Restricting access to URL of the flex application

saha ch · 05-21-2010, 01:37 AM

Hi,

I want to restrict access to the URL of the intranet flex application. We do not want a login page to be used. Just give access to specific users may be based on windows authentication. Users who are allowed should automatically view the application once the URL is typed and remaining should get a error message when the URL is typed. Any ideas of how i can achieve this?

Thanks,
Saha

Inigoesdr · 05-24-2010, 12:33 AM

Flex is not the best application to handle this. You should use the webserver to restrict access to your flex application. For example, use an .htaccess file to only allow the intranet IPs to access it so everyone else gets a 403 error.

saha ch · 05-27-2010, 06:09 PM

I do not want to restrict based on IP address because the user who is permitted can log from any system, it should be restricted by the user logged in to the system. How do i get which user has logged in to the system using flex?

Inigoesdr · 05-29-2010, 04:44 PM

I don't think that is possible using Flex because the user logged into the system shouldn't be exposed to the flash plugin... I would see that as a security issue. The only way I can think of where this might be possible is with the use of a third-party plugin like ActiveX that could hook into the OS's functionality. Even if it could see the user, that isn't sufficient to authenticate someone as it could be easily faked.