3 Replies Latest reply on Mar 1, 2011 12:16 PM by t.barfoot

    Flash Builder 4  - Security error accessing url



      I have built a FB4 application which accesses a  .NET web service of a partner company.  The app runs just fine in FB4  development environment, but won't work when published to my server.  I  can not figure out how to get past the following error:  "Security error  accessing url Destination: DefaultHTTP"


      It is unlikely that I will get a crossdomain.xml file on their  server, so I'm trying to get it to work using a proxy.  The proxy.php is  located in the same directory as the swf, and it works just fine if I  use it directly in the browser.   This is the proxy.php code:

      = curl_init(trim(urldecode($_GET['url'])));                   // Open the Curl session
      ($session, CURLOPT_HEADER, false);          // Don't return HTTP headers
      ($session, CURLOPT_RETURNTRANSFER, true);   // Do return the contents of the call
      = curl_exec($session);                            // Make the call
      ("Content-Type: text/xml");                  // Set the content type appropriately
      echo $xml
      ;        // Spit out the xml
      ($session); ?>


      In my Flash Builder code, i'm using a Webservice object, and I have set the wsdl property to the following:

      wsdl = http://mydomain.com/autoben/proxy2.php?url=http://staging.MypartnerCompany.net/api/v01_00 /theirservice.asmx?wsdl


      Again, the app works fine when in the FB4 development enviroment, and this url returns the expected XML data when run directly

      from the browser.  When I run the published app from my server, this is the message I get back:




      I have also tried running the published app in https from my server.  i have changed the wsdl uri to the following, and get the same results ...

      wsdl = https://mydomain.com/autoben/proxy2.php?url=https://staging.MypartnerCompany.net/api/v01_ 00/theirservice.asmx?wsdl


      I have worked for days on this, any help would be greatly appreciated.  Thanks in advance



        • 1. Re: Flash Builder 4  - Security error accessing url
          Gurdeep Singh Level 1

          Does the cross-domain.xml at the webservice server provide access to the domain you are publishing the SWF to?

          • 2. Re: Flash Builder 4  - Security error accessing url

            With .NET one generally needs a crossdomain.xml in the application root. If the webservice (wsdl) is in a subdirectory and it has it's own web.config it will generally need a crossdomain.xml file in the same directory as the webservice.


            I use the term "generally" because server configurations vary, for my servers, I always need a crossdomain.xml file for any directory I want to expose a webservice from.  For example if I have a webservice in a directory named stocks and the url is http://www.mysite.com/stocks/mywsdl.asmx I need a crossdomain.xml file in the stocks directory.  Not the server root directory / for http://www.mysite.com


            Many make the mistake with .NET and place the crossdomain or clientaccesspolicy files in the server root and think it will cover all webservices globally. In most cases it causes access violations.


            The image below is of a live service in a sub directory svr.  This is the structure I have to use when exposing webservices from .NET


            • 3. Re: Flash Builder 4  - Security error accessing url
              t.barfoot Level 1

              Hi, and thanks for the responses.  Unfortunately I am still not able to get this working!  I have now given up on the proxy solution, and have asked my partner company to put the following crossdomain.xml on their server:


              <allow-access-from domain="*" headers="*" secure="false"/>


              The application still gives me the same Security Error response.  I am using charles for debugging.  I've observed that the crossdomain.xml file is not loaded from their server unless i put   loadPolicyFile("http://pathTo/crossdomain.xml");  in my code,  and I'm still not sure if thats the best practice, or if the file should just be loaded automatically.


              The crossdomain.xml file is in the directory where the SOAP service is being served from.


              I'm still trying to solve this problem, and appreciate the help, and any further ideas i could try.


              thanks in advance