Flash :: Token-Based Authentication In WCF?
Dec 7, 2009
I am creating a website which will contain both ASP.NET pages and a Flash applet.I want to encapsulate my business logic in a WCF service which will be exposed through two endpoints: One accesssible over the Internet through HTTP(S), for use by the Flash client, and one accessible within the data center for use by the application servers.If this does not seem like a good approach, then stop me here; otherwise, I'll move on...
The question is how to authenticate requests coming from the Flash client. Since I don't want to store the user's password in a browser cookie, don't want to send the password with every request, and don't want to have to use HTTPS after the initial login, I plan on using a token-based authentication system. I also don't want the user to have to log into the Flash client after already logging into the site itself, so I plan on using Javascript to pass the token to the Flash client when it starts.
I know WCF supports using the .NET Framework's built-in security framework (System.Security) to enforce access control, and I would like to take advantage of this.The question, then, is: How do I pass the token to the WCF service when it is called by Flash, and how do I process the token on the server? WCF has an "issued token" authentication mode, but it appears this is intended to be used in a full-blown federation scenario with a Secure Token Service and SAML tokens--a bit more complexity that I really want. It is possible to use this mode with my own "simple random-string" tokens? If so, how? Keep in mind this needs to be compatible with Flash.I could potentially pass the token in a header (either a SOAP header or an HTTP header). In this case, once I've determined which user is making the request, how do I inform the framework so that the System.Security checks will work?Is there a different approach altogether that I should consider?Anything that avoids sending passwords in every request, lets me use System.Security, and works with Flash is a possibility.
View 1 Replies
Similar Posts:
Apr 6, 2011
I want to use fmscheck to monitor my server. When i try the command ( on the FMS server itself, running linux debian)
[Code]...
View 4 Replies
Aug 11, 2009
We've got a project in our ActionScript class which is a TOKEN RING or on how the token ring works. Now, our teacher just gave us 2 weeks to finish this project and he doesn't even started teaching the basics of actionscript that's why we really don't know how to start this project. Keep up the good work. What I really need now is the code in actionscript.
View 3 Replies
Jul 2, 2010
I wan't to do an authentification system with fms using the token concept.I don't know how???
View 9 Replies
Mar 26, 2012
I'm using the actionscript api for a flash application on the web. I would like to perform actions which require an access token, but I'm unsure of the security implications of using this in flash (which can be decompiled). Is the access token something I need to keep secret?
N.B. Specifically I'm trying to post game achievements which require the app's access token to be passed. But I'm not sure how I can do this securely from flash (or whether this is not an issue).
View 1 Replies
Feb 25, 2011
i was wondering if anyone have experience with this, I'm planning to do a security token app for the iphone to access a server, but i have no idea where to start, the security token im talking about is like the blizzard authenticator or bank tokens, they produce a code that last for 1 minute and allow a login, but my question is how does the system work?
View 0 Replies
Mar 31, 2011
rtmp connect takes a token. My connect looks like below.
connect(server,"123456789");
Using fmscheck I am not able to pass token in the query string so that in my connect I can access the token.How would I use fmscheck to pass a token so that my connect so that onConnect will have a token.
application.onConnect = function(new_client,token) // token -> 123456789
{
}
View 3 Replies
Jan 3, 2012
I looked all over facebook api docs for FLEX and i couldnt find a way to obtain a new access token, can anyone please guide me how to that?By the way , the only time I get error "access token" is when I try to get information from the api and using the parameter "since".when I use this call, im getting a token error massage [code]and when im using it without since FacebookDesktop.api("me/likes",handleFeed);
View 1 Replies
Mar 26, 2012
I have a page with multiple YouTube embedded players that I need to listen for events on. I am trying to use the solution posted as the answer to Using Youtube's javascript API with jQuery, but I am getting a strange error: (in Chrome 18.0.1025.137 beta-m)Uncaught SyntaxError: Unexpected token %That is the extent of the error, including stacktrace. My code is like this:
var onYouTubePlayerReady = function (id) {
var evt = '(function(){})';
alert(eval(evt)); //just to verify that the snippet is syntactically correct
[code]....
View 1 Replies
Mar 4, 2012
I have been making huge strides in learning Flex and I am very much enjoying it, however,one thing I cannot find is how to bind results from a query in Flex. I have managed to create lists etc no problem but when I try to bind one specific value to a variable, it does not work.First off, here is my PHP function:
public function getRepnameByUsername($itemID) {
$stmt = mysqli_prepare($this->connection, "SELECT * FROM $this->tablename where Username=?");
[code]......
View 1 Replies
Apr 11, 2011
I am having a scenario where I need to access a service but when accessing it, I get an HTTP authentication popup of browser. I don't the users to see this. I talked to a guy working on same thing in some other technology and he mentioned that they are using Digest Authentication. I need to know how this can be achieved in Flash.
