When you have Session Authentication enabled on your server and you log onto the server a cookie is dropped called DomAuthSessId and this cookie is passed back and forth to the server with every HTML page that is served.
Luckly in FLEX when you log on to the server and use the HTTPService or WEBService objects this cookie is passed back to the server on each POST or GET that you call.. But how do you get this cookie there in the first place? Well the easiest way is to lock down your NSF so that Anonymous has no access and when accessed from the web the default server logon screen is displayed. Now far be it from me to say that it looks like shite but lets be fair is is rather 1990's in appearance. It would be much nicer if you could log on from the nice shiney RIA that Flex provides.
This is how I did it.
I need a HTTPService object to do the logon
OK what's happening above<mx:HTTPService id ="myLogon" url ="http://www.mynotesserver.com/names.nsf?logon" method ="POST" fault ="logonFail()" result ="logonResult(event)"> <mx:request xmlns=""> <username>{username.text}</username> <password>{password.text}</password> <redirectto>http://www.mynotesserver.com/logonok?openagent</redirectto> </mx:request> </mx:HTTPService>
The HTTP Server i have defined will goto the URL specified in the URL setting which as you can see is the familiar names.nsf?logon URL and it will be a POST transaction rather than a GET
If the call successfully returns well formated XML actionscript function logonresult() will fire. If the connection fails OR poorly formatted XML is returned (as is the case if the call returns an HTML error page) the actionscript function logonFail() is called.
At the bottom i have defined 3 Paramaters that will be passed username, password and redirectto. Username is bound to a text input field called username in the flex application likewise password is bound to a similar field. Redirectto on the other hand points at logonok?openagent and this agent will be called if and only if the logon is processed by the server and the user is authenticated.
The logonFail() function looks like this
The logonResult() function looks like thisprivate function logonFail():void { Alert.show("Sorry - Your Logon Attempt failed") }
And the LS agent LogOnOk looks like thisprivate function logonResult(event:ResultEvent):void { Alert.show("Hello there You are In!"); }
Sub Initialize Print |Content-Type:text/xml| Print |<?xml version="1.0" encoding="ISO-8859-1"?>| Print | <loggedon>yes</loggedon> | End Sub
As you can see the LS simply returns some well formed if relatively meaningless XML should the signon fail for any reason some nasty HTML will be returned which will cause Flex to fire the logonFail() function.
I then place the USERNAME and PASSWORD field somewhere in the FLEX app with a LOGON button which calls actionscript myLogon.send() (myLogon being the ID of the HTTPService) and .send() initiates the call to the server.
Now although FLEX does not refresh the page the SWF is embedded in every time the server is contacted it does accept the cookies that are sent back from the server and placed them as normal on the page. So when you do something like the above in your own Flex app, and logon is sucessful when you go and look you will see the DomAuthSessId cookie appear, this then gets passed on each successive HTTPService call to your server (for as long as the cookie survives)