This content has been marked as final. Show 7 replies
Presumably you would need to write a web service interface in between the authentication and Flex. Meaning this is something you would do on the server side, in ASP or PHP or Ruby or whatever, and then only send the data if they were allowed to see it.
First thanks for your response. Secondly, I think I was not clear enough in my first post.
Of course, there will be an asp.net web service in between database and flex. What I want to do here is not prompt user for their credentials, but to extract his domain logon programatically. In asp.net you can do that on the server side by extracting it from the Request object. Flex app is executed on the client so I think there must be some way to do this. Am I right? I can't let users log in twice.
I dont' think it is very different with Flex. You can add the same informations in the html page containing your Flex module and then use ExternalInterface or Application.application.parameters to get them.
Ok. So, if I understood you correctly something like this is possible:
4. Flex app would do authentication by calling a web service and providing this login information.
It sounds as though you want to obtain the users login from the client machine and then send it to the server, expecting that the server will have the user login within its domain. However, just like with network services between windows computers (shared drives for instance) there will have to be authentication between the client and the server for the user credentials.
The real issue is, can your FLEX application "talk" to your client machine, get what it needs, and then pass it to the server. The ExternalInterface can be used to reach the browser API and DOM, but, what in the Browser allows you to get the users credentials from the OS? That is the question that needs to be researched. Looking at both the Application, the Security object and various other sandbox objects tells me this can be done, but what the best route is, I can't say.
You will need a layer to abstract whatever OS the user is attempting to login from, or restrict the OS if it is a single type. You will need a wrapper object (if one exists already in FLEX, I don't know) to call system API's either through the browser or directly. Once you have the data from the system, it's not an issue to send it to the server and wait for authentication. But getting it through the protective sandbox of the PLAYER is the issue.
Just food for thought, this is the second post i have seen about this topic. Read up on AIR security and you might find that building an AIR app might work better for an intranet situation.
Well... I can't use AIR, cause we were thinking of just upgrading our ASP.NET applications with a little embeded FLEX, mainly for reporting because of FLEX's nice charting capabilities.
(Btw. just to be clear here on the restrictions of OS, web server and browser. Our enterprise applications were built to run on Microsoft platforms _only_. So it's always Windows, IE and IIS in question here.)
What you said about obtaining data from the client would be shorter route from what I wrote in my previous post, cause then I wouldn't need to make this AJAX call to the server. But I don't know how to achieve that and can't find any info.
IE has the information I'm looking for. When you have "Integrated windows authentication" checked on the IIS, IIS will accept the windows/domain login information from the IE. I don't know the way to extract that info from the IE, but I can do it like I wrote in my last post. If it's possible ofcourse. I hope I understood correctly what other guy here wrote and I what I just red on the net.
Works for me!