flex-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Martin <chrsm...@outlook.com>
Subject RE: HTTP Basic Authentication for URLRequest
Date Thu, 26 Mar 2015 16:08:52 GMT
> You can trace down into the SDK to see where that happens.  Can't remember right off hand
right now.  I'll check later on when I get into the office for that and the right contentType
string value.  I think I got it right though.
 
Okay, took a peek and I got a little mixed up.  You can trace down in to the Operation class
which there you can see how the contentType plays a role in forming the data body of the request.
 However, with the URLLoader you cannot dive into the load function as it's not apart of the
sdk.  Also I did have the right contentType value.
 
I'd try setting the contentType to see if you get anything different.  Something is preventing
your request from having anything in the body.  I'd say maybe try and set the body to something
very simple like a string value.  I know your server will not like it, but at least you can
see if you can get data in your request.
 
Chris
 
> From: chrsmrtn@outlook.com
> To: users@flex.apache.org
> Subject: Re: HTTP Basic Authentication for URLRequest
> Date: Thu, 26 Mar 2015 10:00:44 +0000
> 
> > I think flash player is trying to be consistent by disallowing such headers.
> 
> 
> Yep, majority of the time flash player will strip any custom headers you set. However,
in the case of a POST request with data in the body, you can supply your own custom headers.
> 
> 
> I did notice in your screen capture that the body of the request was empty. In that case,
indeed the headers will then be stripped out by the flash player. Have you tried to also set
the contentType to be application/x-www-form-encoded-values? That will ultimately affect how
the message body gets built out.
> 
> 
> You can trace down into the SDK to see where that happens.  Can't remember right off
hand right now.  I'll check later on when I get into the office for that and the right contentType
string value.  I think I got it right though.
> 
> 
> Chris 
> 
> 
> 
> 
> 
> 
> Sent from Windows Mail
> 
> 
> 
> 
> 
> From: OmPrakash Muppirala
> Sent: ‎Thursday‎, ‎March‎ ‎26‎, ‎2015 ‎1‎:‎56‎ ‎AM
> To: users@flex.apache.org
> 
> 
> 
> 
> 
> On Mar 25, 2015 10:16 PM, "Deepak MS" <megharajdeepak@gmail.com> wrote:
> >
> > Sorry, was away for sometime.
> >
> > I ran it through network monitor in FB.
> > Screenshot: http://pasteboard.co/25kUwXgR.png
> >
> > Looks like header is not passed at all.
> >
> > Code:
> > var req:URLRequest = new URLRequest(pathRemote);
> >                 req.method = URLRequestMethod.POST;
> >                 req.data = new URLVariables("name=John+Doe");
> >
> >                 var encoder:Base64Encoder = new Base64Encoder();
> >                 encoder.insertNewLines = true;
> >                 encoder.encode("myusername:mypassword");
> >
> >
> >                 var credsHeader:URLRequestHeader = new
> > URLRequestHeader("Authorization", "Basic " + encoder.toString());
> >                req.requestHeaders.push(credsHeader);
> >                 remoteURLStreamer.load(req);
> >
> >
> > I looked at the doc:
> >
> http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/URLRequestHeader.html
> >
> > It says:
> > "In Flash Player and in Adobe AIR content outside of the application
> > security sandbox, the following request headers cannot be used
> > Accept-Charset, Accept-Encoding, Accept-Ranges, Age, Allow, Allowed,
> > Authorization, Charge-To, Connect, Connection, Content-Length,
> > Content-Location, Content-Range, Cookie, Date, Delete, ETag, Expect, Get,
> > Head, Host, If-Modified-Since, Keep-Alive, Last-Modified, Location,
> > Max-Forwards, Options, Origin, Post, Proxy-Authenticate,
> Proxy-Authorization,
> > Proxy-Connection, Public, Put, Range, Referer, Request-Range, Retry-After,
> > Server, TE, Trace, Trailer, Transfer-Encoding, Upgrade, URI, User-Agent,
> > Vary, Via, Warning, WWW-Authenticate, x-flash-version."
> >
> > Why does header request cannot have 'Authorization' object? So how else
> can
> > we pass the header request?
> >
> 
> The http requests go through the browser.  Different browsers have
> different rules about how the headers are handled.   I think flash player
> is trying to be consistent by disallowing such headers.
> 
> One approach you could take is use the as3httpclent library,  which allows
> you to more reliably pass the http headers you want to send,  an
> authorization header in your case.
> 
> Thanks,
> Om
> 
> > On Thu, Mar 26, 2015 at 10:04 AM, Chris Martin <chrsmrtn@outlook.com>
> wrote:
> >
> > > Yeah, a network packet log would be a huge help.  Then you can rule out
> > > whether or not the Authorization header is present in your request or
> not.
> > >  I use fiddler[1] all the time. Also it makes it easy to detect if
> > > something else went wrong at the server side like your authentication
> > > request failed with a 403 Forbidden response.
> > >
> > >
> > >
> > >
> > >
> > >
> > > [1] http://www.telerik.com/fiddler
> > >
> > >
> > > Chris
> > >
> > >
> > > Sent from Windows Mail
> > >
> > >
> > >
> > >
> > >
> > > From: Tom Chiverton
> > > Sent: ‎Tuesday‎, ‎March‎ ‎24‎, ‎2015 ‎2‎:‎24‎ ‎AM
> > > To: users@flex.apache.org
