0

I have a Flex app which needs to connect to an https web service. The web service WSDL URL is given as wsdl-url.company.com where SSL-offloading is used.

The Flex app resides at the same server the web service resides.

The web service in defined in the mxml as

<s:WebService id="webService" wsdl="https://wsdl-url.company.com/service.asmx?wsdl">

The crossdomain.xml file at the server's root is

<?xml version="1.0"?> 
<!DOCTYPE cross-domain-policy SYSTEM /xml/dtds/cross-domain-policy.dtd> 
<cross-domain-policy> 
<site-control permitted-cross-domain-policies="all"/> 
<allow-access-from domain="*" to-ports="*" /> 
<allow-http-request-headers-from domain="*" headers="*"/> 
</cross-domain-policy>

If the swf is loaded from the HTTPS address, crossdomain.xml will not be requested by the swf when the page loads (web service initializes), but when web service is called a POST to the http equivalent is attempted instead of https.

i.e. using Firebug, I see that Flex is performing a POST to , which should have been HTTPS. Why does Flex change this to http while declared as https?

On the other hand, if the swf is loaded from HTTP at the same server, crossdomain.xml will be downloaded, but the Flash debugger will throw a “Channel.Security.Error” and the app crashes when the web service tries to initialize.

Any help resolving this issue is highly appreciated.

  • Show us the code where you actually perform the post. How does the "web service initializes" in relation to the SWF loading? The SWF won't request a crossdomain.xml file until the code makes a service call to the domain. – JeffryHouser Apr 04 '13 at 20:36
  • The web service is declared using the s:WebService tag shown above and is initialized as soon as the swf is loaded. At that point the Channel.Security.Error is thrown (in case I load the swf through HTTP URL). In case I load the swf through HTTPS URL, this problem does not exist, but any calls to the web service will result in Flash placing http to the declared web service instead of https. The code to call the web service is webService.Authenticate(USERNAME, PASSWORD), after adding a SOAP header. –  Apr 04 '13 at 21:28

1 Answers1

1

Solution Found

For anyone having the same issue, the problem was at the WSDL-endpoint inside the project's .fml. Even though I was setting the service as https:// in the WebService declaration, WSDL-endpoint was generated by Flash Builder as http by default. Setting the endpoint correctly to https programmatically when the app was loaded did the trick:

webService.endpointURI = "https://wsdl-url.company.com/service.asmx";