Hi I am developing a flex app which is intended to pull data off a MS SQL Server db. The user logs in via ASP.NET, enters various details and then expects to see their data presented in the flex app via a ASP.NET webservice.
My question is how do implement a reasonable degree of security so that flex can access the users data and no-one elses? Passing the username/password would be insecure (and I wouldn't have the password anyway). Maybe generate some sort of token based on the username and pass that via the webservice? Or something else? Any pointers would be much appreciated. Thanks Richard
