I'd guess that if you lock down a WebService's soap address location URL to cause an HTTP Basic Authentication challenge then it won't matter what SOAP headers a particular operation is capable of processing as the POST won't get far enough to be able to see the SOAP data.
While it is technically possible to pre-authenticate by sending the right HTTP headers from Flash, it's not a viable solution if the wrong credentials are ever sent as you will then receive a challenge dialog no matter what. I'd do some research to see what most .NET people are doing for authentication and WebServices. -----Original Message----- From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of chuyler1 Sent: Monday, August 27, 2007 3:22 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Re: WebService Basic Authentication over HTTPS? Will the method of using SOAP headers still allow for basic session management by the .NET WebService? The server-side guys are really pushing the use of Basic Authentication but it sounds like this approach will mean coding specific authentication functions within the WebService, correct? -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com Yahoo! Groups Links