I'm developing a flex application that will need consume a particular web service from an outside company url e.g.
https://server1.company.com/service.asmx?wsdl. This uses Basic Authentication and so requires me to send the "Authorization" http header. I'm running the app using Flash Builder on a computer with just an IP (localhost).
Since flash will remove the headers I've setup an Apache server with Reverse proxy (using mod_proxy and also mod_ssl since the target uses https). My apache configuration is as follows:
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyPass /service.asmx https://server1.company.com/service.asmx
ProxyPassReverse /service.asmx https://server1.company.com/service.asmx
LoadModule ssl_module modules/mod_ssl.so
I tested the proxy using a webbrowser and when I type in http://localhost/service.asmx?wsdl I get the prompt and when I enter the credentials I get the wsdl document. However when I run it via flex the network monitor shows that there is no Authorization header being sent i.e the header is still being removed and so I still get the prompt.
My application is loaded using a localhost address. http://localhost/test/main.html which contains the swf file. So I thought this would work without using the crossdomain.xml file. But since it didn't work I added a crossdomain.xml in Apache's htdocs folder such that it's accessible as http://localhost/crossdomain.xml. But it's still the same problem. Here's my crossdomain.xml file.
<allow-http-request-headers-from domain="*" headers="Authorization"/>
It's still the same problem the Authorization headers are being removed. I tried '*' in place of 'Authorization' in the crossdomain.xml file and also tried using https://localhost instead of http://localhost and adding secure="true" to the crossdomain.xml file but nothing seems to fix this problem.