Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    New to the CF scene
    Join Date
    Nov 2011
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Help needed with posting credentials

    I have a site with a button, that when pressed, it goes to a different site. The problem is that the second site requires username and password and I'm not sure how to get it done. Please see relevant code below. It is the "icol===17) portion that I'm interested in. thanks.

    Code:
     onSelectRow: function (rowid, status) {
            },
            onCellSelect: function (rowid, iCol, cellContent, e) {
                if (iCol === 16) { //REPORT 
                    var lp = parent.$('body').mip('loading', { enable: true, border: false });
    
                    cq = $(this).jqGrid('getCell', rowid, 1); // Company
                    cw = $(this).jqGrid('getCell', rowid, 2); // Account
                    ce = $(this).jqGrid('getCell', rowid, 3); // PatientID
                    ca = $(this).jqGrid('getCell', rowid, 4); // Department
                    cs = $(this).jqGrid('getCell', rowid, 5); // AppDate
                    cd = $(this).jqGrid('getCell', rowid, 6); // Reason
                    cz = $(this).jqGrid('getCell', rowid, 7); // Provider
                    cx = $(this).jqGrid('getCell', rowid, 8); // Facility
                    cc = $(this).jqGrid('getCell', rowid, 9); // MRNO
                    cv = $(this).jqGrid('getCell', rowid, 10); // FolderTokenName
                    cn = $(this).jqGrid('getCell', rowid, 11); // FileSpec
                    cb = $(this).jqGrid('getCell', rowid, 12); // DocType
                    cm = $(this).jqGrid('getCell', rowid, 13); // ChartDisplayName
                    cl = $(this).jqGrid('getCell', rowid, 14); // DocDesc
                    cl = $(this).jqGrid('getCell', rowid, 15); // Apptno 
    
                    var en = 'Production';
                    if (readCookie('MIPEnvn') != null) {
                        en = readCookie('MIPEnvn').split('|')[7];
                        if ((en === 'false') || (typeof (en) == 'undefined'))
                            en = 'Production';
                    }
    
                    var url = "controller0.aspx/CallFile";
                    var params = { "company": cq, "account": cw, "filespec": cn, "foldertoken": cv, "mrno": cc, "doctype": cb, "chartdisplay": cm, "docdesc": cl, "facility": cx, "env": "Production" };
    
                    $.ajax({
                        type: 'POST',
                        url: url,
                        data: $.toJSON(params),
                        contentType: "application/json; charset=utf-8",
                        dataType: "json",
                        success: function (data) {
                        },
                        error: function (err) {
                            alert(err.responseText);
                            //parent.logoutComplete();
                        },
                        complete: function (data) {
                            //alert($.evalJSON(data.responseText).d);
                            window.location.href = "#top";
                            parent.$('#' + lp).mip('loading', { enable: false, border: false });
                            parent.openWindow($.evalJSON(data.responseText).d, ce);
                        }
                    });
                }
                else if (iCol === 17) { //PACS
                 var apptno = $(this).jqGrid('getCell', rowid, 15); // Apptno
    var url =("http://secondsite.com");
    
               window.open(url+apptno)
    
    
    
                } else { }
    Last edited by Wdiaz; 11-07-2011 at 05:11 PM.

  • #2
    New to the CF scene
    Join Date
    Nov 2011
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Any help would be appreciated. I tried xmlhttprequest, but cross-domain security will make it unusable. thanks.

  • #3
    Gütkodierer
    Join Date
    Apr 2009
    Posts
    2,127
    Thanks
    1
    Thanked 426 Times in 424 Posts
    If we're talking about HTTP authentication here, you can put username and password right into the URL, like this:
    Code:
    http://user:password@domain.com/
    Of course, that means that you have to put your credentials in there for everyone to see. Also, IE>6 prevents this from working, and other browsers might show a phishing warning.

    And I don't really know what you're trying to do there. On that second site, should users be logged in with your credentials or with their own (and why)?
    .My new Javascript tutorial site: http://reallifejs.com/
    .Latest article: Calculators — Tiny jQuery calculator, Full-fledged OOP calculator, Big number calculator
    .Latest quick-bit: Including jQuery — Environment-aware minification and CDNs with local fallback

  • #4
    New to the CF scene
    Join Date
    Nov 2011
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    both applications deal with Radiology. The first site is where referring doctors go to view the completed reports of their patients. The second site is where the scanned images for the patients are stored. They are two separate applications. When the doctors goes into the first site and looks at the report, they might want to see the images as well. So the button for the images takes them to the second site. Passing the right parameter, they can go directly to the images that belong to that patient. Unfortunately, I've gotten as far as opening the second site with the parameter, but can't get passed the authentication. The auth is in HTML. I tried adding the code below, but it just messes up the page and I don't know how to look for what's causing the error on the script.

