I have a site with a button, that when pressed, it goes to a different site. The problem is that the second site requires username and password and I'm not sure how to get it done. Please see relevant code below. It is the "icol===17) portion that I'm interested in. thanks.
Code:
onSelectRow: function (rowid, status) {
},
onCellSelect: function (rowid, iCol, cellContent, e) {
if (iCol === 16) { //REPORT
var lp = parent.$('body').mip('loading', { enable: true, border: false });
cq = $(this).jqGrid('getCell', rowid, 1); // Company
cw = $(this).jqGrid('getCell', rowid, 2); // Account
ce = $(this).jqGrid('getCell', rowid, 3); // PatientID
ca = $(this).jqGrid('getCell', rowid, 4); // Department
cs = $(this).jqGrid('getCell', rowid, 5); // AppDate
cd = $(this).jqGrid('getCell', rowid, 6); // Reason
cz = $(this).jqGrid('getCell', rowid, 7); // Provider
cx = $(this).jqGrid('getCell', rowid, 8); // Facility
cc = $(this).jqGrid('getCell', rowid, 9); // MRNO
cv = $(this).jqGrid('getCell', rowid, 10); // FolderTokenName
cn = $(this).jqGrid('getCell', rowid, 11); // FileSpec
cb = $(this).jqGrid('getCell', rowid, 12); // DocType
cm = $(this).jqGrid('getCell', rowid, 13); // ChartDisplayName
cl = $(this).jqGrid('getCell', rowid, 14); // DocDesc
cl = $(this).jqGrid('getCell', rowid, 15); // Apptno
var en = 'Production';
if (readCookie('MIPEnvn') != null) {
en = readCookie('MIPEnvn').split('|')[7];
if ((en === 'false') || (typeof (en) == 'undefined'))
en = 'Production';
}
var url = "controller0.aspx/CallFile";
var params = { "company": cq, "account": cw, "filespec": cn, "foldertoken": cv, "mrno": cc, "doctype": cb, "chartdisplay": cm, "docdesc": cl, "facility": cx, "env": "Production" };
$.ajax({
type: 'POST',
url: url,
data: $.toJSON(params),
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (data) {
},
error: function (err) {
alert(err.responseText);
//parent.logoutComplete();
},
complete: function (data) {
//alert($.evalJSON(data.responseText).d);
window.location.href = "#top";
parent.$('#' + lp).mip('loading', { enable: false, border: false });
parent.openWindow($.evalJSON(data.responseText).d, ce);
}
});
}
else if (iCol === 17) { //PACS
var apptno = $(this).jqGrid('getCell', rowid, 15); // Apptno
var url =("http://secondsite.com");
window.open(url+apptno)
} else { }
If we're talking about HTTP authentication here, you can put username and password right into the URL, like this:
Code:
http://user:password@domain.com/
Of course, that means that you have to put your credentials in there for everyone to see. Also, IE>6 prevents this from working, and other browsers might show a phishing warning.
And I don't really know what you're trying to do there. On that second site, should users be logged in with your credentials or with their own (and why)?
__________________
.My new Javascript tutorial site: http://reallifejs.com/
.Latest article: Calculators — Tiny jQuery calculator, Full-fledged OOP calculator, Big number calculator
.Latest quick-bit: Including jQuery — Environment-aware minification and CDNs with local fallback
both applications deal with Radiology. The first site is where referring doctors go to view the completed reports of their patients. The second site is where the scanned images for the patients are stored. They are two separate applications. When the doctors goes into the first site and looks at the report, they might want to see the images as well. So the button for the images takes them to the second site. Passing the right parameter, they can go directly to the images that belong to that patient. Unfortunately, I've gotten as far as opening the second site with the parameter, but can't get passed the authentication. The auth is in HTML. I tried adding the code below, but it just messes up the page and I don't know how to look for what's causing the error on the script.
Wouldn't the doctors have different credentials for both sites, so you can't do an autologin from one site to the other?
Anyway, since this is about medical information, it doesn't sound like a good idea to put plaintext credentials into your HTML, or to otherwise try to circumvent the security measures of the second site. Does the second site not store the current session, so it suffices for the doctors to log in on the second site once (which makes sense), so they can subsequently access the second site without further logins, as long as the session is valid?
For instance, take one of those facebook like buttons on external websites — if you're already logged in to facebook, it just works, and if you're not, you're asked to provide your credentials. From a security perspective, it makes sense for one application to not know a user's credentials for another application.
__________________
.My new Javascript tutorial site: http://reallifejs.com/
.Latest article: Calculators — Tiny jQuery calculator, Full-fledged OOP calculator, Big number calculator
.Latest quick-bit: Including jQuery — Environment-aware minification and CDNs with local fallback
When your business depends on a referral base, you're forced to make things convenient for that base. I can have them go to one site for the reports and then go to the other site for the images. I can even give them the same username and password for both sites, but like I said, convenience is the name of the game. i need to make both applications seem as one. The vendor for the second site has turned on security to where fields like the username and password can be posted. But what I think is hurting me is the same origin policy. Both sites are hosted on the same IIS server, but one uses a secure port while the other uses port 80. One of them https://portal.somedomain.com and the other is http://images.somedomain.com. And the one reason why I thing origin policy is the culprit is because I was able to go into the browser and enable cross-domain scripting. but that's not what I want to do. Thanks for the input.
The same origin policy doesn't apply to form submissions, and you can easily put a port number into the URL you are submitting the form to. On the second site, the login form and the form that gets you to some specific content might be two different forms, in which case you wouldn't be able do it in one go, but you could submit the login form to a hidden iframe to log the user in on the second site, and then use the other form to redirect them to the content.
There's no way of figuring out a valid approach, though, without seeing actual code from the second site, or, better yet, a live example.
__________________
.My new Javascript tutorial site: http://reallifejs.com/
.Latest article: Calculators — Tiny jQuery calculator, Full-fledged OOP calculator, Big number calculator
.Latest quick-bit: Including jQuery — Environment-aware minification and CDNs with local fallback
I don't know about any particular examples, but you just need to set the target attribute of the form to the name of the iframe. That way, the form will submit without page refresh, so it will work pretty much like AJAX, only without the cross domain restriction. Notice, however, that the cross domain restriction still applies to the content you're getting back from the from submission, so you won't know whether the login has been successful.
A Google search for something like "submit form to hidden iframe" should yield further information.
Also, since you seem to be in full control of the images.somedomain.com server, you can just make it send a
header, in which case you wouldn't have any trouble with the same origin policy at all.
__________________
.My new Javascript tutorial site: http://reallifejs.com/
.Latest article: Calculators — Tiny jQuery calculator, Full-fledged OOP calculator, Big number calculator
.Latest quick-bit: Including jQuery — Environment-aware minification and CDNs with local fallback
I happen to work in healthcare myself. If your porting them over to the PACS login page isnt that kind of a bad idea? they really must login to it manually, becuase if they dont then that would circumvent the java detection on the pacs login page to detect if the user has the DX viewer installed or not?
Plus, in most case, PACS login password and usernames are unique to the pacs system, so your application would need secure access to the PACS user database to pull that information in the first place, wouldnt it?
I'm just curious as I could run into something similar myself
Before you post, read our: 
