Opening MS Office and other Docs from a Web Site with Cookies Authentication

The functionality described in this article is available in IT Hit WebDAV Ajax Library v3 Beta and later versions.

Using IT Hit WebDAV Ajax Library protocol application you can open documents for editing from a WebDAV server that supports cookies authentication. A required persistent cookie(s) from a web browser will be passed to WebDAV client, so the login dialog is not displayed. The protocol app can pass persistent cookies from Chrome, Firefox, Safari, Edge and Internet Explorer on Windows, OS X and several Linux flavors.

Both IT Hit WebDAV Ajax Library v2 and v3 protocol applications can be installed side by side on one machine and run without interfering.

To create a WebDAV server with pure cookies authentication you can add WebDAV support to your ASP.NET website using 'Add WebDAV Server Implementation...' wizard selecting "Cookies/Forms" option and leaving Basic, Digest and MS-OFBA options unchecked.

To use cookies authentication you must use the DavProtocolEditDocument() function and pass additional parameters that will determine which cookie(s) will be passed to WebDAV client and what action to take if cookies are not found.

Note that the EditDocument() function does NOT support cookies authentication.

Here is the code example with cookies authentication:

<!DOCTYPE html>
    <meta charset="utf-8" />
    <script type="text/javascript" src="ITHitWebDAVClient.js" ></script>
<script type="text/javascript">
    function edit() {
            'http://localhost:87654/folder/file.ext', // Document URL(s)
            'http://localhost:87654/',                // Mount URL
            protocolInstallMessage,                   // Function to call if protocol app is not installed
            null,                                     // Reserved
            'Current',                                // Which browser to copy cookies from: 'Current', 'All', 'None'
            '.AspNet.ApplicationCookie',              // Cookie(s) to copy.
            '/Account/Login',                         // URL to navigate to if any cookie from the list is not found.
            'Edit'                                    // Command to execute: 'Edit', 'OpenWith'
    function protocolInstallMessage(message) {
        var installerFilePath = "/Plugins/" + ITHit.WebDAV.Client.DocManager.GetInstallFileName();

        if (confirm("Opening this type of file requires a protocol installation. Select OK to download the protocol installer.")){
<input type="button" value="Edit Document" onclick="edit()" />

The first 3 parameters are identical in case of challenge-response authentication and cookies authentication. These are one or more document URLs separated by coma, mount URL and a callback function, they are described in this article. Here are the rest of the parameters:

  • reserved - Reserved for future use.
  • sSearchIn - Specifies which web browser to search and copy cookies from. This could be:
    • 'Current' - search current web browser in which this JavaScript is executing.
    • 'All' - search all web browsers. This option can be specified only if list of cookies in not null.
    • 'None' - do not search or pass any cookies. This option should be specified in case of Basic, Digest, NTLM or Kerberos authentication.
  • sCookieNames - Coma separated list of cookie names to be passed to WebDAV client.
  • sLoginUrl - URL to navigate to if any cookie from the list is not found.
  • sCommand - Command to execute when opening the document:
    • 'Edit' - edit document command.
    • 'OpenWith' - show system 'Open With' dialog to select application to be used to open a document. This option is supported on Windows and OS X only.

Non-Persistent Cookies and Login URL Parameter

The protocol app can pass to WebDAV client persistent cookies (with expiration date) only. It can not pass any non-persistent cookies (cookies that leave during web browser session only, without expiration date). If any of the cookies specified in sCookieNames parameter are not found or expired, the protocol application will display a message informing that the user must be loged-in with "Remember me" checkbox and will redirect to the login URL specified in the sLoginUrl parameter.

Also note that, depending on the web browser and machine, after the persistent cookie is set it may take up to 20 sec for the protocol application to become able to find and pass the cookie to WebDAV client.

 See Also: