3 Replies Latest reply on Mar 1, 2011 12:16 PM by t.barfoot

    Flash Builder 4  - Security error accessing url

    t.barfoot

      Hi,

      I have built a FB4 application which accesses a  .NET web service of a partner company.  The app runs just fine in FB4  development environment, but won't work when published to my server.  I  can not figure out how to get past the following error:  "Security error  accessing url Destination: DefaultHTTP"

       

      It is unlikely that I will get a crossdomain.xml file on their  server, so I'm trying to get it to work using a proxy.  The proxy.php is  located in the same directory as the swf, and it works just fine if I  use it directly in the browser.   This is the proxy.php code:


      <?
      php
      $session
      = curl_init(trim(urldecode($_GET['url'])));                   // Open the Curl session
      curl_setopt
      ($session, CURLOPT_HEADER, false);          // Don't return HTTP headers
      curl_setopt
      ($session, CURLOPT_RETURNTRANSFER, true);   // Do return the contents of the call
      $xml
      = curl_exec($session);                            // Make the call
      header
      ("Content-Type: text/xml");                  // Set the content type appropriately
      echo $xml
      ;        // Spit out the xml
      curl_close
      ($session); ?>

       

      In my Flash Builder code, i'm using a Webservice object, and I have set the wsdl property to the following:

      wsdl = http://mydomain.com/autoben/proxy2.php?url=http://staging.MypartnerCompany.net/api/v01_00 /theirservice.asmx?wsdl

       

      Again, the app works fine when in the FB4 development enviroment, and this url returns the expected XML data when run directly

      from the browser.  When I run the published app from my server, this is the message I get back:

       

      FlexError.jpg

       

      I have also tried running the published app in https from my server.  i have changed the wsdl uri to the following, and get the same results ...

      wsdl = https://mydomain.com/autoben/proxy2.php?url=https://staging.MypartnerCompany.net/api/v01_ 00/theirservice.asmx?wsdl

       

      I have worked for days on this, any help would be greatly appreciated.  Thanks in advance

       

      tom.

        • 1. Re: Flash Builder 4  - Security error accessing url
          Gurdeep Singh Level 1

          Does the cross-domain.xml at the webservice server provide access to the domain you are publishing the SWF to?

          • 2. Re: Flash Builder 4  - Security error accessing url
            Scarrfo

            With .NET one generally needs a crossdomain.xml in the application root. If the webservice (wsdl) is in a subdirectory and it has it's own web.config it will generally need a crossdomain.xml file in the same directory as the webservice.

             

            I use the term "generally" because server configurations vary, for my servers, I always need a crossdomain.xml file for any directory I want to expose a webservice from.  For example if I have a webservice in a directory named stocks and the url is http://www.mysite.com/stocks/mywsdl.asmx I need a crossdomain.xml file in the stocks directory.  Not the server root directory / for http://www.mysite.com

             

            Many make the mistake with .NET and place the crossdomain or clientaccesspolicy files in the server root and think it will cover all webservices globally. In most cases it causes access violations.

             

            The image below is of a live service in a sub directory svr.  This is the structure I have to use when exposing webservices from .NET

            ftp1.jpg

            • 3. Re: Flash Builder 4  - Security error accessing url
              t.barfoot Level 1

              Hi, and thanks for the responses.  Unfortunately I am still not able to get this working!  I have now given up on the proxy solution, and have asked my partner company to put the following crossdomain.xml on their server:

               

              <cross-domain-policy>
              <allow-access-from domain="*" headers="*" secure="false"/>
              </cross-domain-policy>

               

              The application still gives me the same Security Error response.  I am using charles for debugging.  I've observed that the crossdomain.xml file is not loaded from their server unless i put   loadPolicyFile("http://pathTo/crossdomain.xml");  in my code,  and I'm still not sure if thats the best practice, or if the file should just be loaded automatically.

               

              The crossdomain.xml file is in the directory where the SOAP service is being served from.

               

              I'm still trying to solve this problem, and appreciate the help, and any further ideas i could try.

               

              thanks in advance