Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Cancel
- Home
- :
- All Communities
- :
- Developers
- :
- ArcGIS API for Flex (Retired)
- :
- ArcGIS API for Flex Questions
- :
- Active Directory Authentication
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Active Directory Authentication
Subscribe
601
6
06-15-2010 02:35 AM
06-15-2010
02:35 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi there,
I want to use AD authentication to the flex site, but I am not sure how to get it working. When I set the Virtual Directory up to use Windows Authentication the flex site still loads but all the map services stop loading rather than the 'You don't have permission to look at this site' as though it was a normal .NET app.
Can anyone direct me on a route for this. (I only want AD, no forms authentication).
Thanks for any help
Tony
I want to use AD authentication to the flex site, but I am not sure how to get it working. When I set the Virtual Directory up to use Windows Authentication the flex site still loads but all the map services stop loading rather than the 'You don't have permission to look at this site' as though it was a normal .NET app.
Can anyone direct me on a route for this. (I only want AD, no forms authentication).
Thanks for any help
Tony
6 Replies
06-15-2010
03:01 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tony,
I am not sure how to do this directly in flex, however if you (or someone on your team) is familiar with asp.net I would advise creating a .NET "wrapper site" for the login functionality. Once the user is successfully logged in, you can then redirect to your flex app which can be hosted in an aspx page in your website like so:
button on page displayed once user is logged in:
then in your "Myflex.aspx' you can do the following (nb all the javascript allows for displaying this full size in IE since if you try to set height as a percentage in ie it doesnt work!!)
you could also look at this thread, a few people there recommended .net wrapper as the way to go.
I am not sure how to do this directly in flex, however if you (or someone on your team) is familiar with asp.net I would advise creating a .NET "wrapper site" for the login functionality. Once the user is successfully logged in, you can then redirect to your flex app which can be hosted in an aspx page in your website like so:
button on page displayed once user is logged in:
Protected Sub btnGo_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnGo.Click
'uncomment accordingly:
'redirect
'Response.Redirect("myflex.aspx")
'or open in new window:
'Response.Write("<script type='text/javascript'>detailedresults=window.myflex.aspx');</script>")
End Subthen in your "Myflex.aspx' you can do the following (nb all the javascript allows for displaying this full size in IE since if you try to set height as a percentage in ie it doesnt work!!)
<!-- HTML "object" element has a problem with height attribute (when using %) in IE.
Therefore implement a script to resize the object in the window so that the flex app fills the window correctly-->
<script type="text/javascript">
function pageY(elem)
{
return elem.offsetParent ? (elem.offsetTop + pageY(elem.offsetParent)) : elem.offsetTop;
}
function resizeObjectContainer()
{
var buffer = 20; //scroll bar buffer
var height = document.documentElement.clientHeight;
height -= pageY(document.getElementById('swfContainer'))+ buffer ;
//height -= pageY(document.getElementById('DisplayFrame'));
height = (height < 0) ? 0 : height;
document.getElementById('swfContainer').style.height = height + 'px';
//resizeDebug();
}
</script>
<body onload="resizeObjectContainer();" onresize="resizeObjectContainer();">
<form id="form1" runat="server">
<div>
<object id="swfContainer" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width=100%>
<param name="movie" value="cawdapt_v1a.swf"/>
</object>
</div>
</form>
</body>
</html>you could also look at this thread, a few people there recommended .net wrapper as the way to go.
