Flex - Pass Authentication Headers Using Flex HTTP Service?
Sep 6, 2010
I am trying to access a .Net service which requires an authentication header. If WebService is used it works fine. But when it is accessed using HTTPService it throws error. The project is already done by somebody else using HTTPService. Now changing to webService requires some time since there needs to be modification in a lot of files.
Below is the SOAP envelop required by the service.
I am using Flex 3 (ActionScript 3.0). I use the HTTP progressive download to play sound files. I want to secure the sound files, by only serving them when the request comes from my flex app. I chose the simplest solution of adding a HTTP header to each request send from the app. But flash.media.Sound object ignores the headers set in flash.net.URLRequest. Here's an example,
URLRequest sndFile = new URLRequest("http://blah.com/media/load_sound.php"); sndFile.requestHeaders = new Array(new URLRequestHeader("req-orgin", "myflexapp")); Sound snd = new Sound(sndFile); snd.play();
The value of req-origin comes as null in load_sound.php. When i inspect the request using Firebug, the request headers to [URL] doesn't contain the header.
I have a flex app hosted on a windows server running IIS. That same server has some rest services that the app interacts with. The rest services have windows authentication so that their urls cannot be called without credentials. The flex app needs to be accessible to the public so its files are accessed by enabling anonymous access. The problem is of course that when the app tries to call the rest services the browser pops a dialog box asking for windows username and pass. I naively hoped that if I set the anonymous access on the flex site to use the credentials of a windows account that had permission to view the rest services that would resolve the matter. I hoped that IIS would see the browser used the proper creds to view the flex app and use those same creds to get the rest services. Wrong, that didn't work.
So is what I want impossible? I'd like to find a way to not force the user to enter windows creds, keep the rest services using windows authentication, and have the flex app able to access the rest urls. Any ideas? Am I missing something? Also, it may turn out that the flex app is running on http and the rest services must be called with https. Does that change your answer?
I'm trying a simple tutorial of retrieving RSS feeds from yahoo and keep getting this error: RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTP" I've seen some articles that say I need a crossdomain.xml file, but I don't really know how to set this file up and how to use it from the Flex SDK compiler (mxmlc).
I need to call an HTTP service using Flex that has variable arguments. I'm using Flash Builder 4 (Gumbo) to create the service definition, but there's no UI for variable arguments, and the subclass of HTTPServiceWrapper that it creates doesn't seem to support it.
i am trying to put data in to combo box from php page using http service .there are 2 data records in the php page but instead of displaying data it displays [object object] [object object] in the combo box list
here is the mxml code
@namespace s "library://ns.adobe.com/flex/spark"; @namespace mx "library://ns.adobe.com/flex/mx";
I want to store images from the flex application to a asp net web service and at a later point will be sending these images back to flex application . Can you please give a example web method in c# or suggest a website to read about how to do this.
I found at this Adobe tutorial a nice "RemoteService" class that creates a RemoteObject and contains the functions for handling the result and fault events. If I wanted to use this approach, how could I pass the data from the result handler to interfaces that modules from the main application could use?
I could put the RemoteService/RemoteObject in the modules, but (in my opinion- and I could be wrong) the best design seems to be using the remote calls in the main app and passing the data along to the modules.
Authentication is performed with Basic auth over SSL (although the password inside the basic auth is SHA-2'ed). The issue is that using basic authentication for the Flash client is causing the standard browser log-in box to appear because of "WWW-Authentication: Basic" in the header. Flash is unable to bypass this by manually setting the Authorization header prior to the request.Other clients need to be able to authenticate via the existing mechanisms, so rewriting the authentication logic would not be ideal.
I have the idea that the authorization headers sent to and received from flash client could be dynamically rewritten to use another name for Basic auth which would cause the browser not to understand the auth mechanism and not present the dialog box. Authentication headers to and from Tomcat could be rewritten from "WWW-Authenticate: Basic" to "WWW-Authenticate: PretendBasic" but ideally the built in container security could still handle the basic auth after the rewrite.
I wrote a filter to rewrite inbound headers as "WWW-Authenticate: PretendBasic" as "WWW-Authenticate: Basic" hoping the next filter chain would be auth and the request would be handled as normal. Unfortunately the Servlet specification states that a filter cannot be inserted prior to authentication. I think the only possibility of this working is to create a stackable JAAS authentication module that would first perform a header rewrite on requests if coming from the Flash client, and then pass authentication through to the existing container managed security systems.
We are working on a plugin for the JWPlayer and I noticed that in Chrome specifically, we are running into issues with the 302 redirect urls that we're using. The JWPlayer is not recognizing the redirect which contains url-based flashvars which we need. So here's my question(s):
1) Is there a way using AS3 to get the response headers from a url when NOT using AIR?
2) Is there any known issues with Chrome and 302 redirects that might be enough to trip up Flash?
