MSSQL2005 Endpoint (Webservice) Authentication

[Ariel2000]

Hello,

I am trying to fetch data from SQL Server 2005, bypassing IIS, SQL 2005
Endpoints require a username and password and don't support anonymous access.
How can I send a username and password for authentication? This is the Flex 2
Beta 2 code I am using to call the service:

<mx:WebService id="zoban" wsdl="http://zoban/Library?WSDL">
<mx:operation name="GetBooks">
<mx:request>
<Text>{kaka.text}</Text>
</mx:request>
</mx:operation>
When I point my browser to the service I just get the username prompt. Can I
squeeze in something like <mx:username> and <mx:password> in there?

Best!

[poonamsheth]

here is some help for u,, if it solves ur problem?, but logic needs to be
understood.
pART 1 --- aBOUT aUTHENTICATION
------------------------------------------------------
When a destination is not public, you can restrict access to a privileged
group of users by applying a security constraint in a destination definition in
the Flex services configuration file. A security constraint ensures that a user
is authenticated, by using custom or basic authentication, before accessing the
destination. By default, Flex Data Services security constraints use custom
authentication.

Basic authentication

Basic authentication relies on standard J2EE basic authentication from the web
application container. To use this form of authentication, you secure a
resource, such as a URL, in the web application's web.xml file. When you use
basic authentication to secure access to destinations, you usually secure the
endpoints of the channels that the destinations use in the web.xml file.

The following example shows a configuration for a secured channel endpoint in
a web.xml file:

...
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Channel</web-resource-name>

<url-pattern>/messagebroker/amf</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>

<auth-constraint>
<role-name>sampleusers</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>sampleusers</role-name>
</security-role>

------------
Custom authentication

As an alternative to basic authentication, you can use custom authentication
and create a custom login form in MXML to match the appearance of your
application.

For custom authentication, Flex uses a custom login adapter, known as a login
command, to check a user's credentials and log a principal into the application
server. A login command must implement the flex.messaging.security.LoginCommand
API. You can register multiple login commands in the security section of the
Flex services configuration file. The server attribute of the login-command
element is used to perform a partial match against the value returned by the
servletConfig.getServletContext().getServerInfo() method. The server value must
be a case-insensitive match of an initial substring of this value or the entire
string.

You can use a login command without roles for custom authentication only, but
if you also want to use custom authorization, you must link the specified role
references to roles that are defined in your application server's user store.

Flex Data Services includes login command implementations for Adobe JRun and
Apache Tomcat, Oracle Application Server, BEA WebLogic, and IBM WebSphere, as
the following example shows:

<security>
...
<login-command class="flex.messaging.security.JRunLoginCommand"
server="JRun"/>
<!--
<login-command class="flex.messaging.security.TomcatLoginCommand"
server="Tomcat"/>
<login-command class="flex.messaging.security.OracleLoginCommand"
server="Oracle"/>

<login-command class="flex.messaging.security.WeblogicLoginComman d"
server="Weblogic"/>
<login-command class="flex.messaging.security.WebSphereLoginComma nd"
server="WebSphere"/>
-->
...
</security>

------------------------

[poonamsheth]

WE;; NEXT WAS UR QUESTION OF using a query string parameter

pART 2 Passing request data into Flex applications
------------------------------------------------------------------------

You can pass request data to Flex applications by using a query string
parameter or defining flashVars properties in the HTML wrapper. When you use
query string parameters, Flex converts them to flashVars variables and passes
them to the application.

Inside the Flex application, you access flashVars properties and query string
parameters exactly the same way, but the way that you pass them to the Flex
application is different:

* The flashVars properties: You explicitly define the flashVars properties
in the HTML wrapper that points to the Flex application.
* Query string parameters: You attach query string parameters to the URL
in the browser's target window and the Flex Enterprise Services 2.0 converts
them to flashVars variables.

Changing either the query string parameter or the flashVars property does not
trigger a recompilation of the Flex application if you are using the Flex
Enterprise server.

