Php :: Flex Client Authentication With NTLM Using Md5 Encryption
Nov 4, 2010
I have flex client application with php as a server and i want to implements domain user and password authentication. I'm sending the user and the password from the flex client through httpservice to php script and the php script authenticate the user and the password with the domain But! I want to encrypt the user's password in flex and to decrypt it in the php. I have the as3crypto.swc module for the flex but I don't find any way to decrypt it in the php. So, how can I do that and If this is not the right way to do that how can I do that?
View 1 Replies
Similar Posts:
Jul 15, 2011
We use the FileReference component to upload file in Flex. But if the application is deployed within an environment having NTLM authentication (Windows Integrated Authentication), the upload capability will not work, and each time a message box will be popup asking the user to input credentials.I've queried some resource from internet and it seems this is a bug of FileReference component.
View 1 Replies
May 24, 2011
I'm having a problem setting up RSA encryption/decryption mechanism between flex client and web service written in c#. The idea is this: I'll encrypt some text from flex and then decrypt it from web service. I'm using as3crypto library from google. It is encrypting/decrypting text properly. I also have the code on the web service side to encrypt/decrypt properly. My problem is synchronizing them - basically sharing the public key to flex and keeping the private key to the web service.
My flex "encrypt" function takes modulus and exponent of RSA to do text encryption, so how do i get these modulus and exponent attributes from the web service's RSACryptoServiceProvider, so they speak the same standard.
[Code]...
View 3 Replies
Dec 29, 2009
We're using :
JBoss 5
Flex SDK 3.5
BlazeDS 3, with integrated authentication (through JAAS and JBossSX)
Failed login are always indicated to the flex client by the same fault code : Client.Authentication
However, the underlying JAAS LoginModule throws a specific javax.security.auth.login.LoginException subclass.
How can we propagate the failed login reason to the flex client ?
View 1 Replies
Mar 20, 2012
Is there any way to perform client authentication in FMS 4.5.1 (username/password/session id) for live/livepgkr application? As without it anyone will be able to discover RTMP/HLS URL and access to live streams without any limitation.
View 6 Replies
Apr 12, 2011
we have one application where we are pulling some confidential information from one of the product design tools. So we have used HTTPS as the channel and also we are encrypting the Request Parameters and Some data before we sent it to Web Services.Everything seems OK.But when we gave the application for Security auditing they found we have hard coded the encryption key in source code. They have used Sothink SWF Decompiler to look into my SWF file. They caught the key and raised concern over it.
We have developed this application using Flex 3(SDK 3.4). Is there any best way to use Secret key without being hard coded in source code. If anybody come across this kind of problem, please let me know. use the secret keys in SourceCode without being Hard coded.
Here is my sample code:
var currentResult:String = "";
var strDataToEncrypt:String = "";
var kdata:ByteArray;
[code]....
View 2 Replies
Jul 14, 2011
Is there a way to use some kind of encryption (md5, hash, etc...) to determine if two arraycollections are the same or not?
View 1 Replies
Sep 14, 2011
Do you know a library in ActionScript 3 that can encrypt and decrypt using the TwoFish algorithm? I have been using as3crypto for other cryptographic algorithms, but unfortunately, it doesn't seems to handle Twofish...
View 2 Replies
Sep 6, 2010
I am trying to access a .Net service which requires an authentication header. If WebService is used it works fine. But when it is accessed using HTTPService it throws error. The project is already done by somebody else using HTTPService. Now changing to webService requires some time since there needs to be modification in a lot of files.
Below is the SOAP envelop required by the service.
[Code]...
View 1 Replies
Jun 4, 2010
I want to have flex portlets side by side with JSP portlets. How can we implement the authentication mechanism? [ Authentication will be handled by the portal and how can we share the same session with flex portlets ]
View 1 Replies
Sep 17, 2010
I am developing an application in Adobe Flex. This application is to be hosted on a Joomla Website. I want to achieve Single Sign On between my Joomla website and this Flex Application. The Users log in using the default Joomla Mechanisms however I want the username as well as some other details about the user inside my Flex Application.
View 1 Replies
Feb 4, 2011
Some background: I have a Flex app embedded in an HTML page and am using Flex to send a soap request to my Java backend that does some authentication depending on the username and password entered in the Flex form. If I enter the correct login everything works fine and the Flex app can continue making further requests. But with an incorrect username/password, an "Authentication Required" dialog box pops up in my Browser and my Flex app won't respond with its proper handler until I click cancel. I'd like to get rid of the dialog box somehow,
View 2 Replies
Jul 24, 2011
How would one create a video or audio stream using OSMF when there must be basic authentication on the url?Can one feed in Audio/Video using HTTPService to provide the header authentication?
View 2 Replies
Feb 2, 2011
We have a situation where a web application within an intranet requires windows authentication. This way employees of the company can login to their desktops and have automatic access to the web application and also be identified automatically without having to login because Windowns Authentication takes care of that. The problem is that we've added a Flex module to the web application. The web application comes up fine and authenticates the user can then navigate to the page where we have the Flex application. Which loads fine. The problem is that the Flex application also needs to communicate with the same server about this user but this communication is not working and is prompting the user for a password. Even if the correct user/pass is entered it fails and the Flex application can't talk to the server which requires Windows authentication.
