How to implement a secure authentication model to a Flex 4 / CF9 app?

Report · Oct 26, 2011

Hi all

been searching without finding a lot of clarity on the matter

I'm building a flex application that communicates through flash remoting with CF9 cfc methods

I want to make sure my some cfc methods are accessible only by authenticated users

how do I prevent from someone bypassing the flex interface and calling them directly?

I'm looking for the simplest way to implement it

I'd prefer not to use cookies

is then an easy built-in mechanism / tutorial to implement?

it sounds like it make sense to authenticate a user and have cf return an accsess token that would be kept on the server

so does it mean that each flex call to cf should include this token?

what about the cfc's? do I need to construct a central cfc to rout all calls and check the access token before routing & processing any DB query?

I would REALLY appeciate a clean minimal solution

thanks a million

cosmits

Report · Oct 26, 2011

observing the network communication between the flex client and the server

I realized each AMF packet actually has a header that contains a JSESSIONID variable by default

first of all - how can I access this token on the AMF packet header from a cfc method?

and second - do I need to add this token once a user had been authenticated on the cf9 side to some session dictionary containing all authenticated users?

what is the simplest way to validate each cfc method agaist this session dictionary?

do I need to implement it manually on each cfc method I've created?

I realize I'm guessing my way around here

and sure this is quite a generic question

not wanting to re-invent the wheel, yet trying to avoid over complexity

would really appreciate some clarity

cheers

cosmits

Report · Oct 30, 2011

this is truely surprising

such a generic situation, an application with user authentication

yes, true, it is a flex client and a coldfusion server

so? how do you implement it in this scenario?

not a clear answer in sight

as if it was such an isoteric question...

so quite...

I hope it's the weekend...

come on people!!!

give us a hand! wil ya?

Report · Oct 30, 2011

does it have to do with RemoteObject setRemoteCredentials & cflogin?

am I getting warm?

Report · Jan 11, 2012

Hi - did you find a solution ? I am on the same way and am interested in that topic.

Thanks & Regards

Adobe Community

How to implement a secure authentication model to a Flex 4 / CF9 app?