Search Results

Search found 2 results on 1 pages for 'jerem'.

Page 1/1 | 1 

• How to share session cookies between Internet Explorer and an ActiveX components hosted in a webpage

  - by jerem

  I am currently working on a .Net application which makes HTTP requests to some web applications hosted on a IIS server. The application is deployed through ClickOnce and is working fine on simple networks architectures. One of our customers has a very complex network involving a custom authentication server on which the user has first to log himself in order to be authenticated and get access to other applications on this network. Once authenticated on this server, a session cookie is created and sent to the user. Every time the user then makes a request on a secured server of the network, this cookie is checked to grant access to the user. If this cookie is not sent with the request, the user is redirected to the login page. The only browser used is Internet Explorer. This cookie cannot be accessed from our .net application since it is executed in another process than the Internet Explorer process which was used to log the user in, and thus is not sent with our requests, which cannot be completed since the server redirects every of our requests to the login page. I had a look at embedding my application into Internet Explorer by making the main control COM visible and creating it on an HTML page with an tag. It is working properly, however the sessions cookies set earlier in the browser are not sent when the ActiveX control makes web requests. I was hoping this sharing of the session information would be automatic (although I didn't really believe it). So my questions are : Is it possible to have access to this cookie in the embedded ActiveX? How? Does it make a difference to use a .Net COM-interop component instead of a "true" ActiveX control? Also, are there specific security words to describe this kind of behaviors (given that I am not an expert at all on security topics, this lack of proper terminology makes it a lot harder to find the needed resources)? My goal is to have my application's requests look the same from the requests made by the host browser's requests, and I thought that embedding the application as an ActiveX control into the browser was the only way to achieve this, however any suggestion on another to do this is welcome.

  Read the article

• How to do a javascript redirection to a ClickOnce deployment URL?

  - by jerem

  I have a ClickOnce application used to view some documents on a website. When connected, the user sees a list of documents as links to http://server/myapp.application?document=docname. It worked fine until I had to integrate the website authentication/security system into my application. The website uses a ticketing system to grant access to its users. A ticket is generated by a web application and needs to be added to the deployment URL querystring, then I have to check at application startup that the ticket given in querystring was right by making another request to the web application. So the deployment URL becomes something like: h ttp://server/myapp.application?document=docname&ticket=ticketnumber. The problem is the ticket is valid only 10 seconds, so I have to get it only after the user has clicked a link. My first try was to have some javascript do the request to get the ticket, generate the proper deployment URL and then redirect the user to this URL with "window.location = deploymentUrl;". It works fine in Firefox, but IE does not prompt the user for installation. I guess it is a ClickOnce security constraints, but I am able to do the redirection when doing it on localhost, so I hope there is a workaround. I have also added the server on the "trusted sites" list in IE options. Is it possible to have that working in IE? What are my other options to do that?

  Read the article

1