Our expectations was the since the IE browser housing the flex application was already authenticated that all communication from the Flex app would also carry with it the necessary information to enable it to access the server without authentication.
View 2 Replies
Sep 24, 2009
In AIR on Mac, when I send login creds to a service and they're incorrect, AIR displays a native popup window to try logging in again without dispatching an error event. Twitter provides a header (suppress_response_codes=true), which returns any error as a status 200 with the error message. I'm using HTTPService to connect to a service without a header like this. Are there any properties or headers I can send to avoid this popup?
View 3 Replies
Jul 24, 2011
I would like to load a an image from an external domain and I have the below so far:
private function get_coverArt(coverArtID:String):void
{
var requestString:String = "/rest/getCoverArt.view?v=1.5.0&c=AirSub&id=" + coverArtID;
[Code].....
View 1 Replies
Feb 15, 2012
I have a web application developed using flex and cakephp. My client need to make a desktop application of that web application using Adobe Air. The conversion of the flex to Air is done successfully. I the flex application the communication of flex and cakephp is handled using a remotes controller. In air application I have a problem of authenticating the user with cakephp default user authentication
View 2 Replies
May 30, 2009
Almost everything is in the title : Here's what I'd like to do :A nice html page with a php authentication process (http first then http**s** & so on) Launch a flex app which knows (I don't know how (this is the actual question !)) the user has already been authenticated and display his/her stuff he/she has to do for the day (or whatever...).
Of course if someone try to call directly the flex app I would display an "authentication error" message and then redirect to the authentication page.I'm sorry for my English which is perfectible.I was thinking about the session cookie : first authenticate then ass a variable on the server side, something like :
[Code]...
View 3 Replies
Mar 27, 2012
I want to call web service which has basic authentication.once url get authenticated then want to call particular service example xyz() which takes 2 parameter and return a flag .
View 1 Replies
Dec 8, 2009
I have a flex app that allows the user to upload a file.The flex side uses the FileReference.upload method that goes to an .aspx page that handles the upload. It works only intermittently when I have IIS set to integrated windows authentication.That said, for testing purposes,I wrote a separate aspx page that does a file upload and this always works.I'd like to leverage the file import,though, within the nice looking flex app and not kick off a new webpage for a file upload.In looking at the IIS logs I have a hypothesis as to what's happening, and want to know if someone has full understanding as to why it may only intermittently work and can confirm or deny this: Flex' FileReference upload guts does whatever it does on the client then initiates a POST request to my .aspx page.On the times it failes, the IIS logs state that IE didn't pass the credentials so denies the request then sends a 401 response.
I don't get this 401 response on the flex side even though I'm listening for HTTP status codes (flash bug?).A new request is somehow immediately made to perform the upload again (it's not my code). I'm inferring this by looking at the IIS lgos which shows a second POST right after the previous one, only this time the user credentials are sent through, but the kicker is that the file the user uploaded is not uploaded this time. I infer this by the fact that the IIS logs show 0 bytes are posted, whereas the previous 401 request show a lot of bytes are POSTed.On the times it does work, what happens is that the first request for the HTTP POST the FileReference makes so happens to send the windows credentials along, so the client is not challenged.
View 1 Replies
Mar 10, 2010
I'm using Flex 4(beta2) with Ruby on Rails 2.3.5 and using RubyAMF to transfer data back and forth between Flex and server. set up Authlogic on the Rails side for authentication. wasn't sure what's the best method to handle user sessions. I know this is done automatically with Rails by sending session id with cookie which Rails use to authenticate the user.What do you suggest the best way to do this with Flex?I thought of couple of options:1. Manually fetching the cookie from the browser and then figuring our a way to send that to the server with every request I send. 2. Handling sessions expiration and flow on Flex side by manually expiring the session
View 4 Replies
Jul 27, 2010
I'm using Google Engine App with Python. I want to add custom user authentication. How is it done, with the best practices? I want custom authentication because the app is built in Flex and I don't want to redirect to an HTML page.
The user value object is like this:
class User(db.Model):
email = db.EmailProperty(required = True, indexed = True)
masked_password = db.StringProperty(required = True)
# maybe more things here
I would like to mask the password, is there some built in function in GAE? Then, how I will remember the current user? Through sessions and cookies? Or what else?
View 2 Replies
Jul 22, 2009
I'm using Spring, Spring Security, BlazeDS, Flex and spring-flex.I know that I can call channelSet.login() and channelSet.logout() to hook into Spring Security for authentication.channelSet.authenticated apparently only knows about the current Flex session, as it always starts off as false, until you call channelSet.login().hat I want to do: Check from Flex to know if a user is already in a session.
