Tim, In the documentation http://livedocs.adobe.com/labs/flex3/langref/flash/net/URLRequestHeader.html, all listed headers are not allowed to be used in Flash Player or AIR content outside the application security sandbox. Authorization being one of them which is in my opinion too bad.
-- João Fernandes http://www.onflexwithcf.org http://www.riapt.org
