This is a bug that I have reported before. The upload request does not share the session with the other requests on the system. ie, cookies are not sent that have not been set by any other upload requests. In some cases I've been able to use URL-Rewriting to share the session, but it's a pain. My solution has been to allow unsecured uploads by supplying a token to the request. What I do it have another request that is on the authenticated session request a token, we use a UUID generated by the server. We pass that in as a parameter on the upload request and that server side handler will then map that request to the correct session. We use tokens because we can expire them after a single use. We had trouble with url-rewriting because by default all the servers we were deploying on did not have that enabled by default and some clients just didn't want to support that.
Really url-rewriting for session management should do it for you. Paul carl_steinhilber wrote: > I have a Flex2 app that sits on a secure intranet running IIS. > One of the functions uploads a file from client-side to the server. > I create the URLRequest to an .asp page receiver, set up params, and > execute a .upload on a FileReference using that URLRequest. > > But for some reason, even though I've authenticated against the server > to access the app, I get a second authentication challenge/response > when I hit the upload button. > > I've added a cross-domain.xml with > <cross-domain-policy> > <allow-access-from domain="*" /> > </cross-domain-policy> > even though I don't think I should have to since the .asp page is on > the exact same domain as the app. I've even modified the index > template for the Flex project to use allowScriptAccess="always". But I > still get this second IIS login prompt. > > If I authenticate again via this second dialog, the upload executes > properly, so I know the logic and architecture is correct. > > Is there a way to pass the user's authenticated info with the > URLRequest/FileReference.upload()? I've poured through the docs and > can't find anything. Or is there something else I'm missing? > > > Thanks in advance, > -Carl >
