About using Windows Authentication

[WinkyW]

Hi,

I have two extensions. Extension1 is a Panel extension and Extension2 is a ModalDialog extension. The Extension2 will open via user action on Extension1. Both extensions accessing a site configured with Windows Authentication. The user has to enter the credentials to access the page of the Extension1 and then the user is logged in. That is fine, because the user visits the site for the first time. But every time when the Extension2 tries load the page, the user needs enter the credentials to login. It is a bad user experience when the user has to enter the credentials again and again. Because the Extension2 can be opened as frequently as the user wants.

My questions:

• Is it possible to share credentials between the extensions? As like the tabs of the browser; once the user is logged in via one of the tabs, open or switch to another tab, no credentials are required.
• I have tried to predefine/ store the credentials with the function "cep.util.storeProxyCredentials", but without success. What does the function "cep.util.storeProxyCredentials" do?
• any workaround for this situation; predefine the credentials to avoid the prompt for user name and password?

Thanks

[jingtaotan]

Hi @WinkyW , we have done something similar to this before. Our goal was slightly different though. We also have 2 extensions:

• Panel1 triggers Panel2.
• Panel2 has an iframe which loads a website from a URL indicated by Panel1

Because we cannot pass parameters when Extension1 calls CSInterface.requestOpenExtension, what we do is:

1. Panel1 first sets up a CEP event listener for an event like "Panel2Ready"
2. Panel1 calls CSInterface.requestOpenExtension("Panel2")
3. Panel2 is eventually opened. It sets up a CEP event listener for an event like "Panel2OpenThisUrl"
4. Panel 2 triggers a CEP event "Panel2Ready" using CSInterface.dispatchEvent()
5. Panel1 handles the "Panel2Ready" event, then triggers another CEP event "Panel2OpenThisUrl". In the CSEvent object the URL to be loaded in the iframe in Panel2 is added as an event data property
6. Panel2 handles the "Panel2OpenThisUrl", then sets the URL to the iframe's src

In your case, you could pass a session key or some sort of the website you are opening in Panel2 as the event data in step 5.

[WinkyW]

Hi jingtaotan,

Thanks for your quick response, but the solution cannot resolve my problem. The site is configured with Windows authentication, we don't have session key to handle the authentication, the authentication mechanism is handled by IIS and the client (CEP engine) and the IIS is configured to support the Negotiate protocol or the NTLM protocol.

We have workaround for all release versions of InDesign (2014, 2015 and latest 2017), the user is prompted in Javascript inside the application (InDesign). Now we can overload the javascript prompt to return the username and password when the client needs to send response (encrypted challenge) to the server.

But in the pre-release version of InDesign (12.1) (CEPHTMLEngine 7.0.0.95), there is native username/password dialog in CEP for credentials; fixed the issues #62 and #88. The credentials dialog is showing outside InDesign, it is a standalone process and not a modal dialog inside InDesign.

My questions:

• Is it possible to hook on some event of the credentials dialog from the Extension1? Or override the credentials dialog?
• It is CEP own native credentials dialog, is it possible to predefine the credentials to avoid multiple asking of the credentials?
• Any idea what the function "cep.util.storeProxyCredentials" does?