John Ruffin wrote on 11/12/2008 11:59 PM:
> Bil, can you elaborate on your approach a bit? Short example.
Sure, you mentioned you were trying to do this:
$.ajax( url : 'https://somedomain.com/secure/somefile.aspx')
Instead, you have to do this (assuming your site is "mydomain.com"):
$.ajax( url : 'https://mydomain.com/remotecall.aspx')
That will load a page off of your server, but you want it from the remote
server. So remotecall.aspx on your server then has to perform the request, get
the result, and return it to the browser. In other words, remotecall.aspx on
your server is acting as a proxy to the remote server.
I'd give you some example code for ASP.NET, but I don't program in it. Here's
what it would look like in the server-side language I do use, which is Lasso:
content_body =
include_url('https://somedomain.com/secure/somefile.aspx',
-postParams=client_postParams, -getParams=client_getParams,
-SendMIMEHeaders=client_headers);
What it's doing is setting the response to the browser being the response from
the remote server, and it's proxying the GET, POST, and request headers to the
remote server. That's a simple example, in the real world, if you use HTTP
Authentication or Cookies, or pass the session ID via a GET/POST param, then
you'll want to filter out those headers/params before sending it on to the
remote site to avoid leaking sensitive data.
The other tricky bit is if you're relying on the browser to already be logged
into the remote site (either via a session cookie or HTTP Authentication) --
the user's browser will not send your site the cookie or Auth headers needed to
authenticate to the remote server. In that case, the user will have to provide
you with their username and password for the remote site in order for your
server to masquerade as them. If you control the remote server, then you can
code around this limitation.
- Bil