06-15-2010
03:26 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tony,
I am not sure how to do this directly in flex, however if you (or someone on your team) is familiar with asp.net I would advise creating a .NET "wrapper site" for the login functionality. Once the user is successfully logged in, you can then redirect to your flex app which can be hosted in an aspx page in your website like so:
button on page displayed once user is logged in:Protected Sub btnGo_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnGo.Click 'uncomment accordingly: 'redirect 'Response.Redirect("myflex.aspx") 'or open in new window: 'Response.Write("<script type='text/javascript'>detailedresults=window.myflex.aspx');</script>") End Sub
then in your "Myflex.aspx' you can do the following (nb all the javascript allows for displaying this full size in IE since if you try to set height as a percentage in ie it doesnt work!!)<!-- HTML "object" element has a problem with height attribute (when using %) in IE. Therefore implement a script to resize the object in the window so that the flex app fills the window correctly--> <script type="text/javascript"> function pageY(elem) { return elem.offsetParent ? (elem.offsetTop + pageY(elem.offsetParent)) : elem.offsetTop; } function resizeObjectContainer() { var buffer = 20; //scroll bar buffer var height = document.documentElement.clientHeight; height -= pageY(document.getElementById('swfContainer'))+ buffer ; //height -= pageY(document.getElementById('DisplayFrame')); height = (height < 0) ? 0 : height; document.getElementById('swfContainer').style.height = height + 'px'; //resizeDebug(); } </script> <body onload="resizeObjectContainer();" onresize="resizeObjectContainer();"> <form id="form1" runat="server"> <div> <object id="swfContainer" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width=100%> <param name="movie" value="cawdapt_v1a.swf"/> </object> </div> </form> </body> </html>
you could also look at this thread, a few people there recommended .net wrapper as the way to go.
Thanks for you help with this Gareth!
Just a little confused.
Firstly, if the first page authenticates and redirects, what would stop someone manually typing the address of the second page?
If the security permissions are already on the second page, then what is the purpose of the first page?
Sorry for the basic questions, I've not needed to embed flash in ASP.NET before and I wondered whether IIS7 was causing me problems
I did try to write a web service to call from flash, but it just thought I was the NETWORK_SERVICE all the time, which I guess is what the service was logged in as?!
Also we have a massive estate of IE6 users. (I'm sure this is as upsetting to read as it is to write for!) Is the resizing code OK in this? I understand if you don't know being the browser was around when England last won the World Cup!
06-15-2010
04:38 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi t0ny (btw it's Graham 😄 )
You don't HAVE to have the interim page, you can of course direct straight from your login.aspx to your flex.aspx on successful login. Also you can secure the flex.aspx page so it cannot be accessed by unauthenticated users directly with a URL, probably the simplest way is to put the page in its own folder in the .net website folder structure and use the asp.net website security to restrict access to that folder (in visual studio open the asp.net website and go to website /asp.net authentication on the toolbar) and it's all taken care of for you in a nice little UI that is very easy to understand.
If you are unsure on all this there are absolutely hundreds of articles and code snippets you can use. Read up on the roles and membership apis on msdn.
Hope this helps you.
ps: Yes the resizing code works for IE6, although I haven't tested it on a range of different monitor resolutions, im pretty sure it's ok. It isn't actually my own resizing code, i found it somewhere on the net when i needed something similar for a .net project i was working on.
You don't HAVE to have the interim page, you can of course direct straight from your login.aspx to your flex.aspx on successful login. Also you can secure the flex.aspx page so it cannot be accessed by unauthenticated users directly with a URL, probably the simplest way is to put the page in its own folder in the .net website folder structure and use the asp.net website security to restrict access to that folder (in visual studio open the asp.net website and go to website /asp.net authentication on the toolbar) and it's all taken care of for you in a nice little UI that is very easy to understand.
If you are unsure on all this there are absolutely hundreds of articles and code snippets you can use. Read up on the roles and membership apis on msdn.
Hope this helps you.
ps: Yes the resizing code works for IE6, although I haven't tested it on a range of different monitor resolutions, im pretty sure it's ok. It isn't actually my own resizing code, i found it somewhere on the net when i needed something similar for a .net project i was working on.
06-15-2010
05:04 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Whooooops, Graham not Gareth!!!
Normally I create a new web/vd in IIS on one of our web servers, turn on Windows Authentication and set the AD security permissions on the folder. Would slapping a wrapper around the flex app in this setup be enough? As in one ASPX page containing the flash file.
Never used .NET to do the security for me, does that do all the role stuff? Don't want any of that, want to keep it all tied down on the folder on the server!
Normally I create a new web/vd in IIS on one of our web servers, turn on Windows Authentication and set the AD security permissions on the folder. Would slapping a wrapper around the flex app in this setup be enough? As in one ASPX page containing the flash file.
