Andrew Monkhouse wrote:I get the feeling that there are other things you are not telling us (as one simple example, why you are using ASPX files at all - why not plain HTML files), and that is fine - it just means that the answers you get may not match your requirements.
=> We are basically asp.net developers, we have created ASPNet Membership to make sure which pages are visible to members/registered users and which are not. the application has few pages which we want to give access to un-registered users as well. At the same time, I want to make all these pages be in flex to give consistent feeling. I could not get page control if we go with HTML pages, so we preferred to use aspx.
I think that your approach can work quite well.
I have a minor concern with your stated architecture in that having the URL / second Flex app exposed in this way means that someone could attempt to go directly to that second page / application, and skip the login process completely. You are hopefully architecting your solution to handle such attacks, so this may not be a concern for you.
=> yeah, aspx will make sure un-registered users won't get pages which are not meant for them. I did not find reliable and simple ways like role management in aspx in flex.
Assuming you have that issue properly mitigated, then it can be superior in security to both a SWFLoader approach or an embedded SWC approach. However failing to get the security right will not make it any less secure, so I don't see any reason not to go that path.
=> thanks for the suggestion and confirmation.
I am sorry, to post at multiple forums, I was quite worried how to proceed and did not find way out, I am still get a complete website developed using Flex 4, that brings data thr' aspnet web service etc . so facing problems to understand/work on these basic issues. I will note your suggestion in future postings.