John Ruffin wrote on 11/12/2008 11:59 PM: > Bil, can you elaborate on your approach a bit? Short example.
Sure, you mentioned you were trying to do this: $.ajax( url : 'https://somedomain.com/secure/somefile.aspx') Instead, you have to do this (assuming your site is "mydomain.com"): $.ajax( url : 'https://mydomain.com/remotecall.aspx') That will load a page off of your server, but you want it from the remote server. So remotecall.aspx on your server then has to perform the request, get the result, and return it to the browser. In other words, remotecall.aspx on your server is acting as a proxy to the remote server. I'd give you some example code for ASP.NET, but I don't program in it. Here's what it would look like in the server-side language I do use, which is Lasso: content_body = include_url('https://somedomain.com/secure/somefile.aspx', -postParams=client_postParams, -getParams=client_getParams, -SendMIMEHeaders=client_headers); What it's doing is setting the response to the browser being the response from the remote server, and it's proxying the GET, POST, and request headers to the remote server. That's a simple example, in the real world, if you use HTTP Authentication or Cookies, or pass the session ID via a GET/POST param, then you'll want to filter out those headers/params before sending it on to the remote site to avoid leaking sensitive data. The other tricky bit is if you're relying on the browser to already be logged into the remote site (either via a session cookie or HTTP Authentication) -- the user's browser will not send your site the cookie or Auth headers needed to authenticate to the remote server. In that case, the user will have to provide you with their username and password for the remote site in order for your server to masquerade as them. If you control the remote server, then you can code around this limitation. - Bil