Cross-domain Request Authentication

Last post 11-27-2007, 10:12 AM by cutechat. 1 replies.
Sort Posts: Previous Next
  •  11-12-2007, 12:52 PM 35000

    Cross-domain Request Authentication

    I'm tasked with verifying that the user requesting the chat is actually the person they say they are.  They will be clicking the chat request button in a domain that they are currently authenticated in and I need to pass, secretly, an encrypted key to the operator to verify for the operator that they are chatting with a registered user.
     
    I can't find any way to do this other than to wrap the button in a web user control that writes out the contents of the script for the button and when the user clicks on it, appends the encrypted key to the window that gets opened.  I've managed to do most of this but I'm unsure how to figure out whether operators are online in the chat domain from the user's domain (it appears that the script itself just uses the current domain information to check that out, which in this case is not the domain the chat operators are logged into).
     
    Is there any way to determine if there are operators online and ready by referencing the DLL's and setting a value or something telling it which domain to check for?  I tried a few of the members on the CuteChat.ChatWebUtility but they are all either read-only or are throwing errors (because they're being instantiated in a domain where the CuteSoft stuff is not located as near as I can tell).
     
    Any guidance would be greatly appreciated.
    -
    Scott Smith
    Healthways, Inc.
  •  11-27-2007, 10:12 AM 35423 in reply to 35000

    Re: Cross-domain Request Authentication

    Hi,
     
    Are you saying CuteChat4 or v3?
     
    You can use CuteChat.ChatWebUtility.HasReadyAgents() to detemine whether the agents is Online.
     
    You can try to modify the Support-Image-Button.js.aspx or the  Support-Visitor-monitor-crossdomain.js.aspx to fit you need.
     
    It's the most easy way to pass your data by cookie. 
     
    But the browser will reject the cookie or do not send the cookie when the website using cross domain resources.
     
    Maybe I am not understand what you want exactly . Please reply me if I am wrong.
     
    Regards , Terry .
     
     
     
View as RSS news feed in XML