View 3 Replies
Jun 15, 2010
I have a set of RESTful web services. These services are protected on a Glassfish server by OpenSSO. When I attempt to call the RESTful services directly from a browser, OpenSSO intercepts the request, then forwards the request to the REST service once the user's credentials are authenticated. OpenSSO utilizes a session cookie on subsequent requests (until the session is invalidated) . I'm sure this piece is working correctly.We'd like to call these services from a Flex client. In order to enable PUT and DELETE operations, we set up BlazeDS to proxy the RESTful requests from the flex client to the REST service. When security to the RESTful services is disabled, this piece works great.
Now we're trying to secure the entire application. We've placed the Flex SWF into a war and deploy to Glassfish. We've placed security around this resource and when a user attempts to download the SWF (through an HTML link in the war), OpenSSO intercepts the request, then forwards to the application on successful authorization (just like it does for the RESTful web services).The problem is - the RESTful calls made by the Flex application (via BlazeDS) are failing. OpenSSO seems to be intercepting these requests as well and again asking for the users credentials. It doesn't seem the authentication cookies are being passed to (or maybe by) the BlazeDS proxy.
View 1 Replies
Sep 25, 2010
Are there any differences implementing Flex application security in a clustered Java environment (such as Oracle Application Server/OC4J or a JBoss cluster) vs a single application server environment? (And/or does it depend on the specific environment software?)
What considerations are there in a situation where you need to authenticate with LDAP (AD) and store user access information in a database (ex. USER table containing username + permissions/roles info)? Any differences between Blaze DS and Granite DS?
View 1 Replies
Mar 9, 2011
I have a flex app hosted on a windows server running IIS. That same server has some rest services that the app interacts with. The rest services have windows authentication so that their urls cannot be called without credentials. The flex app needs to be accessible to the public so its files are accessed by enabling anonymous access. The problem is of course that when the app tries to call the rest services the browser pops a dialog box asking for windows username and pass. I naively hoped that if I set the anonymous access on the flex site to use the credentials of a windows account that had permission to view the rest services that would resolve the matter. I hoped that IIS would see the browser used the proper creds to view the flex app and use those same creds to get the rest services. Wrong, that didn't work.
So is what I want impossible? I'd like to find a way to not force the user to enter windows creds, keep the rest services using windows authentication, and have the flex app able to access the rest urls. Any ideas? Am I missing something? Also, it may turn out that the flex app is running on http and the rest services must be called with https. Does that change your answer?
View 2 Replies
Apr 7, 2012
We are planning a desktop client application with Adobe AIR. The client app will be delivered to our customers with a database, which contains monthly updated marketing data provided by our company. As different customers will buy different sets of data from us, for example, a customer is only interested in marketing data in a specific product category, while another customer need all data in a certain region. After a customer installs this client app, new data will be emailed to the customer every month.
So, the requirement is to keep the data accessible only by the customer who bought it. After reading through AIR's secure local store and database encryption feature, I came up with the following design: each customer will have his own secret key (stored in AIR's secure local store), the secret key is used to encrypt the data that the customer has purchased. Of course, the monthly data that we sent to the customer will be encrypted using the same secret key. So my questions are: is AIR's database encryption and secure local store secure enough for this use case? If someone gets the encrypted database file, can he decrypt the DB?
View 1 Replies
May 10, 2011
Is it possible to run a Flex client in IntelliJ internally and have it talk to a separately deployed server instance? The server's a java webapp. This will make developing, especially debugging, much easier. What I'm trying to avoid is having to rebuild and redeploy the webapp to get the updated Flex code in it. I want to just build flex and run it against the server.
The flex client is embedded in an HTML page on the server, so in production the users access the client by going to a web page. We're using GraniteDS if that's important.
Update
I'm managed to cobble something together, but it's ugly.I made a copy of our wrapper HTML page and fixed the links to refer to the SWF in target.I setup the IntelliJ run config to point to that HTML page.I set the 'Place SWF file in a local-trusted sandbox' to true
Hardcoded the {server.name}, {server.port}, and {context.root} values in the service-config.xml GraniteDS config file to localhost, etc.
I can mavenize #1, but #3's isn't really a permanent solution. That part is still a problem because I can't check this in.
View 1 Replies
Oct 27, 2010
how can I find on fms server that client disconnected if if client disconnected due to power cut off. I client manually close the application then onDisconnect on server is called but if due to power cut off it does not called.
View 1 Replies
Dec 23, 2010
I am in a situation where user gets the cars data from the database based on the selection and displays it in datagrid like below ( for example)
Company Model Year No
GM Chevy 2010 10
GM Chevy 2009 5
GM Pontiac 2010 12
Honda Civic 2009 12
and there will be a link next to datagrid to get Pie chart based on the data displays in the data grid . The pie graph should display grouping by company and the count . I mean for the above example that should give with two pie items , one for GM showing the number of vehicles ( in this case 3 ) and Honda showing the number of vehicles ( in this case 1 ).
I thought of getting it from the database by querying and grouping it .But here the problem is after getting the data above in the datagrid user can able to filter at client end ( By year or model ) and can say get graph . This time that should only display the graph for the data visible in Datagrid .Grouping on database for every operation is becoming expensive. Since we have already data available at client end , is there any way to group it at client ..?
View 2 Replies
