0 Replies Latest reply on Feb 15, 2011 10:01 AM by mikaye

    Inconsistent authentication behavior between web and air

    mikaye Level 1

      I have a core library and both a web and air wrapper for two separate versions of an application. One version runs as a browser app, the other as an Air app. They each share the same web services operation from the core library.

       

      The following code works as expected in the Air application. However, for the web version, the "Authorization" param never makes it to the server, thus causing the browser to display the challenge window.

       

      Why is the behavior different in the web version? Does flash strip out the Authorization header in the case of the web application?

       

      private function getUserData():void {

      var encoder : Base64Encoder = new Base64Encoder();

      encoder.encode(email + ":" + password);

      var auth : String = "Basic " + encoder.toString();

       

       

      var operation : Operation = new mx.rpc.http.Operation(null, "getUserData");

      operation.method = "GET";

      operation.url = baseUrl + "/data";

      operation.contentType = "";

      operation.resultFormat = "xml";

      operation.headers = {Authorization:auth};                                               

      operation.send();

      }