Reputation: 2529
Chrome extension authentication using existing site authentication
I'm developing a Chrome plug-in that needs to access a REST web service that is hosted on the same domain as my web site. The web service requires that the user be logged in. The website provides account registration and authentication. I would like to be able access the web service from the plugin without requiring the user to log in again from the plugin when they have already logged in to the website. I'm not sure how to do this. I'm using the forms authentication provided by ASP.NET MVC4 for the website. And the Chrome plugin, of course, is using JavaScript's XMLHttpRequest client-side to call the web service.
There are many plugins that do this. 'Delicious Bookmarks Extension' and 'Add to Amazon.com Wishlist' are a couple examples.
Upvotes: 3
Views: 1238
Answers (1)
Reputation: 2529
I didn't find a way to do this the way I wanted. Chrome won't, for good security reasons, send the cookies of one site to another site even if one of the "sites" is technically just a Chrome extension.
I ended up turning the parts of the plugin that required authentication into iframes that were served by the website that had been logged in to. This allows Chrome to send the cookies when the iframe source is requested. This is how the Delicious and Amazon.com plugins work. There is nearly no code being run in the extension it is mostly all provided by the page in the iframe.
Upvotes: 1
Related Questions
- Log in to my web from a chrome extension
- Logged in on both a website and a Chrome extension
- chrome.identity User Authentication in a Chrome Extension
- Logging into a website using PHPAuth/PHPAuth via Chrome Extension
- Login & Authentication in Chrome Extension Practice
- Integrating web app with chrome extension
- Chrome Extension Login Security
- Chrome extension authentication with twitter facebook google etc
- Authenticating a Chrome extension with a remote server?
- Chrome extension authentication