    <form action="http://xxxxxxx.aspx" method="post" name="images">
    <input type="hidden" name="username" value="generic username">
    <input type="hidden" name="password" value="username's password">
    <input type="hidden" name="acc" value="##########">
    <input type="hidden" name="MRN" value="##########">
    </form>

    <script type="text/javascript">
    function submitform()
    {
    document.images.submit();
    }
    </script>

  • #5
    Gütkodierer
    Join Date
    Apr 2009
    Posts
    2,127
    Thanks
    1
    Thanked 426 Times in 424 Posts
    Wouldn't the doctors have different credentials for both sites, so you can't do an autologin from one site to the other?

    Anyway, since this is about medical information, it doesn't sound like a good idea to put plaintext credentials into your HTML, or to otherwise try to circumvent the security measures of the second site. Does the second site not store the current session, so it suffices for the doctors to log in on the second site once (which makes sense), so they can subsequently access the second site without further logins, as long as the session is valid?

    For instance, take one of those facebook like buttons on external websites — if you're already logged in to facebook, it just works, and if you're not, you're asked to provide your credentials. From a security perspective, it makes sense for one application to not know a user's credentials for another application.
    .My new Javascript tutorial site: http://reallifejs.com/
    .Latest article: Calculators — Tiny jQuery calculator, Full-fledged OOP calculator, Big number calculator
    .Latest quick-bit: Including jQuery — Environment-aware minification and CDNs with local fallback

  • #6
    New to the CF scene
    Join Date
    Nov 2011
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    When your business depends on a referral base, you're forced to make things convenient for that base. I can have them go to one site for the reports and then go to the other site for the images. I can even give them the same username and password for both sites, but like I said, convenience is the name of the game. i need to make both applications seem as one. The vendor for the second site has turned on security to where fields like the username and password can be posted. But what I think is hurting me is the same origin policy. Both sites are hosted on the same IIS server, but one uses a secure port while the other uses port 80. One of them https://portal.somedomain.com and the other is http://images.somedomain.com. And the one reason why I thing origin policy is the culprit is because I was able to go into the browser and enable cross-domain scripting. but that's not what I want to do. Thanks for the input.

  • #7
    Gütkodierer
    Join Date
    Apr 2009
    Posts
    2,127
    Thanks
    1
    Thanked 426 Times in 424 Posts
    The same origin policy doesn't apply to form submissions, and you can easily put a port number into the URL you are submitting the form to. On the second site, the login form and the form that gets you to some specific content might be two different forms, in which case you wouldn't be able do it in one go, but you could submit the login form to a hidden iframe to log the user in on the second site, and then use the other form to redirect them to the content.

    There's no way of figuring out a valid approach, though, without seeing actual code from the second site, or, better yet, a live example.
    .My new Javascript tutorial site: http://reallifejs.com/
    .Latest article: Calculators — Tiny jQuery calculator, Full-fledged OOP calculator, Big number calculator
    .Latest quick-bit: Including jQuery — Environment-aware minification and CDNs with local fallback

  • #8
    New to the CF scene
    Join Date
    Nov 2011
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I wouldn't mind trying the hidden iframe idea. Can you send me a link where I can read up on it and possibly grab some examples? thanks again.

  • #9
    Gütkodierer
    Join Date
    Apr 2009
    Posts
    2,127
    Thanks
    1
    Thanked 426 Times in 424 Posts
    I don't know about any particular examples, but you just need to set the target attribute of the form to the name of the iframe. That way, the form will submit without page refresh, so it will work pretty much like AJAX, only without the cross domain restriction. Notice, however, that the cross domain restriction still applies to the content you're getting back from the from submission, so you won't know whether the login has been successful.

    A Google search for something like "submit form to hidden iframe" should yield further information.

    Also, since you seem to be in full control of the images.somedomain.com server, you can just make it send a
    Code:
    Access-Control-Allow-Origin: http://portal.somedomain.com
    header, in which case you wouldn't have any trouble with the same origin policy at all.
    .My new Javascript tutorial site: http://reallifejs.com/
    .Latest article: Calculators — Tiny jQuery calculator, Full-fledged OOP calculator, Big number calculator
    .Latest quick-bit: Including jQuery — Environment-aware minification and CDNs with local fallback

  • #10
    Senior Coder DanInMa's Avatar
    Join Date
    Nov 2010
    Location
    Salem,Ma
    Posts
    1,577
    Thanks
    13
    Thanked 248 Times in 248 Posts
    I happen to work in healthcare myself. If your porting them over to the PACS login page isnt that kind of a bad idea? they really must login to it manually, becuase if they dont then that would circumvent the java detection on the pacs login page to detect if the user has the DX viewer installed or not?

    Plus, in most case, PACS login password and usernames are unique to the pacs system, so your application would need secure access to the PACS user database to pull that information in the first place, wouldnt it?

    I'm just curious as I could run into something similar myself
    Last edited by DanInMa; 11-08-2011 at 09:36 PM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •