Sharing .NET session/authentication with Flex

Question

I have a .NET 1.1 application (VB.NET 1.1 shopping cart) into which a user authenticates.

I want to 'bolt on' a Flex application but dont want to have to have the user reauthenticate. They shouldn't know it is a separate application.

I want to use WebServices (C# 3.5) over some kind of secure channel.

My main question here is how do I know the user is authenticated in Flex when communicating to the webservices. I've seen a suggestion to use EnableSession, but I dont even know if that would work because I dont see how Flex would know to send any cookie that exists in the parent browser.

Currently the shopping cart's idea of authentication is to just stick a custom 'User' object in session. I dont think thats true ASP but in any case if I have session I can get to it.

What are my options?

Answer 1

Flex does indeed share the browser's cookies (I saw a demo of this a while back). Google for it; there are a few articles. With AJAX and Silverlight, if you enable sessions in your web services and your web site you can use the same session in both places. It should be the same for Flex since it just uses the browser's cookies.

If you have two different web applications, with one running .Net 1.1 and one running .Net 3.5, you won't be able to share in-process sessions. You will have to use something like a session state server to maintain sessions across the applications.