3) What is the best method to handle a 302 redirect? The current issue is that there is a queue'd process and none of the other steps can continue without the first one and if the first one fails because it didn't get the proper flashvars, then the whole thing fails.
from time to time I get feedback from my web portal customers that they cannot see Flash component on the page - instead there's a blank white region. When it happens I instruct them to clear browser cache, and it solves the issue. Is there any way to handle this differently, using HTTP headers etc.
I have a site that has the main path under password protection. I also have a subfolder that have a separate (htaccess/htpasswd) password protection. For some reason, when I access the subfolder, I'm asked to put in my id/password twice. All of the files that are referenced are under the subfolder.
What should I be doing to troubleshoot this? I've tried this on different browsers and it's the same behavior. There is one main html page with a .swf (the only thing on the page)...it loads other assets but they are within the same subfolder.
I am experiencing a strange problem when I want to bind a service to a button or something else:
I can add the services to the Data Services panel but I have two strange things:
1) when I want to configure the return type he doesn't let me create a new ValueObject type, I only get the bottom datagrid which states: Properties returned by the operation: Property: country_Id, provence_Id, city_Id, id_cdpc, district_Id with the related values on the right side. Why can't I create a new data type on the top?
2) When I accept this and want to add the service call to a button (drag&drop) I get the following error: Error occurred while generating code. Make sure that there are no compiler eroors and try again after reopening the file. Componentn type services.cdpc.CDPC not found... (ps: When I perform a Test Operation everything seems to be ok, I get the expected output values)
I'm building an image viewer that has violent content (video games), and so it requires users to enter their birthdays. Problem is that because of company policy, I can't expose any of the source images being viewed in the event that someone might use their resources/net tabs (or just sniff the request) and get the direct link to the image. (I know that they could screenshot it, but that's out of anyone's control and not something I'm worried about.)Is there anyway to inherently mask loaded resources (images)? I've been using sockets, which is great, but there's also the problem of actually loading the image binary (after HTTP request headers are removed) as a Bitmap in Flash.
We have a situation where a web application within an intranet requires windows authentication. This way employees of the company can login to their desktops and have automatic access to the web application and also be identified automatically without having to login because Windowns Authentication takes care of that. The problem is that we've added a Flex module to the web application. The web application comes up fine and authenticates the user can then navigate to the page where we have the Flex application. Which loads fine. The problem is that the Flex application also needs to communicate with the same server about this user but this communication is not working and is prompting the user for a password. Even if the correct user/pass is entered it fails and the Flex application can't talk to the server which requires Windows authentication.
Our expectations was the since the IE browser housing the flex application was already authenticated that all communication from the Flex app would also carry with it the necessary information to enable it to access the server without authentication.
Is there some sort of configuration settings in FlashBuilder 4.5 where you can easily switch between webservice urls? Right now I have to delete and recreate the web service every time I switch from local to production and vice versa.
I am in the process of writing an application in Flex 3.3, using the Cairngorm framework, for deployment as an AIR application. The application heavily utilizes RemoteObject services to get data from a web server.Each of my service delegates extends a common class which provides a method for calling service methods on the RemoteObject.So, where I previously usedServiceLocator.getInstance().getRemoteObject('myService').myOperation.send();I instead usethis.send('myOperation', 'myService');I use this method instead of calling the RemoteObject operations directly because this method adds another, global, responder to the operation call. This extra responder analyses data in the headers of reponse from the server.
Or at least it should -- this is where the problem is. In the result data (event as mx.rpc.events.ResultEvent) the headers property is always null despite the headers definitely being sent from the server.
I am trying to extend the DataGrid to allow headers for different groups of rows. However, I cannot figure out which method to extend from DataGrid that would allow me to accomplish this. I do not want the headers to be included in the dataProvider, only the rows. I want to specify indexes to insert the headers at using a property of the custom datagrid. Here is a quick photoshop showing what I am trying to do: Is there any custom component already built that will do this?
I am trying to use the Quickbase API (see reference below) with a POST. I am having trouble forming it; specifically, I am clueless as to how to format the header (headers=""). I think the XML Payload is correct, but who knows.
Quickbase API reference: Example XML Request POST /db/6c5xatxy HTTP/1.0 Content-Type: application/xml Content-Length: 88 QUICKBASE-ACTION: API_GetRecordInfo [Code] .....
I almost got it, but the part that's giving me trouble is making the header background transparent. I am making a custom MXML skin based on the default Spark DataGrid skin. I tried setting the contentBackgroundAlpha to 0 on the columnHeaderGroup and the headerRenderer, but that didn't work. I tried setting visible to false for either of those, but that made it so that the text didn't show up either, so that didn't work. There is no setting for backgroundAlpha in either of those two, so I'm not sure what else to try.
I have a grails application that will be rendering an html page into a pdf file and I have a flex application sitting on a server that is going to accept REST parameters and construct a graph based on the parameters (which will be formatted in JSON). What I want to do is make a call to the flex app with my parameters and have the flex app create the graph, render a JPEG of the graph, then send an image back to grails. In other words, I want to put an HTML img src=that will render the image directly to the page so that my PDF Plugin in grails will render it into the PDF.