This content has been marked as final. Show 4 replies
I just managed to get Flex to download information from a secure IIS webservice (https) using Flex 2 Hotfix 3. However, I have yet to find a way to authenticate the user from Flex. During my test I had already connected to the service with my browser to view the calls I could make so the Flex app didn't have to authenicate. When I switched to a different browser it didn't work anymore.
I've tried using setCredentials and it bumped the request back to http (not https) and I've tried using setRemoteCredentials and that just gave me the authentication error again.
If you find out any more information on this I'd love to hear about it.
I believe setRemoteCredential etc are for use with Flex Data Services only (although I may be wrong). If your webservices are .Net based then take a look here http://msdn2.microsoft.com/en-us/library/9z52by6a.aspx; this simply uses a custom soap header and you would pass from the Flex client the username and password via the header. Is this what you wanted?
So how would I configure the SOAP headers from the Flex side? Do I have to implement all that code on the server side? ...and will this work with SSL?
This link explains how to add soap headers in Flex: http://livedocs.adobe.com/flex/201/html/wwhelp/wwhimpl/common/html/wwhelp.htm?context=Live Docs_Book_Parts&file=dataservices_099_32.html
First you should get the right .Net example for the version of .Net you have (the links for the versions are in the top right of the .Net page I previously sent). Then if I was you I'd create a simple .Net web service project and implement the example they provide exactly as they show you. Finally, implement a simple Flex application to pass the details via a custom header in a similar manner to that shown in the Flex example link. Once you have figured out the details and got it working it will be a snap to reuse for your main project. I'm afraid I don't have a complete end to end example to send you (maybe someone else will be able to send something?) - however using the two links together it should be relatively easy to figure it all out.
Oh and yes this will work over SSL :-) and should really only be done over SSL as the username and password will otherwise be sent across http in plain text (unless you create your own encryption solution for the header- and even then it will be far less secure than Https / SSL).