5 Replies Latest reply on May 29, 2006 11:07 PM by poonamsheth

    MSSQL2005 Endpoint  (Webservice) Authentication


      I am trying to fetch data from SQL Server 2005, bypassing IIS, SQL 2005 Endpoints require a username and password and don't support anonymous access. How can I send a username and password for authentication? This is the Flex 2 Beta 2 code I am using to call the service:

      <mx:WebService id="zoban" wsdl=" http://zoban/Library?WSDL">
      <mx peration name="GetBooks">
      </mx peration>
      When I point my browser to the service I just get the username prompt. Can I squeeze in something like <mx:username> and <mx assword> in there?

        • 1. Re: MSSQL2005 Endpoint  (Webservice) Authentication
          poonamsheth Level 1
          here is some help for u,, if it solves ur problem?, but logic needs to be understood.
          pART 1 --- aBOUT aUTHENTICATION
          When a destination is not public, you can restrict access to a privileged group of users by applying a security constraint in a destination definition in the Flex services configuration file. A security constraint ensures that a user is authenticated, by using custom or basic authentication, before accessing the destination. By default, Flex Data Services security constraints use custom authentication.

          Basic authentication

          Basic authentication relies on standard J2EE basic authentication from the web application container. To use this form of authentication, you secure a resource, such as a URL, in the web application's web.xml file. When you use basic authentication to secure access to destinations, you usually secure the endpoints of the channels that the destinations use in the web.xml file.

          The following example shows a configuration for a secured channel endpoint in a web.xml file:

          <web-resource-name>Protected Channel</web-resource-name>





          Custom authentication

          As an alternative to basic authentication, you can use custom authentication and create a custom login form in MXML to match the appearance of your application.

          For custom authentication, Flex uses a custom login adapter, known as a login command, to check a user's credentials and log a principal into the application server. A login command must implement the flex.messaging.security.LoginCommand API. You can register multiple login commands in the security section of the Flex services configuration file. The server attribute of the login-command element is used to perform a partial match against the value returned by the servletConfig.getServletContext().getServerInfo() method. The server value must be a case-insensitive match of an initial substring of this value or the entire string.

          You can use a login command without roles for custom authentication only, but if you also want to use custom authorization, you must link the specified role references to roles that are defined in your application server's user store.

          Flex Data Services includes login command implementations for Adobe JRun and Apache Tomcat, Oracle Application Server, BEA WebLogic, and IBM WebSphere, as the following example shows:

          <login-command class="flex.messaging.security.JRunLoginCommand"
          <login-command class="flex.messaging.security.TomcatLoginCommand"
          <login-command class="flex.messaging.security.OracleLoginCommand"

          <login-command class="flex.messaging.security.WeblogicLoginCommand"
          <login-command class="flex.messaging.security.WebSphereLoginCommand"


          • 2. Re: MSSQL2005 Endpoint  (Webservice) Authentication
            poonamsheth Level 1
            WE;; NEXT WAS UR QUESTION OF using a query string parameter

            pART 2 Passing request data into Flex applications

            You can pass request data to Flex applications by using a query string parameter or defining flashVars properties in the HTML wrapper. When you use query string parameters, Flex converts them to flashVars variables and passes them to the application.

            Inside the Flex application, you access flashVars properties and query string parameters exactly the same way, but the way that you pass them to the Flex application is different:

            * The flashVars properties: You explicitly define the flashVars properties in the HTML wrapper that points to the Flex application.
            * Query string parameters: You attach query string parameters to the URL in the browser's target window and the Flex Enterprise Services 2.0 converts them to flashVars variables.

            Changing either the query string parameter or the flashVars property does not trigger a recompilation of the Flex application if you are using the Flex Enterprise server.

            To use flashVars or query string parameters inside your MXML file, you access the Application.application.parameters object. The parameters property points to a dynamic object that stores each parameter as a name-value pair. You can access variables on the parameters object by specifying parameters.variable_name. As with any variable, you can bind the parameters object's properties to a display control or modify the value and return it to another function.

            The following example defines the myName and myHometown variables and binds them to the text of Label controls:

            <mx:Application xmlns:mx=" http://www.macromedia.com/2005/mxml" creationComplete="initVars()">
            // Declare bindable properties in Application scope.
            private var myName:String;
            private var myHometown:String;

            // Assign values to new properties.
            private function initVars():void {
            myName = Application.application.parameters.myName;
            myHometown = Application.application.parameters.myHometown;

            <mx:Label text="Name: "/>
            <mx:Label text="{myName}" fontWeight="bold"/>
            <mx:Label text="Hometown: "/>
            <mx:Label text="{myHometown}" fontWeight="bold"/>

            When a user requests this application with the myName and myHometown parameters defined, Flex displays their values in the Label controls. The following URL passes the name Nick and the hometown San Francisco to the Flex application:


            To view all the flashVars properties, you can iterate over the parameters object, as the following example shows:

            for (var i:String in Application.application.parameters) {
            ta1.text += i + ":" + Application.application.parameters + "\n";

            Flex does not recompile the application if the request variables have changed. As a result, if you dynamically set the values of the flashVars properties or query string parameters, you do not force a recompilation.

            Query string parameters must be URL encoded. The format of the string is a set of name-value pairs separated by an ampersand (& . You can escape special and nonprintable characters with a percent symbol (%) followed by a two-digit hexadecimal value. You can represent a single blank space using the plus sign (+).

            The encoding for flashVars properties and query string parameters is the same as the page. Internet Explorer provides UTF-16-compliant strings on the Windows platform. Netscape sends a UTF-8-encoded string to Flash Player.

            Most browsers support a flashVars String or query string up to 64 KB (65535 bytes) in length. They can include any number of name-value pairs.
            • 3. Re: MSSQL2005 Endpoint  (Webservice) Authentication
              poonamsheth Level 1
              ONE MORE THING .
              Plz review the API documentation for their web services to make sure a method exists that can retrieve the information you want. The API documentation for the web services is located at :

              • 4. MSSQL2005 Endpoint  (Webservice) Authentication
                poonamsheth Level 1
                Tutorial on Understanding Service Authentication

                by Brian Deitte

                Brian Deitte is an engineer on the Flex team and a very smart guy who worked on some of the "close-to-the-metal" features like SWCs and the web service proxy in Flex 1.0 and 1.5.
                • 5. Re: MSSQL2005 Endpoint  (Webservice) Authentication
                  poonamsheth Level 1
                  there is something called, Proxy service too,

                  The Proxy Service, in which you define both web service and HTTP service destinations, has service-level configuration settings also

                  If the proxy must first contact an external proxy before getting access to the Internet, you can provide the location of that proxy as well as a username and a password.

                  The following example shows max-connections and external-proxy configuration: