Developers   Knowledge Bank   Articles   Protected Content

Accessing protected content with ScriptX.Services

Systems will often require that a user authenticates/logs-in which creates a session on the server and the session will authorise access to all protected content.

Frequently, static content such as images, css and script are not protected - anonymous access is allowed. However, some systems may protect all content or, for example, images that are dynamically created will require the session context.

Typically, server sessions are maintained by the use of a cookie delivered to the browser and in turn the browser sends the cookie with each request to the server.

With ScriptX.Addon, printing inherited the session cookies from the hosting browser.

This does not happen with ScriptX.Services. The html to be printed is gathered from the browser and sent to ScriptX.Services for printing - the html will contain references (url) to non-html content such as images and css with the result that referenced content such as images may not print and/or referenced content such as css is not used as expected.

Solutions

Potential solutions to this problem depend upon the content.

Dynamically created content

Dynamically created content may be able to be accessed by providing a session token (e.g. the cookie value) as a query parameter.

If this is not possible then an alternative for content such as images is to return a data url for the content rather than the image itself. A dataurl will be sent as part of the content to be printed.

If this is not practical to implement then the solution applied for static content can be used.

Static content

The delivery of protected static content can be enabled by providing the session cookie/cookies to ScriptX.Services. It will then use the cookie/cookies when making requests for referenced content.

For this to work, ScriptX Server 10.4.0 or later is required (10.4.8 and later support multiple cookies as required by systems such as Cold Fusion).

ScriptX Server 10.4.0 is included with ScriptX.Services for Windows PC 2.12.0 and later, 10.4.8 (and higher) is included with 2.15.5 and later

Also, the cookie value must be available to client javascript. The cookie will likely be marked as httponly and will therefore be unavailable to be read from the browser cookie jar.

As a consequence, the value must be written out by the server side code.

For example:


<script type="text/javascript">
   var authCookie = "ASP.NET_SessionId=@HttpContext.Current.Session.SessionID" 
     + "|@FormsAuthentication.FormsCookieName=@authCookie.Value";
</script>
Library support

The javascript libraries from MeadCo facilitate migration from ScriptX.Addon to ScriptX.Service. Either can be used to provde the cookie(s).

 MeadCoScriptXJS Library v1.10.0 and later.

Use the SetContentAuthorisationCookie method to provide the cookies to send with referenced content requests when printing. This call will do nothing if the browser is IE and ScriptX.Addon is being used.


MeadCo.ScriptX.SetContentAuthorisationCookie(authCookie);
 ScriptX.Services Client Library

If only the ScriptX Client library is being used, then:


MeadCo.ScriptX.Print.authorisationCookie = authCookie;
API Support

The ScriptX.Services API provides support via protectedContentAccess. See POST print.

Protected PDF documents

The above discussion also applies to printing PDF documents. If the documents are protected by requiring an authenticated session then provide the required session cookie. Alternatively, use the support for printing base64 encoded data.

 

Warning:

This ScriptX.Add-on sample can only be viewed using Internet Explorer.