2 Replies Latest reply on Dec 14, 2007 6:01 PM by florecista

    NTLM Authentication in the browser and Flex

    florecista
      Has anyone tried doing NTLM Authentication with Flex?

      That is to have a user open a an application in a browser, have the browser find the NTLM Authorization, do the authentication/authorization and somehow pass a value into Flex which would tell the application to skip something like a Log In Dialog because this user is already authenticated.

      Anyone?
        • 1. Re: NTLM Authentication in the browser and Flex
          Garyl Woolworth Level 1
          I haven't heard of the abbvreviation of NTLM but you could essentially accomplish this task using a SharedObject.

          http://livedocs.adobe.com/flex/2/langref/flash/net/SharedObject.html

          Basically the user would login with the appropriate username / password. Upon successful validation it would write a shared object variable stating that they had logged in either storing an id or a username whatever you wanted to really show that. Then every time they return to the application and it has initialized read the shared object and check for that value. If yes currentState = "home" else currentState = "login" you could also save some other data to the object such as there last complete login and if it's passed a certain time frame (say 5 days) make them login again, as well as you could store the username's so any time they had logged in successfully automatically fill in the last good username. These are all just suggestions of how I would go about it. Other then this I wouldn't know how to go about it aside from cookie's which in my mind isn't a great solution just because of how easy it is to turn off cookies. Hope this helps.
          • 2. Re: NTLM Authentication in the browser and Flex
            florecista Level 1
            Hi,

            NTLM stands for 'NT LAN Manager'.

            http://en.wikipedia.org/wiki/NTLM

            "NTLM Authentication allows the login credentials of a Windows user, who is logged into a Windows domain, to be automatically passed to a web server in the same domain. It can be a very handy little feature in a workplace that can easily become over-burdened with usernames and passwords."

            http://www.crossedconnections.org/w/?p=89