2 Replies Latest reply on Aug 30, 2011 3:14 PM by Don Kerr

    Use the authentication of the web browser

    SJ_FR

      Hi,

       

      I browse the documentation, but didn't find something that would help me on that matter.

      I would like to know if this is possible to get/use the browser authentication session from Flex, that's not quite obvious since this is security matter.

      Since my Flex app SWF is protected with, let say HTTP Basic Auth, i have to type my login and password in a prompt of the web browser.

      What i would like to do is being able to get the authentication session/token of the browser from my Flex app to avoid the user to retype his credentials once again the app is started.

       

      Is that possible?

       

      Thank you very much by advance,

      SJ.

        • 1. Re: Use the authentication of the web browser
          Sree_D

          If your server is intercepting the requests from browser to validate the session then verify if the requests sent by swf are also intercepted in same way and it should work. I tried this on a Java App built with Spring MVC.

          • 2. Re: Use the authentication of the web browser
            Don Kerr Level 3

            Do you mean you want to grab the user's internal network login ID from the browser's header and automatically log them into your app?  A Single Sign On vs. having the enter a userid/password in a login form?

             

            In my case, a user logs into their network via VPN, their userID is stored in the browser.

             

            I call an external web page that grabs their id

             

            <s:HTTPService id="getUserId" url="getUserId.cfm" result="getUserId_handler(event)" />

             

            getUserId.cfm is a ColdFusion page that returns the user's active directory userId from the browser's cgi.AUTH_USER variable.

             

            <cfoutput>#cgi.auth_user#</cfoutput>

             

             

            then I take their ID and look up if they have an account in my app or not. 

             

            private function getUserId_handler(event:ResultEvent):void

            {

             

            ntusername = event.result.toString();

             

            // do something like lookup the user in your apps database

             

            }

             

            Not sure if this is what you're looking for, but it works great for me to bypass the need for a login screen when inside a network.

             

            Don