I'm working on a Flex 3 application that uses the Flex IFrame project to connect to remote web servers, using basic authentication.
When authenticating against the remote web server, the URLRequest is put together with the following code, and loaded with a URLLoader.
var request:URLRequest = new URLRequest(targetHost);
var authorization:URLRequestHeader = new URLRequestHeader(AUTH_HEADER, token);
request.requestHeaders.push(authorization);
request.method = URLRequestMethod.POST;
request.data = "dummy=0";
Note that the request data is included to prevent Flash Player from stripping away the Authentication header and converting the request to a GET request.
If authorization fails the first time, the browsers login dialog pops up (the first attempt at authorization retrieves credentials from a database). When the user provides the credentials and clicks OK, the following HTTP request is made:
POST / HTTP/1.1
Host: photon:6680
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Cookie: session_id="Sc36fb6b"
Authorization: Basic cGhvdG9uOnBob3Rvbg==
Content-type: application/x-www-form-urlencoded
Authorization: Basic YWRtaW46YWRtaW4=
Content-length: 7
dummy=0
Notice that this request has two authorization headers. The latter contains the credentials of the initial (default) login attempt, and the former contains the credentials provided by the user of the previous login pop-up. Why Firefox caches the last used credentials and appends them to a separate HTTP request is beyond me.
Any information would be greatly appreciated.