No more "normal" way with Flex than with html. Worse, really. There are just too many communication options, too many web server options and too many degrees of secure. Then the Flash Player weighs in with its own restrictions on things like WebService headers and it just gets worse.
Tracy Spratt, Lariat Services, development services available _____ From: [email protected] [mailto:[email protected]] On Behalf Of Michael Pengi Sent: Wednesday, April 08, 2009 8:09 PM To: [email protected] Subject: RE: [flexcoders] Newbie SOA question (maintaining login state) I'd be interested in hearing more about this. Isn't there a 'normal' way to do this with flex? Maintaining login state would seem to be a basic requirement for web apps. Just curious. Tracy Spratt wrote: > > I have a lot to learn about security, and had difficulty wading through > all > of the levels and options, so I devised my own programmatic solution. > > When a user logs in from the Flex app (md5 hash on the password), I create > a > sessionId, store it in a hashtable in the .net app, and pass it back to > the > Flex app. The Flex app sends this token with each call. The server > checks > the passed in session id and compares the timestamp to the current time. > If > it is within the timeout period specified, it updates the timestamp and > authorizes the call. If authorization fails, the user must log in again. > > I am certainly open to a better approach. > > Tracy Spratt, > > Lariat Services, development services available > _____ > > From: flexcod...@yahoogro <mailto:flexcoders%40yahoogroups.com> ups.com [mailto:flexcod...@yahoogro <mailto:flexcoders%40yahoogroups.com> ups.com] On > Behalf Of variableop > Sent: Friday, April 03, 2009 4:07 PM > To: flexcod...@yahoogro <mailto:flexcoders%40yahoogroups.com> ups.com > Subject: [flexcoders] Newbie SOA question > > > > I would like to provide a solution to maintaining login state over > multiple > calls to my .NET web service layer. So basically, the user logs in, then > stores a login "token" internally on the Flex side so that each web > service > call can be authenticated as being made by someone who has already "logged > in" to the system. Does anyone have any ideas on how to approach this? My > initial approach was to cache the user's username/password and > authenticate > on each web service call (Direct Authentication). I was told, for obvious > reasons, that this is insecure method and requires database hit each call. > I > am trying to implement WSE 3.0 enabled web services on the .NET side. Is > this an SSO problem, or should I be using STS/Brokered Authentication > approach? We just started our upgrade to VS2008, so maybe I should just > pursue WCF methods instead? Any experiences with this would be greatly > appreciated. > > TIA, > > variable > > > > > -- View this message in context: http://www.nabble. <http://www.nabble.com/Newbie-SOA-question-tp22875841p22962243.html> com/Newbie-SOA-question-tp22875841p22962243.html Sent from the FlexCoders mailing list archive at Nabble.com.
