Lieven Cardoen

November 16th, 2008

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

Imagine you have a Flex Applicatin using WebORB Authentication. When the first Remote Call is done you supply the Remote Object with credentials. The server authenticates and from then on you don’t need to supply credentials anymore. The server side session will remembler who you are.

But if for some reason your server side session is ended (to to session timeout, applicatin pool recycling, …) the next Remote Call will get a Weborb Security Error.

We have solved this by catching this error in the OnFault event from the responder and retrying the remote call again with the credentials. However, this wasn’t as easy as we thought. Apparently the client side code remebers that it’s been authenticated and will not re-authenticate automatically (because the client doens’t know the session has ended). First we tried to call logout() on the remote object but that didn’t work (we got an error saying that logging out and setting the credentials couldn’t be done simultaenously). We then tried disconnect() and this worked like a charm. After the disconnect() on the remote object we resetted the credentials. If we then called a server side function, WebORB would re-authenticate again. Without the disconnect() WebORB would’nt re-authenticate again (apparently the remote object holds some flags which tell WebORB to authenticate or not). We do need to go and find out the difference between the logout() and the disconnect().

I will definetily come back to this because it isn’t a hundred procent clear to me.

Ciao, Lieven Cardoen aka Johlero

No TweetBacks yet. (Be the first to Tweet this post)

Kyle

Excellent then it is not just my implementation! I was beginning to think I was crazy. Did you ever find any other way around this?

-Kyle
Prat

Excellent! We are facing the same problem. Also, we don’t want session management (creation) for security purposes. We only want request-response mechanism. Every request should be authenticated each time. Is there a mechanism to disable session management at server side? Thanks in advance for your help!
http://www.myspace.com/cardoen admin

Hi Prat, you should ask this question to WebORB because I’m not sure. I do think that disabling session management at server should be possible using Cookieless Session Management by URL rewriting, but you will have ask WebORB if they support this.
Sieger

Hi,

Do you know if there is any way to handle this re-authentication a bit more proactively? Catching this on Fault, disconnect, re-authenticate and retry again doesn’t seem appealing to me. That would mean that I have to keep track of the values of the parameters for that remote call. Am I missing something? Are you able to handle this since this post?
http://www.myspace.com/cardoen admin

We haven’t gone deeper into that issue, but you’re right to say that the current solution isn’t appealing. We’re working with cairngorm and in the command we store the parameters of the remote call. If the fault of the responder (in our case the command) is triggered, we still have access to the original parameters. An abstract superclass then handles the retry. This works quite good for us. I’ll try to ask Mark Piller from WebORB if there’s another way to handle this.
Sieger

Thanks bud. You are the man!
Sieger

I came across this thread where they were talking about the best way to handle the situation. I thought I’d share this with you and see if you want to give it a shot.

http://tech.groups.yahoo.com/group/flexcoders/message/131217 (first reply). The true tag looked pretty promising but I couldn’t get it to work. But then I was trying to following your suggestion with disconnect->retry and I couldn’t get it to work neither. If you have some time to try this can you let me know the outcome?
Freddy

Hey,
thanks for this post.
I have the same problem. I have a .Net-Server with Weborb. When i logout (with serviceLocator.logout()) and then try to login again with setcredentials, i always get a “Credentials cannot be set while authenticating or logging out” error.
I tried to do your “disconnect()” thing, but i cant find this method on my servicelocator or any remoteobject.
Where is this method?
thanks…
http://www.myspace.com/cardoen admin

You’ll probably need the RemoteObject from the mx.rpc.remoting.mxml.RemoteObject. You are probably using mx.rpc.remoting.RemoteObject.
http://www.vhubs.com reygie

i was facing the same problem, beside ur solution is there any way to resolve this issue ? that was a direct solution for this…
http://www.myspace.com/cardoen admin

Haven’t found a way to resolve this. I think you should contact WebORB (forum, mailing list, …) to have this cleared out. Maybe they could alter some code in the weborb.swc…
Pappu

Hi Guys,

I am pretty new to weborb and also .net.I am trying to evaluate weborb for integration of flex and .net application.

Firstly i was trying to figure out if there are any open issues in using weborb in my project.I need standard session management(login and logout mechanism) and remoting mechanism(I tried this and it was working).

I couldn’t understand how to create a session and make it work.Can some one help me doing this.

Thanks,
Pappu.
http://www.myspace.com/cardoen admin

Hi Pappu, what is it exactly you want to do?

In this post of mine you can see how to configure authentication with the acl list. However, if you want more control, you would have to check the authenticationHandler. See this link for information on this. Check them out and if you have more questions or you can’t get it to work, let me know.

WebORB Authentication Issue

Music

Categories

Archives

Recent Posts

Recent Comments

Meta