7 Replies Latest reply on Aug 28, 2008 6:04 AM by Jaz Chana

    Proxy Authentication

    Jaz Chana Level 1
      Hi Guys,

      I am using a URLLoader class to send a request a script to a server and and capturing that response using the relevant event handlers. All works fine...internally...now I want to access that script from somewhere else and it doesn't work. The reason is because of the firewall. Now there is a proxy in place to allow incoming requests, but it requires authentication.

      Is there a way to authenticate against the proxy using URLLoader?

      I've been scanning the documentation and have read that you can use request-headers to achieve the required functionality, but for some reason I cannot get them to work. Any suggestions would be extremely useful.

      Thanks
        • 1. Re: Proxy Authentication
          anirudhs Level 2
          Hi Jaz,

          There are different ways to authenticate with a Proxy. NTLM, Basic, etc. URLLoader internally uses the browser to send / recieve data. So if your browser is configured and has enough information to authenticate you, there will be no problems.

          Now if you wanted to handle the authentication yourself:

          NTLM might not be possible unless you put a layer between your flex app and proxy that does the authentication for you.

          Basic auth you can easily accomplish by using the Authorization HTTP header (URLRequestHeader). (Look at the RFC for HTTP basic auth). Note that with the new flash player, there has to be cross domain file explicitly allowing use of Authorization header.
          • 2. Proxy Authentication
            Jaz Chana Level 1
            Sorry I should have explained that app I'm making is an air app, so the proxy settings cannot come from the browser. Now if I understand you correctly, what you are saying is if I want to talk to a server behind a proxy from my air app, then the proxy needs to have a cross domain policy file? (assuming that I'm using basic authentication) I'm not too clued up on cross domain policies so you'll have to be patient with me.
            • 3. Re: Proxy Authentication
              Oliver Goldman Adobe Employee
              Cross domain files don't apply to content in AIR applications and so aren't necessary in this situation.

              Requests for Comment (RFCs) are the documents that specify many key Internet standards, including HTTP. They're freely available on the web.

              • 4. Proxy Authentication
                Jaz Chana Level 1
                So something like this should work?


                var loader:URLLoader = new URLLoader();
                var request:URLRequest = new URLRequest(" http://www.adobe.com");
                var rhArray:Array = new Array(new URLRequestHeader("Proxy-Authenticate", "username="+uname+":passwords="+pword));
                request.requestHeaders = rhArray;
                try {
                loader.load(request);
                } catch (error:Error) {
                trace("Unable to load requested document.");
                }


                • 5. Re: Proxy Authentication
                  Oliver Goldman Adobe Employee
                  That won't work because it's the wrong header field for basic authentication, plus the wrong format for the credentials.

                  That said, if you're using basic authentication, this shouldn't be necessary anyway. The OS should be managing the proxy authentication and should prompt the user for a password if necessary.

                  • 6. Re: Proxy Authentication
                    anirudhs Level 2
                    Hi Jaz,

                    AIR also picks up proxy settings from the OS automatically. So like Oliver pointed out, you shouldn't have to worry about it.

                    Also, this is the RFC that describes basic auth: http://www.ietf.org/rfc/rfc2617.txt
                    • 7. Re: Proxy Authentication
                      Jaz Chana Level 1
                      Thank you very much for your replies. They were extremely useful