Cross-domain Request Authentication

  •  11-12-2007, 12:52 PM

    Cross-domain Request Authentication

    I'm tasked with verifying that the user requesting the chat is actually the person they say they are.  They will be clicking the chat request button in a domain that they are currently authenticated in and I need to pass, secretly, an encrypted key to the operator to verify for the operator that they are chatting with a registered user.
     
    I can't find any way to do this other than to wrap the button in a web user control that writes out the contents of the script for the button and when the user clicks on it, appends the encrypted key to the window that gets opened.  I've managed to do most of this but I'm unsure how to figure out whether operators are online in the chat domain from the user's domain (it appears that the script itself just uses the current domain information to check that out, which in this case is not the domain the chat operators are logged into).
     
    Is there any way to determine if there are operators online and ready by referencing the DLL's and setting a value or something telling it which domain to check for?  I tried a few of the members on the CuteChat.ChatWebUtility but they are all either read-only or are throwing errors (because they're being instantiated in a domain where the CuteSoft stuff is not located as near as I can tell).
     
    Any guidance would be greatly appreciated.
    -
    Scott Smith
    Healthways, Inc.
View Complete Thread