1

I'm looking for example or idea how to manage user authentication in FLASH with MVC5 ASP.NET identity using internal accounts and external logins (facebook etc.).

I know that there are examples for simplemembership and that there are problems with FLASH automatic authentications. But i can't find nothing about MVC5 :(.

Authentication itself will be made by ASP.NET pages. I want /only/ a FLASH app to be able to use authenticated session when making server reuqests.

Flash app is used to edit some data and save to DB on server side (MVC5) so it must be safe and allowed only for certain authenticated user.

What is the safest way to authenticate user in FLASH app placed on MVC5 page?

Stefan Cebulak
  • 169
  • 2
  • 10

1 Answers1

1

So far i've found 3 possible(?) approaches. None of them seems easy and clear, and didn't tested them yet...

  1. Pass some validation/verification token to FLASH by flashvars, use it for each request to unrestricted server method and validate it manually.
  2. Call javascript functions from FLASH, used for restricted communication (i hope that such js calls will be automatically validated as normal web calls are?).
  3. Try to somehow read .AspNet.ApplicationCookie, ASP.NET_SessionID, __RequestVerificationToken cookies and use them in Flash when sending URLRequest. (don't know if it is even possible).

Do any of this makes any sense?

Are there really no easy/better sollution for validating user request made from flash app ;(?

EDIT: Ad.2 Test Passed, User is authenticated :D. Seems quite nice actually (ExternalInterface.call(...)). Crucial FLASH-ASP.NET communication using JS and AJAX.

EDIT2:

Im just calling JavaScript from Flash, and this javaScript is then comunicating with server using AJAX that already is authenticated. Using external interface you can also call Flash functions from javaScript (when received answer). So communication is complete.

FLASH: 

public static function SendToServer(_sParam:String):void
{
   ExternalInterface.call("JAVASCRIPT_FUNCTIONNAME", "TEST", _sParam);
}

//If you want to call FLASH functions from JavaScript you need to call this in FLASH:

ExternalInterface.addCallback("NAME_FOR_JAVASCTIPT_OF_FLASH_FUNCTION", FLASH_FUNCTION);

//From now this FLASH_FUNCTION will be called when you call swfobj.NAME_FOR_JAVASCTIPT_OF_FLASH_FUNCTION() in JavaScript.

JAVASCRIPT:

//You need to be able to get SWF object in flash to call its registered functions
function swfobj() {
   return $("#modafswf").get(0);
}

function JAVASCRIPT_FUNCTIONNAME(mffname, mfpvalue) {
    try {
        $.ajax({
            url: "/FlashComm/" + mffname,
            data: "{ 'param': '" + mfpvalue + "' }",
            dataType: "text",
            type: "POST",
            contentType: "application/json; charset=utf-8",
            dataFilter: function (data) { return data; },
            success: function (data) {
                swfobj().NAME_FOR_JAVASCTIPT_OF_FLASH_FUNCTION(mffname, data);
            }
        });
    } catch (ex) {}
}

And finally ASP.NET: 

[HttpPost]
public string TEST(string param)
{
string result = RESULT_ERROR;
result = RESULT_OK;
return result;
}

Stefan Cebulak
  • 169
  • 2
  • 10
  • Hi, I am also looking for a solution using ASP.NET Identity, have you got a code sample that works? Ideally along the similar lines of: http://stackoverflow.com/questions/1729179/uploadify-session-and-authentication-with-asp-net-mvc – Mark Redman Aug 28 '15 at 08:27
  • 1
    Hi, i was very busy and did't visit stackoverflow for some time. Added some more detailed info. Sorry for bad code formating, still can't get it how to paste code here. – Stefan Cebulak Oct 25 '15 at 22:35