> > >
> > >
> > >
> > >
> > >
> > > Do you have a network packet log ?
> > >
> > > Tom
> > >
> > > On 24/03/15 04:25, Deepak MS wrote:
> > > > Any help on this please? I still haven't found any solution for this.
> I
> > > > keep getting username\password prompt on the simulator. ;(
> > > >
> > > > On Mon, Mar 16, 2015 at 7:30 PM, Deepak MS <megharajdeepak@gmail.com>
> > > wrote:
> > > >
> > > >> Hello,
> > > >> I'm trying to download a file from the server which requires basic
> > > >> authentication(need to enter user name and password to access).
> > > >>
> > > >> I came across these links:
> > > >>
> > > >>
> > >
> http://stackoverflow.com/questions/509219/flex-3-how-to-support-http-authentication-urlrequest
> > > >>
> > > >>
> > >
> http://johncblandii.com/2011/07/flex-quick-tip-urlrequest-basic-auth.html
> > > >>
> > > >>
> http://blog.derraab.com/2010/02/25/urlrequest-with-http-authentication/
> > > >>
> > > >> Tried all of it. I either get IO error or I get windows
> authentication
> > > >> popup window when I run the mobile app on my desktop.
> > > >>
> > > >> None of it seem to work. I'm using Flex4.14\AIR16.
> > > >>
> > > >> Screenshot:
> > > >> http://pbrd.co/18wmsZK
> > > >>
> > > >>
> > > >> Code that I have been trying:
> > > >>
> > > >> <?xml version="1.0" encoding="utf-8"?>
> > > >> <s:View xmlns:fx="http://ns.adobe.com/mxml/2009"
> > > >>          xmlns:s="library://ns.adobe.com/flex/spark" title="Contact"
> >
> > > >>      <s:layout>
> > > >>          <s:VerticalLayout/>
> > > >>      </s:layout>
> > > >>      <fx:Script>
> > > >>          <![CDATA[
> > > >>              import mx.events.FlexEvent;
> > > >>              import mx.utils.Base64Encoder;
> > > >>
> > > >>              private var remoteURLStreamer:URLStream= new
> URLStream();
> > > >>
> > > >>              private var pathRemote:String = '
> > > >> http://myserver.com/datafiles/myfile.zip';
> > > >>
> > > >>              private function startRemoteFileDownload():void
> > > >>              {
> > > >>                  URLRequestDefaults.setLoginCredentialsForHost('
> > > >> www.myserver.com','myusername','mypassword'); // not working
> > > >>
> > > remoteURLStreamer.addEventListener(ProgressEvent.PROGRESS,
> > > >> remoteURLStreamerProgressHandler);
> > > >>
> > > remoteURLStreamer.addEventListener(IOErrorEvent.IO_ERROR,
> > > >> remoteURLStreamerIOErrorHandler);
> > > >>
> > > >> remoteURLStreamer.addEventListener(SecurityErrorEvent.SECURITY_ERROR,
> > > >> remoteURLStreamerSecurityErrorHandler);
> > > >>
> > > >>                  var req:URLRequest = new URLRequest(pathRemote);
> > > >>
> > > >>                  req.method = URLRequestMethod.POST;
> > > >>
> > > >>                  req.data = new URLVariables("name=John+Doe"); //(one
> > > post
> > > >> suggests to pass dummy parameters to data) not working
> > > >>
> > > >>                  var encoder:Base64Encoder = new Base64Encoder();
> > > >>                  encoder.insertNewLines = true;
> > > >>                  encoder.encode("myusername:mypassword");
> > > >>
> > > >>
> > > >>                  var credsHeader:URLRequestHeader = new
> > > >> URLRequestHeader("Authorization", "Basic " + encoder.toString());
> //not
> > > >> working
> > > >>                  req.requestHeaders.push(credsHeader);
> > > >>                  remoteURLStreamer.load(req);
> > > >>
> > > >>              }
> > > >>
> > > >>              private function
> > > >> remoteURLStreamerProgressHandler(event:ProgressEvent):void
> > > >>              {
> > > >>
> > > >>                  switch (event.type)
> > > >>                  {
> > > >>                      case "progress":
> > > >>                          lb.text = event.bytesLoaded.toString();
> > > >>                          break;
> > > >>                  }
> > > >>              }
> > > >>
> > > >>
> > > >>
> > > >>              private function
> > > >> remoteURLStreamerIOErrorHandler(event:IOErrorEvent):void
> > > >>              {
> > > >>                  lb.text = 'IOError';
> > > >>              }
> > > >>
> > > >>              private function
> > > >> remoteURLStreamerSecurityErrorHandler(event:SecurityErrorEvent):void
> > > >>              {
> > > >>                  lb.text = 'SecurityError';
> > > >>              }
> > > >>
> > > >>
> > > >>              protected function
> > > button1_clickHandler(event:MouseEvent):void
> > > >>              {
> > > >>                  startRemoteFileDownload();
> > > >>              }
> > > >>
> > > >>          ]]>
> > > >>      </fx:Script>
> > > >>
> > > >>      <s:Button label="hello" click="button1_clickHandler(event)"/>
> > > >>      <s:Label id="lb" text="Hello"/>
> > > >> </s:View>
> > > >>
> > > >>
> > > >>
> > > >> Can you kindly let me know if there is something going wrong here?
> Or is
> > > >> there any other way to make it work?
> > > >>
> > > >>
> > > >
> > > > ______________________________________________________________________
> > > > This email has been scanned by the Symantec Email Security.cloud
> service.
> > > > For more information please visit http://www.symanteccloud.com
> > > > ______________________________________________________________________
> > >
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message