Hi there, I appreciate any help on the following issue. I can't seem to find any other similar topic.
(CS4, ActionScript 3.0, Flash 10)
I have a SWF embedded within a page that is protected by digest authentication. To access this page, the browser asks for username/password. So far so good, the SWF works fine.
Now, within that SWF, the script uses URLLoader to POST to another URL on the same server (but a different path than the page).
My embedded server rejects the authentication. I have debugged the server (an embedded web server called GoAhead) and confirmed that the request contains the digest authentication information, (username, nonce, etc.) yet the server does not compute the same response data and thus rejects the request.
Strangely, the browser asks for a username/password after the first attempt and it re-sends the request to the server and again, the authentication is incorrect.
Then, I tried to just have that actionscript redirect to another URL that also has digest authentication protection. The request fails the same way.
This seems like a pretty normal thing to do within a script. Why can't the script access another protected page from within an already authenticated page? It sure sounds like a security sandbox issue but since it's not cross-site, there should be no problem, but it doesn't work. (If I remove the authentication from the pages in question, the SWF accesses the data without problem.)
Is there some magically security setting or other API call to allow the script to access another page protected by digest authentication? I must be missing something but I can't figure out what is missing.
Thanks again for any help.
0  2350  Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Wolfgang Meier |
last post by:
I am using the following code to retrieve a document from my web
server:
HttpWebRequest req =
(HttpWebRequest)WebRequest.Create("http://example.com/");
req.Method = "GET";
req.PreAuthenticate = true;
req.Credentials = new NetworkCredential("user", "pass");
HttpWebResponse res = (HttpWebResponse)req.GetResponse();
res.Close();
|
by: ElmoWatson |
last post by:
I tried on the Security newgroup, as well as other places, and haven't
gotten an answer yet - - I'm pulling my hair out over this one.
I'm trying to get Forms Authentication working.....I can get any requested
page to automatically go to the Login.aspx page, AND, the ReturnURL
querystring is correct in the address bar, but no matter what, I can't get
it, once the user is authenticated, to redirect to the new page. It ALWAYS
refreshes the...
|
by: Kris van der Mast |
last post by:
Hi,
I've created a little site for my sports club. In the root folder there are
pages that are viewable by every anonymous user but at a certain subfolder
my administration pages should be protected by forms authentication.
When I create forms authentication at root level it works but when I move my
code up to the subfolder I get this error:
Server Error in '/TestProjects/FormsAuthenticationTestingArea' Application.
|
by: Darren Clark |
last post by:
I am having some troubles with Sessin varables dieing..
Basically ihave my own class structure called USER that once the user logs in i save it to a session var called
Session = myUserObject;
All this works fine until sometimes it is like my sessoin vars just die and then trying to do a cast on them will result in a invalid cast error EVEN though the object is the same type..
I am not sure if the problem is that i am using forms...
|
by: Joergen Bech |
last post by:
Fairly new to ASP.NET 1.1. Getting the error below when running
application on a web server outside of my control, but only the first
time I run it:
1. After a long period of inactivity (or updating the code-behind dll)
accessing any aspx page in the application causes the application
to run for the first time. Some of the initialization involves
reading and writing some text and xml files using simple streamreader
and streamwriter...
| | |
by: JMUApache |
last post by:
Hi:
I have got a problem with FromsAuthentication for many days.
I use "Forms" Authentication in my ASP.NET Web Froms, and I find
that I can't singout....
Some Code Here:
//In my Logon.aspx, I got the username and password
|
by: Fernando Barsoba |
last post by:
Dear all,
I have been posting about a problem trying to encrypt certain data using
HMAC-SHA1 functions. I posted that my problem was solved, but
unfortunately, I was being overly optimistic. I am really desperate now,
because I havent' been able to locate the origin of the problem for a
couple of days now..
PROBLEM: the message digest obtained differs each time I execute the
code, but works perfectly when applying the "control", that...
|
by: abracad_1999 |
last post by:
I have installed the open source PHP Deadlock authentication system.
It uses .htpasswd and .htaccess files. This works well apart from it
doesn't allow user logout without closing their browser. The logout
script is shown below.
Any suggestions to make it work? Or any other php authentication
system that allows user registration, email confirmation, forgotten
password reminders, and logout.
<?
|
by: Jeremy |
last post by:
I have a web app that contains forms authentication to protect
subdirectory called "admin" by denying anonymous users. When I request
a protected resource in the admin directory I am presented with a
Windows logon dialog prompt instead of being redirected to the logon
page. In the web.config it is setup as follows:
<configuration>
<system.web>
....
<authentication mode="Forms">
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