Never used .NET to do the security for me, does that do all the role stuff? Don't want any of that, want to keep it all tied down on the folder on the server!
hi t0ny (btw it's Graham 😄 )
You don't HAVE to have the interim page, you can of course direct straight from your login.aspx to your flex.aspx on successful login. Also you can secure the flex.aspx page so it cannot be accessed by unauthenticated users directly with a URL, probably the simplest way is to put the page in its own folder in the .net website folder structure and use the asp.net website security to restrict access to that folder (in visual studio open the asp.net website and go to website /asp.net authentication on the toolbar) and it's all taken care of for you in a nice little UI that is very easy to understand.
If you are unsure on all this there are absolutely hundreds of articles and code snippets you can use. Read up on the roles and membership apis on msdn.
Hope this helps you.
ps: Yes the resizing code works for IE6, although I haven't tested it on a range of different monitor resolutions, im pretty sure it's ok. It isn't actually my own resizing code, i found it somewhere on the net when i needed something similar for a .net project i was working on.
06-15-2010
05:27 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK, so you normally don't create login pages, you just secure the folders in IIS that host the apps using AD restrictions?
In that case I guess the .NET wrapper would be overkill. Are the mapservices you are using in your flex app hosted on a different server? If so you should include a crossdomain.xml file on the root of your app server. This is venturing a little of my own comfort zone as I am a total newbie at all the flex stuff myself. I havent had this problem as my app and map services are all on the same server. However I believe that if they are not hosted together then the crossdomain.xml is the way to go. I found an example of one and it looks like this:
<?xml version="1.0" ?>
- <cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitted-cross-domain-policies="all" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
i think this format allows access to all domains, I'm not sure exactly how you would tailor it to your own needs. Perhaps a search on here / google will help you further. I'm afraid this is the limit of my knowledge on this one, but it might be of use? Hope it helps a bit!
If not then hopefully someone wiser than me will sort you out 🙂
In that case I guess the .NET wrapper would be overkill. Are the mapservices you are using in your flex app hosted on a different server? If so you should include a crossdomain.xml file on the root of your app server. This is venturing a little of my own comfort zone as I am a total newbie at all the flex stuff myself. I havent had this problem as my app and map services are all on the same server. However I believe that if they are not hosted together then the crossdomain.xml is the way to go. I found an example of one and it looks like this:
<?xml version="1.0" ?>
- <cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitted-cross-domain-policies="all" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
i think this format allows access to all domains, I'm not sure exactly how you would tailor it to your own needs. Perhaps a search on here / google will help you further. I'm afraid this is the limit of my knowledge on this one, but it might be of use? Hope it helps a bit!
If not then hopefully someone wiser than me will sort you out 🙂
06-15-2010
05:48 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yea, no login pages I want people to pop straight in. I do want their userid, so perhaps a .NET wrapper is what I should do to push it through as a parameter?
Everything is on the same box, but I do have a crossdomain file anyways as I could not make SOAP requests to locator hub without it!
So it is as I thought it should be, the AD authentication should work like it does normally. I am starting to think this is IIS7, which I despise!
Everything is on the same box, but I do have a crossdomain file anyways as I could not make SOAP requests to locator hub without it!
So it is as I thought it should be, the AD authentication should work like it does normally. I am starting to think this is IIS7, which I despise!
OK, so you normally don't create login pages, you just secure the folders in IIS that host the apps using AD restrictions?
In that case I guess the .NET wrapper would be overkill. Are the mapservices you are using in your flex app hosted on a different server? If so you should include a crossdomain.xml file on the root of your app server. This is venturing a little of my own comfort zone as I am a total newbie at all the flex stuff myself. I havent had this problem as my app and map services are all on the same server. However I believe that if they are not hosted together then the crossdomain.xml is the way to go. I found an example of one and it looks like this:
<?xml version="1.0" ?>
- <cross-domain-policy>
<allow-access-from domain="*" />
<site-control permitted-cross-domain-policies="all" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
i think this format allows access to all domains, I'm not sure exactly how you would tailor it to your own needs. Perhaps a search on here / google will help you further. I'm afraid this is the limit of my knowledge on this one, but it might be of use? Hope it helps a bit!
If not then hopefully someone wiser than me will sort you out 🙂
