Basic authentication when calling a web service

I am trying to access a .net webservice hosted on an IIS server protected by basic authentication. I was trying to do as gkohen has done to import the wsdl in flex builder. But when I enter the wsdl and press next, in the import wsdl wizard, it is bringing up an authentication form asking for username and pasword. When I enter the username and password and press ok, it is not working. It is bringing up the the authentication form again asking for username and password. Due to this, the Flex Builder is not able to auto-generate the code for the web services. It is showing an error "unable to load wsdl". The same wsdl is working with WebService object (without using the import wsdl feature).
It is still bringing up the authentication form but when I enter the credentials manually, it is returning a response. Can anyone suggest a way to get the import wsdl feature working for a webservice protected by basic authentication?

Another possible hack is to pass the credentials as a GET parameter, and have your endpoint web server convert the parameter into the Authentication HTTP header.

In flex-land, modify the URL of the webservice as follows:

public function
setCredentials(username;String, password:String):void
{
var base64Encoder:Base64Encoder = new Base64Encoder();
base64Encoder.encodeUTFBytes(username+':'+password+"\n");
endpointURI = endpointURI + '?' + base64Encoder.toString();
}

In apache-land, add the following directives to convert the GET parameter to a header:

SetEnvIfNoCase Authorization ^.*$ NO_Authorization
RequestHeader add Authorization "Basic ${QUERY_STRING}e" env=NO_Authorization

(delete the newline before env=... or Apache will complain)

I use something similar to nijlz above, but we're in control of our own servers. Our server is setup so that the http handler creates and manages the user sessions, and once the user has a valid session, they can access the WebServices behind that. And to use from Flex, we using an HTTPService call first, and then we make calls to WebServices.

A lot of what everyone is talking about with not accessing WSDL files seems more to do with the Web Service Provider's limiting factors, than Flex per say. I'm finding this a lot with people who only consume and produce Web Services in a .NET only environment. Web Services in .NET work really well with itself, but when it comes to accessing from a variety of third-party clients...not so much, mostly because the people who created them live in a Microsoft vacuum. This isn't just a Flex thing, but I see it when trying to consume various Web Services from various technologies. It's probably why people are getting frustrated and moving to a simpler RESTful style request/response. (Sorry to go a little off-topic.)

Guys,

the easiest way to solve this problem is to use "inline" basic authentication this way:

<mx:Webservice wsdl=" http://{ws_username}:{ws_password}@your_ws_url" />

It works 100%, but you have to be be aware of two things:
1) you need your ws_username and ws_password must be URLEncode'd, so for example "@" character of email address will turn into %40 and so...

2) if someone will want to sniff for your password and user name, he can do it very easy by looking into "Authentication" HTTP header same way as u URL and extract your credentials, all you have to do is Base64 decode.

Hope this helps. if you have more questions, drop me a line or gtalk to me on info [at] skitsanos [dot] com

Cheers,
Evi Skitsanos.

Bump -- Adobe, can you help?

Maybe this will help:

http://www.abdulqabiz.com/blog/archives/flash_and_actionscript/http_authentica.php

One other way is to proxy the webservice call through a server-side platform.

I never call any data service directly from Flex.

Tracy

I searched quite long for a solution to this too.

But it seems there is none.

I hope this will no longer be an issue in Flex 3 because the problem is common and quite trivial and I don't see a reason why this should not be possible with webservices.

Kind regards, Roland

Adobe, please help!

I have seen this question posed five other times in this forum, but I cannot find an answer anywhere. The problem itself is simple: I want to call a SOAP-based Web Service that is protected on its server via HTTP Basic Authentication.

I would like to use ActionScript like the following, but I cannot ever get it to work. Like the others who have posted this same question, I have tried all permutations of setCredentials, setRemoteCredentials, and useProxy, but I cannot figure out how to specify the username/password combo that is required by the server when it performs its Basic HTTP Authentication.

This seems to be a common problem without a solution -- can anyone help, please?

Thanks in advance

-- Greg

var ws:WebService;

function main () : void
{
ws = new WebService ();

ws.addEventListener("load", wsdlLoadHandler);
ws.loadWSDL("myWsdlFile.wsdl");
}

function wsdlLoadHandler (event:LoadEvent) : void
{
ws.addEventListener (ResultEvent.RESULT, wsComplete);
ws.addEventListener (FaultEvent.FAULT, wsFault);

ws.someFunction.addEventListener (ResultEvent.RESULT, wsComplete);
ws.someFunction.addEventListener (FaultEvent.FAULT, wsFault);

ws.endpointURI = "url_to_some_web_service_that_requires_basic_HTTP_authentication";

ws.someFunction (3.14159);
}

private function wsComplete (event:ResultEvent) : void
{
var xyz:int = 5;
}

private function wsFault (event:FaultEvent) : void
{
var xyz:int = 5;
}