Can you make Flash URLRequest /web services work from behind a proxy in IE?

Question

We have a Flash application that connects to a WCF REST web service returning json data.

We use URLRequest/URLLoader with POST requests, not a lower-level library using sockets like as3httpclientlib.

The application runs swimmingly well in the normal course of duties, but when we are behind a corporate proxy server (ie. In Internet Explorer Conenction tab a proxy is defined) some requests are returning HTTP status code 502 - DNS Lookup Failed. (We use Fiddler to inspect the traffic). The connection works fine for the first few requests but then seems to die - with these 502 errors.

What could be causing this?

I have heard that using low-level socket programming can cause problems with proxy servers in corporate environments - but that's not what we are using here.

EDIT:

Upon further investigation (using fiddler) this is what is happening:

1. The first POST request is made.
2. Proxy returns a 407 (cache request denied - unauthenticated to proxy)
3. Request is made again with a proxy authorization header
4. Proxy returns a 407 with some sort of return proxy-authenticate header.
5. Original request is made once more - this time with proxy-authentication but my authorization header ("authorization: username:password") has been stripped by the proxy and thus the request fails.

Not sure how to get around this...

EDIT:

I added my authorization header using URLRequest in actionscript. The proxy server was using NTLM authentication. The authorization header I added was removed in Step 2.

I found that if I used a header with a random name like 'Security' instead of 'Authorization' then the header was not stripped out.

Answer 1

If Fiddler says "DNS Lookup failed" that likely means that either:

1> Your computer isn't configured to use an upstream proxy server 2> Your computer is configured to use an upstream proxy server, but that proxy server is either down, or intermittently failing.

By default, Fiddler chains to your upstream proxy. When it sends a request to your proxy, it will not even try to do a DNS lookup. If Fiddler says that the DNS lookup failed, that means that Fiddler tried to do a DNS lookup, which means that it's not even trying to use the Proxy because it's either not configured, or the proxy autoconfiguration script failed to download.

When Fiddler is NOT running, what are your proxy settings inside Tools / Internet Options / Connections / LAN Settings?

It's also worth mentioning that in IE, Flash uses the same proxy settings that IE uses. So unless you've hit some crazy-rare bug in Flash, you shouldn't need to worry about proxy settings in Flash if IE itself can reach the site.

Answer 2

The short answer is no, you cannot haxxor your way around it. Flash has no power over how it requisitions resources from the internet in terms of network/proxy configuration. If it did, it would be a major security flaw.