Stephan, I personally use setRemoteCredentials and use cflogin just to retrieve that information during onRequestStart but don't use the built in cfloginuser. I then validate the user and if it's a valid one I store it in the session. Then the request goes through a RemoteFacade (an Assembler in my case) which will invoke a ColdSpring defined service. If I want to protect my service I setup an interceptor which will be executed before my service's methods.
regarding setRemoteCredentials, you just need to set it once and all future requests will pass the credentials along in the headers (DSRemoteCredentials) as long you dont use logout() or setRemoteCredentials( null, null). You should also be aware that using setRemoteCredentials is nothing more than a base64 string composed by username,password. -- João Fernandes http://www.onflexwithcf.org http://www.riapt.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/Flex/message.cfm/messageid:5020 Subscription: http://www.houseoffusion.com/groups/Flex/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.37
