I have a flex app hosted on a windows server running IIS. That same server has some rest services that the app interacts with. The rest services have windows authentication so that their urls cannot be called without credentials. The flex app needs to be accessible to the public so its files are accessed by enabling anonymous access. The problem is of course that when the app tries to call the rest services the browser pops a dialog box asking for windows username and pass. I naively hoped that if I set the anonymous access on the flex site to use the credentials of a windows account that had permission to view the rest services that would resolve the matter. I hoped that IIS would see the browser used the proper creds to view the flex app and use those same creds to get the rest services. Wrong, that didn't work.
So is what I want impossible? I'd like to find a way to not force the user to enter windows creds, keep the rest services using windows authentication, and have the flex app able to access the rest urls. Any ideas? Am I missing something? Also, it may turn out that the flex app is running on http and the rest services must be called with https. Does that change your answer? Any thoughts much appreciated.
