Using HTTP Authorization headers with Flash

I needed a way to load XML data from a password protected source (user: testuser, pass: testpass), preferably without a login popup. So I have been poking around in the HTTP header specs and found a solution by using the Authorization field. In essence it is - like most things - quite simple. I guess this has been done a thousand times before, but the Flash related sources on this topic were very sparse. When accessing a password protected source on a server, that server will challenge the client with a so-called WWW-Authenticate field in the response header. The client then has to answer that challenge correctly and access is granted. The W3C has written a addRequestHeader method (for both the LoadVars class). Using this method, you can add the correct field to the HTTP header during the initial request, supplying the server with the right credentials, so the protected data is transferred immediately. One thing to keep in mind is the way the content of the Authorization field is constructed. This depends on the server, but is usually based on the basic' scheme. This means that the full Authorization request is constructed like so: BASIC username:password Note that the username:password part has to be Base64 encoded. I have included some sample code below, demonstrating both the use of a (Download snippet: source files here (includes Base64 class). Please bear in mind that:

• This solution does not work from a browser environment. It should work from a standalone executable though (that is what I needed). UPDATE - the problem with a browser environment is that the browser strips the "Authorize" field from the header, thus triggering the login popup to appear. I donot know the rationale behind this behaviour, but I experienced it in both IE and FF.