If you're not using the FDS proxy service, then you'll have
to get users to first log in using HTTP Basic Authentication where
by the browser pops up a dialog and requests a username and
password independently from the Flash Player. Then, with a session
in place (typically tracked by cookies), the flash player can make
connections to secure web sevices.
If you are using the FDS proxy, you can call
setRemoteCredentials on the WebService instance to provide
credentials that the FDS Proxy Service can use to pre-authenticate
the user before sending on your web service request. Note that you
can also use the same set of credentials for all users by hard
coding in remote credentials for the Proxy Service
destination.