4 Replies Latest reply: Jan 11, 2012 10:54 AM by crikos

How to implement a secure authentication model to a Flex 4 / CF9 app?

cosmits Oct 26, 2011 7:52 AM

Hi all

been searching without finding a lot of clarity on the matter

I'm building a flex application that communicates through flash remoting with CF9 cfc methods

I want to make sure my some cfc methods are accessible only by authenticated users

how do I prevent from someone bypassing the flex interface and calling them directly?

I'm looking for the simplest way to implement it

I'd prefer not to use cookies

is then an easy built-in mechanism / tutorial to implement?

it sounds like it make sense to authenticate a user and have cf return an accsess token that would be kept on the server

so does it mean that each flex call to cf should include this token?

what about the cfc's? do I need to construct a central cfc to rout all calls and check the access token before routing & processing any DB query?

I would REALLY appeciate a clean minimal solution

thanks a million

cosmits

1. Re: How to implement a secure authentication model to a Flex 4 / CF9 app?

cosmits Oct 26, 2011 8:20 AM (in response to cosmits)

observing the network communication between the flex client and the server
I realized each AMF packet actually has a header that contains a JSESSIONID variable by default
first of all - how can I access this token on the AMF packet header from a cfc method?
and second - do I need to add this token once a user had been authenticated on the cf9 side to some session dictionary containing all authenticated users?
what is the simplest way to validate each cfc method agaist this session dictionary?
do I need to implement it manually on each cfc method I've created?

I realize I'm guessing my way around here
and sure this is quite a generic question
not wanting to re-invent the wheel, yet trying to avoid over complexity
would really appreciate some clarity

cheers
cosmits
Like Show 0 Likes (0)

Actions
2. Re: How to implement a secure authentication model to a Flex 4 / CF9 app?

cosmits Oct 30, 2011 6:55 AM (in response to cosmits)

this is truely surprising
such a generic situation, an application with user authentication
yes, true, it is a flex client and a coldfusion server
so? how do you implement it in this scenario?
not a clear answer in sight
as if it was such an isoteric question...
so quite...
I hope it's the weekend...
come on people!!!
give us a hand! wil ya?
Like Show 0 Likes (0)

Actions
3. Re: How to implement a secure authentication model to a Flex 4 / CF9 app?

cosmits Oct 30, 2011 7:57 AM (in response to cosmits)

does it have to do with RemoteObject setRemoteCredentials & cflogin?
am I getting warm?
Like Show 0 Likes (0)

Actions
4. Re: How to implement a secure authentication model to a Flex 4 / CF9 app?

crikos Jan 11, 2012 10:54 AM (in response to cosmits)

Hi - did you find a solution ? I am on the same way and am interested in that topic.

Thanks & Regards
Like Show 0 Likes (0)

Actions

Go to original post

How to implement a secure authentication model to a Flex 4 / CF9 app?

1. Re: How to implement a secure authentication model to a Flex 4 / CF9 app?

2. Re: How to implement a secure authentication model to a Flex 4 / CF9 app?

3. Re: How to implement a secure authentication model to a Flex 4 / CF9 app?

4. Re: How to implement a secure authentication model to a Flex 4 / CF9 app?

Actions

More Like This

Legend