3 Replies Latest reply on Jan 29, 2012 7:06 AM by ender328

    Windows Authentication with Flex Mobile in iOS


      I'm hitting a URL to retrieve some XML data (it's not a true web service, just an aspx page that returns some XML), but it's protected by Windows Authentication.  When I run my application on the Desktop on Windows, it authenticates automatically (of course) and on a Mac, it pops up a login box for me to authenticate.  When I run the application on my iOS devices, I get nothing.  Presumably, authentication fails, but it never gives me a popup to login.  If I go to the same URL in Safari on the mobile device, then it does provide the popup.


      I'm using a URLLoader with URLRequest to get the data and have exhausted google trying to find ways to even hardcode it (for now at least) so that the mobile application can login.  A popup box like the one in Safari would be fine, or I could build my own login form if I could figure out how to pass the credentials.


      Has anyone solved this before or have any ideas of what I can try?  I'm using IIS7.0 and hitting a domain that is publicly accessible.

        • 1. Re: Windows Authentication with Flex Mobile in iOS
          pbeltranl Level 1

          Just I solved it by using BlazeDS few days ago.


          But the nicest solution would be a native as3 solution and not based on browsers. There are some nice documentation about Windows Integrated Authentication (WIA) and nice solutions based on JAVA.


          After seeing the Java source code, I would say that it would not be difficult porting that solution to AS3. What refrains me to do it is this post (the answer of Branden Hall):




          Briefly, when you access to any system requiring Windows Integrated Authentication following happens:

          1. Client sends any request to the server

          2. Server rejects it (always) and it informs that you are against a system requiring NTLM authentication

          3. Client sends Message Type 1 (host name and domain info).

          4. Server sends a Message Type 2 (challenge/nonce).

          5. Client sends a Message Type 3 (user credentials).


          Messages are sent as http headers.


          What this guy says is:


          Flash can not send the keep-alive header and can not create persistent connections.


          I think the first part is wrong, you can send any http header by using AS3, but not sure about the persistent connections. Alternatively, as3httclient project could be used to implement them, but it is build on top of as3 sockets and it seems a good solution only for AIR clients (Flash based apps would require start up a server on remote machines to allow Flash clients to communicate <- uggly).


          I've not great expectations about Adobe's experts being involved, because I've read that Adobe's LCDS supports WIA, but BlazeDS not. And after studying (and solve) the problems of BlazeDS to support WIA, it's pretty obvious that supporting WIA was not a high priority goal for BlazeDS. Likely, after Flex and BlazeDS move to Apache, WIA support will be improved (I guess/hope).



          1 person found this helpful
          • 2. Re: Windows Authentication with Flex Mobile in iOS
            ender328 Level 1

            Thanks for your reply Pablo.  Unfortunately, I'm interacting with a 3rd party tool, so implementing something like BlazeDS isn't going to be an option for me (I don't think).  I'm wondering if I'm helped by the fact that Flex Mobile is based on Air, and may make it somewhat easier.  This seems like it would be a pretty standard thing, so I'm surprised it's not natively supported or at least a simple workaround.

            • 3. Re: Windows Authentication with Flex Mobile in iOS
              ender328 Level 1

              I was finally able to solve this by using URLRequestDefaults.setLoginCredentialsForHost(host, user, password).  The other part that was tripping me up for a long time was that when I passed my user name as domain\user, the \ was creating an escape character that was messing up the name.  I changed it to domain\\user, and then it worked fine.  I was able to pull data from a website on my iPad and authenticate using NTLM.