Need suggestion: Authenticate for HTTP from XPiNC?
But what about Notes client? From XPiNC, IFrame element calls for a basic web page and of course, it needs authentication!
Another application area of this problem is with client-sided AJAX routines. When you are authenticated with an XPage on Notes Client, a client side HTTPRequest will not be authenticated for another resource on the same server.
Any suggestions?
UPDATE:
After Tim's suggestions, I have found a solution and implemented. I also found a bug and solved :)
See the next post...
http://lotusnotus.com/lotusnotus_en.nsf/dx/http-authentication-from-xpinc-got-help-found-bug-worked-around.htm
Comments (3)
If the iframe src isn't already computed, change it to be: if it's not XPiNC, just return the target location. Otherwise...
...call session.getSessionToken(targetServer), where targetServer is the Domino name of the server hosting the restricted resource. This will return a token that matches what Domino would have set the user's cookie to if they had manually logged in to that server from the web as the same user they're logged in as in Notes.
Next, create some intermediate page that has only one job: accepting the token and the real destination as query string parameters... this page reads both parameters, sets the user's cookie for them, then redirects them to the target page.
Now you can set the iframe's src to be the redirection page, passing it the correct parameters. When the iframe renders, the user will be logged in to the web server automatically, then redirected to the restricted resource.
Finally, the token would be a good candidate for storage in session scope; if they're navigating back and forth, there's no need to request a token every time the iframe is rendered.
Hope that helps...
Do you have session authentication set up? If so, you should not have problems requesting resources from other notes apps as long as you have permission to use them...
@Jeremy, it is not working. XULRunner does not authenticate into web server :(
@Tim, thank you for your help. I've updated the post.