How to implement a secure authentication model to a Flex 4 / CF9 app?

Question

Hi allbeen searching without finding a lot of clarity on the matterI'm building a flex application that communicates through flash remoting with CF9 cfc methodsI want to make sure my some cfc methods are accessible only by authenticated usershow do I prevent from someone bypassing the flex interface and calling them directly?I'm looking for the simplest way to implement itI'd prefer not to use cookiesis then an easy built-in mechanism / tutorial to implement?it sounds like it make sense to authenticate a user and have cf return an accsess token that would be kept on the serverso does it mean that each flex call to cf should include this token?what about the cfc's? do I need to construct a central cfc to rout all calls and check the access token before routing & processing any DB query?I would REALLY appeciate a clean minimal solutionthanks a millioncosmits

cosmits · Answer

observing the network communication between the flex client and the server

I realized each AMF packet actually has a header that contains a JSESSIONID variable by default

first of all - how can I access this token on the AMF packet header from a cfc method?

and second - do I need to add this token once a user had been authenticated on the cf9 side to some session dictionary containing all authenticated users?

what is the simplest way to validate each cfc method agaist this session dictionary?

do I need to implement it manually on each cfc method I've created?

I realize I'm guessing my way around here

and sure this is quite a generic question

not wanting to re-invent the wheel, yet trying to avoid over complexity

would really appreciate some clarity

cheers

cosmits

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded