
I have a Flex application which uses the BrowserManager class for enabling deep linking within the application. The URLs work fine through all browsers but the back/forward buttons work only with Firefox and Internet Explorer. Even that is a bit flaky and sometimes doesn't work. The buttons don't work in Chrome/Safari or any other browser. How to make this work properly?
how can I strip trace() messages from a flex and flash applications? I write flash and flex applications and i use a lot of trace messages for debugging, but when i product the actual swf i want it to be stripped from any trace messages.
I am looking for utility/helper classes for Adobe AIR/actionscript 3.0 file system and native process utilization. Could someone point me to opensource library projects specific to Adobe AIR..
I've been searching for the last couple days but can't seem to find a basic example of what I'm looking for. I'm developing a Flex 4.5 app and in it I have a viewstack of 2 components that use some of the same services. Currently the only way I can get the app to correctly use the web services is by defining 2 different web services that use the same PHP web service file. For example: I have an app, and within it I have a viewstack with tab navigation of 2 components: #1) retrieve a list of all Salary Employees, and #2) retrieve a list of all Contractors. Currently to get it working I am defining a UsersTableEmployees webservice within component #1 and a UsersTableContractors webservice within component #2, but they both point to the same PHP class, and only differ in the arugment value I pass to them. Ie, getUsers("employee") and getUsers ("contractors"). Of course this is not best practice.
Searching StackOverflow and Google gives me many results about ColdFusion and MVC (example What's the best way to share data between components in Flex?), but I'm still confused. Can anyone here point me to a basic example (even sample MVC) and source code of an app that uses Zend AMF and allows different components to call common web services?
I am developing an application with multiple windows, all using their own web services.Is it bad practice to use more than one web service per application? If so, what are the disadvantages?
We have Flex applications that connect to our ASP.NET 3.5 Web Applications and usually download lot of data. Now considering XML as transport, for every item, it transmits meta data twice for example.. instead of transferring int value as <Customer CustomerID=23/> it transmits <Customer><CustomerID>23</CustomerID></Customer> .. now here is where bandwidth conservation becomes an issue.
FLEX Can not read GZip and DEFLATE compressed HTTP Response ( So cant use any of them )I heard of some WSCompression but it requires WSE 3.0 now I am skeptical to introduce too many dependency in my hosting environment which requires too much management and overheads. Is WSE 3.0 only dll library which requires no installation on production server? Does it require rewriting all WebService attribute? Or is it simple one time configuration and more or less, anyone knows does it work with Flex ? Flex dynamically generates web services, and we use lot of its auto generated code, now if we want to support compression then do we need to rewrite lot of code?
Simplest solution I can think of is, reduce unnecessary XML tags and reduce them down to attributes to save bandwidth. Is there an easy way to achieve it, our classes has more then 50-70 properties, I understand it will be nightmare to add attributes to each property but we dont know how to do it in case of SOAP.
Although iPhone support JSON natively, AMF is a binary protocol and it supposes to use much less bandwidth. Do you think using AMF is a good idea?Just found this AMF library in cocoa (Objective-C):Here's the famous benchmark that shows AMF is smaller and faster than JSON + gzip in Flex:
Today I tried to connect to other domain.I changed url of endpoint, but it looks like flex just ignores my changes.I am sure that an old url doesn't exist in any file in src directory,I even renamed services-config.xml to services-config2.xml, cleaned and rebuilded project many times, even made a release build, but it still connects to the same domain.I have tested flex application in localhost and in the same domain, that has AMF services, but it works in the same way.My services-config.xml is:
We are planning to use flex and Java Web Services, what is the best practice to consume web service from flex is it better to directly call the web service from Action scripts or to use remoting where java client will call the web services and later flex using remoting will the java client?
I have some problem with calling web service from flex. I have service with name UserService with one method string GetData(int i). I want to call this method from flex and get data. My code is here:
protected function application1_creationCompleteHandler(event:FlexEvent):void uService = new UserService(); uService.addEventListener("hello", echoResultHandler); uService.GetData(1);
from flex, when calling a .net web method that returns a custom class, I always recieve an ObjectProxy, even if I have the same class created on flex. How do I manage this ObjectProxy as the class I have?
I had this error in a Flex Application that I couldn't figure out. Every time the app attempted to access the Web Service it returned the error Security Error Accessing URL.
I am a new flex developer.I would like to know about the LCDS. What it does?How to configure it?Do I need to know Java? Can I get some sort of tutorial pdf for it? I have it on my system. I need to know about it.
I am using AS3 for a flash project I am working on. What I would like to do is secure the SWF so it will only run on a particular domain. If it possible to do this? to make sure it only runs when it is served from [URL]?
I'm going to write an application with the Air/Flex-Framework. I'm looking for Best Practise and general Design Patterns for designing software especially in Air/Flex. I have experience with this framework but never had the pleasure to write a piece of software from scratch.
For instance: I stumbled across lots of software written in Air/Flex with nearly infinity global vars Most of the software I saw was not object-oriented How can I pack the asynchronous method calls nicely?
I'm familiar with general design patterns by gamma. I'm looking more for advise in designing good quality software with Adobe Air/Flex.
General information: I use Flex 4.5 I use FlashBuilder 4 I generate the WSDL using JAX-WS 2.2 (via a GlassFish 3.1 AS) I want to have a web service that returns a list of clients.
In the Java code, I have a base class for a Client, and 2 extending classes: public class Client { public String getName() { return this.name; [Code] .....
As the title indicates the question is in regards to the service layer of a flex application. Specifically in a test case class. To call the services the user must first authenticate through an html/CF based page. Once that's done and the authentication has occurred the user is directed to the html page with the flex application embedded in. Once authenticated the server side CF code writes a cookie to the users computer. This cookie is then read by the flex app and is required for the flex app to make calls to the CF services.
The question is: how should this be handled in a test case class for the service class in the flex app? The following steps need to basically take place: use some account data to hit the server and authenticate, the cookie then needs to be written (which it will already), then the test case needs to pick up the session id from the cookie and pass it to the service call within the test case. That just all seems like too much for a test case class.
So, how is this type of thing usually handled. From what I gather it's typical for web service calls to require a session id like this.
I tried importing the WSDL with the wizard but when I tried to call the web service it results in an error stating
"Cannot marshall type "http://www.w3.org/2001/XMLSchema::EnumsChannel"to simple type"
What kind of object do I need to create in Flex Builder 3 to pass into the webservice so that it will recognize it as the appropriate type? The wizard is not correctly creating the appropriate type. Here is the xsd for the enums.
I'd like to try to build my own objects to call the service myself (without the wizard).... created the mx:WebService and mx:Operation but not sure how to handle the enum parameters.