2 Replies Latest reply on Feb 13, 2012 10:38 AM by dpower1976

    Issue calling ASP .NET Web Service using FormsAuthentication

    dpower1976

      Folks,

         I am currently using Flex 4.6.0 SDK and I am trying to develop a Flex mobile app that will pull data from our company website via a ASP .NET webservice using FormsAuthentication. The issue I am having is that I can correctly sign in (validate) in my first call but subsequent calls to the web service attempting to reuse the same session always fail on:

       

      if (Context.User.Identity.IsAuthenticated)
      

       

      I have tested my web service by building an MFC app to call the web service and it progresses correctly. The following is my ValidateUser ASP .NET code which effectively validates the user and creates the session:

       

              [WebMethod(true)]
              public bool ValidateUser(String username, String password)
              {
                  /* Validate user using membership provider */
                  DomainMembershipProvider domainMembershipProvider = (DomainMembershipProvider)Membership.Providers["DomainMembershipProvider"];
                  if (domainMembershipProvider.ValidateUser(username, password))
                  {
      
      
                      //Create session ticket
                      FormsAuthenticationTicket ticket =
                          new FormsAuthenticationTicket(
                              1,
                              username,
                              DateTime.Now,
                              DateTime.Now.AddMinutes(30),
                              false,
                              "");
      
      
                      //Encrypt the ticket
                      string encrypted_ticket = FormsAuthentication.Encrypt(ticket);
      
      
                      //Create cookie
                      HttpCookie cookie = new HttpCookie(
                          FormsAuthentication.FormsCookieName,
                          encrypted_ticket);
      
      
                      Context.Response.Cookies.Add(cookie);
      
      
                      DomainMembershipUser currentUser = (DomainMembershipUser)Membership.GetUser(username);
                      Context.Session[MacReportMediaConstants.SESSION_CURRENT_USER] = currentUser.UserVO;
      
      
                      return true;
                  }
                  return false;
              }
      

       

      My calling code from flex is:

       

                  protected function btnLogin_clickHandler(event:MouseEvent):void
                  {
                      CursorManager.setBusyCursor();
                      ValidateUserResult.token = flexWebService.ValidateUser(txbUserName.text, txbPassword.text);
                  }
                  
                  protected function ValidateUserResultImpl(event:ResultEvent):void
                  {
                      if(event.result == 1)
                      {
                          var loggedIn:Event = new Event("LoggedIn",true,true);
                          navigator.popView();
                          dispatchEvent(loggedIn);
                      }
                      else
                      {
                          lblErrorMessage.text = "Your login attempt was not successful. Please try again."
                      }
                      CursorManager.removeBusyCursor();  
                  }
      

       

      As you can see, it is very straight forward and all of the above progresses fine. Its the subsequent call that is failing:

       

      The ASP .NET code:

              [WebMethod(true)]
              public String GetUserName()
              {
                  if (Context.User.Identity.IsAuthenticated)
                  {
                      UserVO userVO = (UserVO)Context.Session[MacReportMediaConstants.SESSION_CURRENT_USER];
                      return userVO.FirstName + " " + userVO.LastName;
                  }
                  else
                  {
                      /* User not authenticated so access is forbidden */
                      throw new InvalidUserPermissionsException(null);
                  }
      
      
              }
      

       

      and my flex calling code:

       

                  protected function GeUserName():void
                  {
                      //Get Username
                      GetUserNameResult.token = flexWebService.GetUserName();
                  }
      
                  protected function GetUserNameResultImpl(event:ResultEvent):void
                  {
                      txbUserName.text = event.result.ToString();
                  }
      

       

       

      What I haven't pasted up above is the web service references and call responders which are standard.

       

      I've even sniffed the HTTP headers going back and forth and from what I can see, the Cookie header is being set appropriately although the soap package looks very different when I compare the flex call to the MFC app call.

       

      Anyone got any ideas? I am pulling my hair out! Oh, if I have no validation on a service call I get data coming back to flex so this doesn't appear to be a soap configuration issue from what I can see....