View 1 Replies
Apr 9, 2012
I need to authorise my Flash game (which runs on Facebook) users against my game server. I'm able to get their data like id, access token, etc, from Facebook on the client (I'm using the Flash Facebook API) but I'm not sure how to authorize them on my game server (e.g. do a login with a database query). One scenario that I have on my mind:
If I could get the same access token from Facebook on both the client (which I already do) and the server (with, for example, a redirect URL, which I tried but does not seems to work), then I could easily compare the two tokens (together with the user IDs) and thus authorize the user. UPDATE To put it simpler, I want to catch the token that is returned from Facebook on the server-side before it gets to the client (it can be a simple PHP script that parses the URL token parameter). Next, store it in the DB on the server, and when the client queries the server, I can do the comparison.
View 2 Replies
Dec 12, 2010
i have a flash application connected with a script on a remote server(X)different from the server hosting the website(Y)the application on server X needs to get some user information so i need to identify the user by what i have in the cookie
remote server X will get those informations from server Y is there any way i can get the user name or user id from the CAKEPHP cookie var?the authentication is the one found on cakephp website
[flash]----request---->[server X]----request---->[server Y]----response---->[server Y]...
View 1 Replies
Apr 2, 2012
What I would like to do is to use ASP.NET impersonation to authenticate a Flash app as a user in IIS so that the file dependencies related to the flash file ( XML config files, and PHP API calls ) are not anonymously accessible when users try to access them directly through the URL. So, instead of displaying the contents of an XML config file, it should tell the unauthenticated user they do not have permission to view the file.
Is this possible? Right now I'm looking into request headers and the settings in IIS for authentication.
So I found out how to use Basic Authentication through help posted here. The problem I'm running into is that even though the flash app sends the appropriate request. Which is handled fine in FF, Chrome, and Safari. It still displays the login pop-up box for Opera and IE. Does anyone know why IE and Opera behave differently with Basic Authentication?
View 1 Replies
Apr 24, 2005
it there any way to create an advanced password authentication in flash ? I saw the tutorial here :[URL] but I want to take it to the next level an create a more advanced authentication that will draw the passwords from a database or something external ( asp, php ). what is the most secure way to do it ?
View 5 Replies
Nov 4, 2011
I just discovered impure.com and was very impressed by what can be achieved in terms of visualizing data using their workspace. Although the platform is free to use, but not open source yet. This causes a few problems because the API section works with .com sites for eg. for ebay, so I cannot visualize ebay listings for regional sites such as ebay.in because the link to ebay.com is hardcoded.I searched around, but didn't find other projects that offer a similar way to work with site APIs and other data sources with the kind of user interface and detail that impure.com does in a realtime way within a browser window.This brings me to the questions:
-What technologies would be involved in creating a similar kind of project
-What are the open source tools that can help develop a fullscreen UI to render the workspace. Are there any alternatives to flash for this, and how do they compare
The goal would be to use standard python data structures, python scripts to do some processing on these data structures, scripts to gather data from csv, json and API sources such as google yahoo, wikipedia and flickr, and scripts to render graphs, tag clouds, network visualizations etc. Then bring them all together into a visual interface that supports drag drop and simple type checking.How would the python backend integrate with the UI.
View 1 Replies
Dec 2, 2009
I have a site that has the main path under password protection. I also have a subfolder that have a separate (htaccess/htpasswd) password protection. For some reason, when I access the subfolder, I'm asked to put in my id/password twice. All of the files that are referenced are under the subfolder.
What should I be doing to troubleshoot this? I've tried this on different browsers and it's the same behavior. There is one main html page with a .swf (the only thing on the page)...it loads other assets but they are within the same subfolder.
View 1 Replies
Mar 31, 2010
I'm running into an issue with Uploadify. I have put Uploadify into my app and all works fine in dev (using the VS web server). All worked fine and checked until I deployed the app into my test environment which uses Integrated Windows Authentication. When I actually go to upload the file, the browser brings up a login prompt. At this point, even if you type in the correct username and password, the request seems not to complete and even if you tell the browser to remember the password it still brings up the login prompt.
When this started to occur, I decided to spin up Fiddler and see what was going on. But guess what, when ever Fiddler is running the issue doesn't occur. Unfortunately I can't make running Fiddler a reuqierment for running the app. I know there are some issues with Uploadify/flash when using forms authentication but I didn't think they carried across to Integrated Windows Authentication.
View 2 Replies
Jul 15, 2010
I need a flash based video player that is able to trigger events I can listen to via JavaScript. The events I need to listen to are:
The play button is pressed The pause button is pressed The video stops (is finished)
View 1 Replies
Feb 16, 2011
Authentication is performed with Basic auth over SSL (although the password inside the basic auth is SHA-2'ed). The issue is that using basic authentication for the Flash client is causing the standard browser log-in box to appear because of "WWW-Authentication: Basic" in the header. Flash is unable to bypass this by manually setting the Authorization header prior to the request.Other clients need to be able to authenticate via the existing mechanisms, so rewriting the authentication logic would not be ideal.