To use flashVars or query string parameters inside your MXML file, you access
the Application.application.parameters object. The parameters property points
to a dynamic object that stores each parameter as a name-value pair. You can
access variables on the parameters object by specifying
parameters.variable_name. As with any variable, you can bind the parameters
object's properties to a display control or modify the value and return it to
another function.

The following example defines the myName and myHometown variables and binds
them to the text of Label controls:

<mx:Application xmlns:mx="<a target=_blank class=ftalternatingbarlinklarge
href="http://www.macromedia.com/2005/mxml"">http://www.macromedia.com/2005/mxml"
</a> creationComplete="initVars()">
<mx:Script><![CDATA[
// Declare bindable properties in Application scope.
[Bindable]
private var myName:String;
[Bindable]
private var myHometown:String;

// Assign values to new properties.
private function initVars():void {
myName = Application.application.parameters.myName;
myHometown = Application.application.parameters.myHometown;
}
]]></mx:Script>

<mx:VBox>
<mx:HBox>
<mx:Label text="Name: "/>
<mx:Label text="{myName}" fontWeight="bold"/>
</mx:HBox>
<mx:HBox>
<mx:Label text="Hometown: "/>
<mx:Label text="{myHometown}" fontWeight="bold"/>
</mx:HBox>
</mx:VBox>
</mx:Application>

When a user requests this application with the myName and myHometown
parameters defined, Flex displays their values in the Label controls. The
following URL passes the name Nick and the hometown San Francisco to the Flex
application:

<a target=_blank class=ftalternatingbarlinklarge
href="http://localhost:8100/flex/myApp.swf?myName=Nick&myHometown=San%20Francisc
o

To">[url]http://localhost:8100/flex/myApp.swf?myName=Nick&myHometown=San%20Francisco[/url]

To</a> view all the flashVars properties, you can iterate over the parameters
object, as the following example shows:

for (var i:String in Application.application.parameters) {
ta1.text += i + ":" + Application.application.parameters<i> + "\n";
}

Flex does not recompile the application if the request variables have changed.
As a result, if you dynamically set the values of the flashVars properties or
query string parameters, you do not force a recompilation.

Query string parameters must be URL encoded. The format of the string is a set
of name-value pairs separated by an ampersand (&). You can escape special and
nonprintable characters with a percent symbol (%) followed by a two-digit
hexadecimal value. You can represent a single blank space using the plus sign
(+).

The encoding for flashVars properties and query string parameters is the same
as the page. Internet Explorer provides UTF-16-compliant strings on the Windows
platform. Netscape sends a UTF-8-encoded string to Flash Player.

Most browsers support a flashVars String or query string up to 64 KB (65535
bytes) in length. They can include any number of name-value pairs.

[poonamsheth]

ONE MORE THING .
Plz review the API documentation for their web services to make sure a method
exists that can retrieve the information you want. The API documentation for
the web services is located at :

<a target=_blank class=ftalternatingbarlinklarge
href="http://weblogs.macromedia.com/mxna/webservices/mxna2.html.">[url]http://weblogs[/url]
..macromedia.com/mxna/webservices/mxna2.html.</a>

[poonamsheth]

Tutorial on Understanding Service Authentication
--------------------------------------------------------------------
<a target=_blank class=ftalternatingbarlinklarge
href="http://www.adobe.com/devnet/flex/articles/security_framework.html

by">[url]http://www.adobe.com/devnet/flex/articles/security_framework.html[/url]

by</a> Brian Deitte

[poonamsheth]

there is something called, Proxy service too,

The Proxy Service, in which you define both web service and HTTP service
destinations, has service-level configuration settings also

If the proxy must first contact an external proxy before getting access to the
Internet, you can provide the location of that proxy as well as a username and
a password.

The following example shows max-connections and external-proxy configuration:

...
<proxy-service>

<max-connections>100</max-connections>

<external-proxy>
<location>10.1.147.90:3128</location>
<username>flex</username>
<password>flex</password>
</external-proxy>
...
</proxy-service