[flexcoders] Re: WebService Basic Authentication over HTTPS?

2007-08-28 Thread chuyler1 

> I'd do some research to see what most .NET people are doing for
> authentication and WebServices.

That's what I'm trying to do now :)

It looks like most are using SOAP headers instead of Basic
Authentication.  I started a thread with our back-end group in charge
of all the .NET stuff.  We do not want any sort of browser
authentication window to appear so I guess basic auth is out of the
question.  

It would be nice if Adobe could support it out of the box.  I see lots
of people running into the same problem and there is already an
enhancement request on the bug tracker site.

RE: [flexcoders] Re: WebService Basic Authentication over HTTPS?

2007-08-27 Thread Peter Farland 
I'd guess that if you lock down a WebService's soap address location URL
to cause an HTTP Basic Authentication challenge then it won't matter
what SOAP headers a particular operation is capable of processing as the
POST won't get far enough to be able to see the SOAP data.

While it is technically possible to pre-authenticate by sending the
right HTTP headers from Flash, it's not a viable solution if the wrong
credentials are ever sent as you will then receive a challenge dialog no
matter what.

I'd do some research to see what most .NET people are doing for
authentication and WebServices.



-Original Message-
From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On
Behalf Of chuyler1
Sent: Monday, August 27, 2007 3:22 PM
To: flexcoders@yahoogroups.com
Subject: [flexcoders] Re: WebService Basic Authentication over HTTPS?

Will the method of using SOAP headers still allow for basic session
management by the .NET WebService?

The server-side guys are really pushing the use of Basic Authentication
but it sounds like this approach will mean coding specific
authentication functions within the WebService, correct?



--
Flexcoders Mailing List
FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt
Search Archives:
http://www.mail-archive.com/flexcoders%40yahoogroups.com
Yahoo! Groups Links

[flexcoders] Re: WebService Basic Authentication over HTTPS?

2007-08-27 Thread chuyler1 
Will the method of using SOAP headers still allow for basic session
management by the .NET WebService?

The server-side guys are really pushing the use of Basic
Authentication but it sounds like this approach will mean coding
specific authentication functions within the WebService, correct?