Thanks heaps Mihai! We run a few tests and it all worked nicelly.

Cheers,

Naso.

Once a session was started, Flash Player appends automatically the session id to any request to the server.

You can check in Flex that the user is authenticated by making a request to the server (remoting/httpservice). The requested page can send back true or false depending on the user authentication state.

First of all, thank you very much for the useful article! It shed some light on questions I didn’t have answers to.

I was wandering if you could elaborate a bit on the following scenario.

I have a website managed by a CMS (Joomla), which I use as a wrapper for a Flex application. The user logs in using the built-in login facility. This way the ‘authenticated’ session is started by the browser. Now, the user starts the Flex app … and my question is does the Flash player automatically capture the authenticated session from the browser or it starts a new session? In addition, how can I check in the Flex application if the user has logged in successfully, given the authentication happens in the browser?

I would be very grateful if you could at least give me a hint on these questions.

Cheers,

Naso.

I am trying to get an AIR app to authenticate with a form which is in aspx. I send a urlrequest for a file and it comes back with a redirect. I then send the username and password along with the correct url which was the original redirect. It is supposed to supply a cookie which authoizes the request but I never see the cookie in although docs say cookies are maintained automatically.

Thanks

You go to Preferences > General > Linked Resources

and you add these two variables; PHP_WEB_URI pointing to the root URL and PHP_FLEX_SERVER_ROOT to absolute path of the web server

How to set

RootURL: PHP_WEB_URI
WebRoot: PHP_FLEX_SERVER_ROOT

Thank you.

“Yes you can apply these to an AIR app. In fact I state this in my article.”

Yes, I know you said the AMFPHP thing works in an AIR app. But your article is about a Flex-AIR combo, not Flash-AIR. So, I wanted to know if I can connect to the MySQL database on the website from my “AIR desktop app made in Flash (not Flex)”. Just clarifying.

“if you have to do an enterprise app, or an application that manipulates a lot of data, then probably Flex is the choice to go.”

My application is not data-heavy and is more tutorial-like and I want it to be more beautiful than number crunching capable. And that is precisely why I want to use Flash because I would go mad skinning in Flex and I would have to lean on big brother Flash to help me out anyway with the look of my app. So I do not want to get into Flex as it would be like learning to use a bulldozer to knock off a flowerpot.

“It is not a good idea in an AIR application to rely on authentication only on the server side. If you code that way your application, then if the user doesn’t have Internet access or your server is broke, he can not use the AIR app.”

So what should I do? I want it subscription based not license based. And anyways apps like SHIFD use user authentication to get into the app, so why not me?

Would be waiting for opinion. Thanks again for the help. REALLY appreciate it.

Yes you can apply these to an AIR app. In fact I state this in my article.

It is not a good idea in an AIR application to rely on authentication only on the server side. If you code that way your application, then if the user doesn’t have Internet access or your server is broke, he can not use the AIR app.

Regarding Flash vs Flex, there is not an absolute resolution here. I prefer Flex. And in generally if you have to do an enterprise app, or an application that manipulates a lot of data, then probably Flex is the choice to go.

Good luck with your project!

http://www.amfphp.org/docs/authenticate.html

and the example given there uses Flash. You have given an example for Flex (just like your “remoting with amfphp” article).

I guess the correct approach would be to put forward my specific case before asking:

I want to make a desktop AIR application which authenticates against the user’s account residing on a mysql database on the website server before letting him/her use the application. Am I making sense? lol.

1. What should I use – Flex or Flash – to make the app?
2. Will it work the same either way? How different the approach/coding would be?

I have to make a choice between flex and flash. If an AIR app cannot be made to do what I want then I would have to take the flex route. I would really appreciate it if you help me out.

I’ve developed Flex Air application that consumes Web services on telephony server. I’ve added Authorization header to enable Basic http authentication; the problem I have is that “someone” (Flex Air engine?) asks for security certificate every time the Web service is invoked. I can’t force the application to import the certificate (in “Security Alert” window it says “The import was successful”, but next time when the service is invoked, it is the same story). The service returns valid result.

Application written in C#, which consumes same Web service with same credentials and on same client workstation works fine.

Any idea how to proceed?

Thx,
Dejan

>>2)What kind of data does AMFPHP pass back to Actionscript?
Here is a resource to see the mapping between the ActionScript types and PHP: http://amfphp.org/docs/datatypes.html

Take a look at my article on Flex and PHP with AMFPHP http://corlan.org/2008/10/10/flex-and-php-remoting-with-amfphp/

Been trying to create a user authentication using Flex 3 and AMFPHP. What happens in my case is that the PHP function works in the service browser, but when i try to pass variables into the PHP function (using remote object), either the variables are not being passed in or the PHP function is not returning the variable i need for other checking purposes.

Just a few questions after reading the tutorial:
1) Is it necessary to use the AsyncToken for user authentication?
2) What kind of data does AMFPHP pass back to Actionscript?

Thanks in advance for the help.

2. Usually a token is a string of 32 chars or more. Each user must have an unique token, and many people are generating using a hash function such as MD5.

I am trying to understand how to save tokens with AIR. Are they simply string variables ? In the server-side code,, does each user have a different token? What’s the best approach for generating tokens ?

Another way is to use mx:states to define one state for each rol.

Thanks,
Dan