Hi there, I appreciate any help on the following issue. I can't seem to find any other similar topic.
(CS4, ActionScript 3.0, Flash 10)
I have a SWF embedded within a page that is protected by digest authentication. To access this page, the browser asks for username/password. So far so good, the SWF works fine.
Now, within that SWF, the script uses URLLoader to POST to another URL on the same server (but a different path than the page).
My embedded server rejects the authentication. I have debugged the server (an embedded web server called GoAhead) and confirmed that the request contains the digest authentication information, (username, nonce, etc.) yet the server does not compute the same response data and thus rejects the request.
Strangely, the browser asks for a username/password after the first attempt and it re-sends the request to the server and again, the authentication is incorrect.
Then, I tried to just have that actionscript redirect to another URL that also has digest authentication protection. The request fails the same way.
This seems like a pretty normal thing to do within a script. Why can't the script access another protected page from within an already authenticated page? It sure sounds like a security sandbox issue but since it's not cross-site, there should be no problem, but it doesn't work. (If I remove the authentication from the pages in question, the SWF accesses the data without problem.)
Is there some magically security setting or other API call to allow the script to access another page protected by digest authentication? I must be missing something but I can't figure out what is missing.
Thanks again for any help.