You can definitely use a URLLoader with multipart/form-data content type as the payload. Take a look at http://blog.inspirit.ru/?p=139&cpage=1
Make sure that you are aware of Flash Player 10's security restriction regarding using Filename in the Content-Disposition header. The load() call will have to invoked from a handler responding to a mouse click or keyboard interaction (User initiated). Otherwise, you could just not use Filename and use something else. The only problem with that is you'd have to modify your server side code to do it.
All this said, once you have urlloader posting your file data, you can split it up in chunks and handle resuming.
Also be aware that anything being upload that is over 100MB in size, is considered unstable and isn't fully supported. I would break it up into 80-90MB chuncks to insure it uploads correctly.
On IIS typically using an upload component on the server side you would not have some of the issues you speak of. That said there certainly are hurdles to resuming uploads on IIS / ASP/ASP.NET services. For the most part you don't have a lot of similar limitations (or the possible ways to handle exceptions are far more numerous) with Apache.
You could use a ByteArray and a good example of looping through the ByteArray position would be at
Looping through the position and sending chunks via URLRequest could work fine (putting them together on the other end could at times be tricky but really not that bad). My biggest concern would be validation of each chunk but if the chunk is relatively small you could compare hashes.
You'd be doing a bit of reinvention of the wheel but it (at the very least) would be a fun excercise. Might experiment a bit with it myself because it could provide a way to upload to extremely locked down IIS systems with little or no control over the hosted environment.
The Flash Player security restrictions on headers and uploading in response to a user event shouldn't apply in the AIR application sandbox.
Yes, Joe is totally right. The UI initiated security restrictions only apply to flash player and not for content in AIR running in the application sandbox.
Just thought I'd put the FP 10 part out so that anyone planning to do this on the web is aware.