I have the idea that the authorization headers sent to and received from flash client could be dynamically rewritten to use another name for Basic auth which would cause the browser not to understand the auth mechanism and not present the dialog box. Authentication headers to and from Tomcat could be rewritten from "WWW-Authenticate: Basic" to "WWW-Authenticate: PretendBasic" but ideally the built in container security could still handle the basic auth after the rewrite.
I wrote a filter to rewrite inbound headers as "WWW-Authenticate: PretendBasic" as "WWW-Authenticate: Basic" hoping the next filter chain would be auth and the request would be handled as normal. Unfortunately the Servlet specification states that a filter cannot be inserted prior to authentication. I think the only possibility of this working is to create a stackable JAAS authentication module that would first perform a header rewrite on requests if coming from the Flash client, and then pass authentication through to the existing container managed security systems.
View 2 Replies
Feb 28, 2012
Is there a way to automate authentication via adding the username/password in the profile XML of flash media encoder live (3.2)? I'm not referring to the command line parameters, but placing a tag in the xml file that contains the username/password for both the primary and backup server.
View 2 Replies
Mar 30, 2011
I have installed the Authentication Add-In on a FMS 3.5.5 Development version, running Windows 2008 Server.I can easily get to the users.exe command prompt and add users with no problem.BUT, when I open the Flash Media Live Encoder and go to enter a username/password when connecting to the server, I keep getting "User Not Found".I've went back several times using users.exe and tested for my user credentials and it always states that the user is there.
View 1 Replies
Apr 28, 2010
I have a windows server(2003) with FMS 3.01 and already installed Authentication Add-in (3)... Already open' up a command prompt and added users using users.exe ($ROOT/conf) and checking them after, but when i go and publish something with FMLE 3, it still doesn't promp for a user and pass login. Restarted the server and everything else, and nothing seems to work!
View 16 Replies
May 8, 2010
Preferably something that integrates well with a Flex front end. Yes the Spring Security guys say this is possible, but all examples seem to use legacy jsp tag libraries making them half useless as examples.I don't want to spend a month setting up and learning how to use a security tool. I would like a tool which supports using annotations (@RolesAllowed etc), MINIMAL XML, and 'remember-me' features (not cookie based).Apache Shiro seems to support Flex/Silverlight/Swing as well but I'd like to know if there are any other alternatives that are NOT container specific.
View 3 Replies
Oct 30, 2009
I'm building a site that is placed behind a client login tool. I simply need my site to verify the users "authentication level" so they are forwarded to the correct "label/frame" on my time line.
I.E. Owners go to the "Owners" label on the time line, Managers go to the "Managers" label on the time line and Employees go to the "Employees" label on the time line.
I know Flash is accessing the PHP file as when I change the name of the PHP file, Flash provides an error. Therefore, I'm assuming it's reaching the file as I'm not getting any compiler/output errors.
My Actionscript
stop();
loadVariablesNum("newlogin.php", 0, "POST");
{
if(_root.checkLog = 100)
[Code].....
This PHP file is stored in the same folder as the FLASH SOURCE files and is pointed to it through it's local address ("newlogin.php", 0, "POST);
View 1 Replies
Nov 17, 2009
I'm relatively new to AS3. There's one thing that I don't quite understand about Sprites. I'm making a tile based game, and all the tile graphics for a level are inside one movie clip in each frame. Would I be able to go about creating multiple sprites based on the frames in said movieclip's timeline I would I have to go through and make a separate library graphic for each.
View 2 Replies
Feb 22, 2010
I'm using FMS 3.5.3 Developer edition and trying some VOD solution before I can proceed to purchase FMIS 3.5. Basically, I need to have a mechanism for certain sets of flash movies to be secured by user authentication.
Now, for Apache, I can secure a directory of webpages by using .htaccess; whilst for IIS or Windows Media Service, I can use NTFS ACL at directory level. My question is: How can I setup a VOD subdirectory that every video files inside need to be authenticated before streaming to client. The authentication authority can be either Active Directory or LDAP.
I've read the developer guide and notice that such authentication requires both client-side and server-side ActionScript. But I'm not a Flash author and I don't have Adobe Flash CSx installed. Can't this simple authentication be done at configuration level?
View 5 Replies
Jul 21, 2010
when i enter the following commend users add -u username -p password it returned the following error users: invalid option -- u
View 7 Replies
Aug 2, 2010
I'm trying to download Flash CS5 through Download Accelerator Plus (DAP). I've already logged into Adobe website but my DAP keeps on asking username and password authentication for trials2.adobe.com. It does not accept my Adobe username and password. What then is the username and password for trials2.adobe.com supposed to be?
View 1 Replies
Jun 23, 2011
The FMS_auth_addin_win_v3.msi insists to put the files into C:Program Files (x86)AdobeFlash Media Server 4conf but the server is installed in C:Program FilesAdobeFlash Media Server 4. I nuked all the Abobe content in the 32 bit area, but it keeps re-installing it there. The server used to run 32-bit FMS 3.5, but since we upgraded, I can't get the authentication addin to work. Can I just copy the thing over?
View 11 Replies