Opening MS Office and other Docs from a Web Site with Cookies Authentication

The functionality described in this article is available in IT Hit WebDAV Ajax Library v3 Beta and later versions.

Using IT Hit WebDAV Ajax Library protocol application you can open documents for editing from a WebDAV server that uses cookies authentication. A required cookie(s) from a web browser will be passed to WebDAV client, so the login dialog is not displayed. The protocol app can pass cookies from Chrome, Firefox, Safari, Edge and Internet Explorer on Windows, OS X, and several Linux flavors.

IT Hit WebDAV Ajax Library v2 and later protocol applications can be installed side by side on one machine and run without interfering.

The IT Hit WebDAV Ajax Library v5 Beta and later versions can pass both session cookies (without expiration date) and persistent cookies (with expiration date).

Important! Microsoft Office, LibreOffice, and WPS Office require a persistent authentication cookie (cookie with expiration date) to open documents from a web page. They can NOT open documents from a web site with a session cookie (without expiration date). Typically you have to check the "Keep me logged-in" or "Remember me" checkbox on your web site when logging-in to make cookie persistent.

To create a WebDAV server with pure cookies authentication you can add WebDAV support to your ASP.NET website using 'Add WebDAV Server Implementation...' wizard selecting "Cookies/Forms" option and leaving Basic, Digest and MS-OFBA options unchecked. See the Creating WebDAV Server with Cookies Authentication article for detailed instructions.

To use cookies authentication you must use the DavProtocolEditDocument() function and pass additional parameters that will determine which cookie(s) will be passed to WebDAV client and what action to take if cookies are not found.

Note that the EditDocument() function does NOT support cookies authentication.

Here is the code example with cookies authentication:

<!DOCTYPE html>
    <meta charset="utf-8" />
    <script type="text/javascript" src="ITHitWebDAVClient.js" ></script>
<script type="text/javascript">
    function edit() {
            ['http://localhost:87654/folder/file.ext'], // Array of document URL(s).
            'http://localhost:87654/',                // Mount URL.
            protocolInstallMessage,                   // Function to call if protocol app is not installed.
            null,                                     // Reserved.
            'Current',                                // Which browser to copy cookies from: 'Current', 'None'.
            '.AspNet.ApplicationCookie',              // Cookie(s) to copy.
            '/Account/Login',                         // URL to navigate to if any cookie from the list is not found.
            'Edit'                                    // Command to execute: null, 'Edit', 'Open', 'OpenWith', 'Print'.
    function protocolInstallMessage(message) {
        var installerFilePath = "/Plugins/" + ITHit.WebDAV.Client.DocManager.GetProtocolInstallFileNames()[0];

        if (confirm("Opening this type of file requires a protocol installation. Select OK to download the protocol installer.")){
<input type="button" value="Edit Document" onclick="edit()" />

The first 3 parameters are identical in case of challenge-response authentication and cookies authentication. These are one or more document URLs separated by coma, mount URL and a callback function, they are described in this article. Here are the rest of the parameters:

  • reserved - Reserved for future use.
  • sSearchIn - Specifies which web browser to search and copy cookies from. This could be:
    • 'Current' - search current web browser in which this JavaScript is executing.
    • 'None' - do not search or pass any cookies. This option should be specified in case of Basic, Digest, NTLM or Kerberos authentication.
  • sCookieNames - Coma separated list of cookie names to be passed to WebDAV client.
  • sLoginUrl - URL to navigate to if any cookie from the list is not found.
  • sCommand - Command to execute when opening the document:
    • null - automatically chooses an appropriate verb to open a document in the associated application.
    • 'Edit' - edit document command.
    • 'Open' - opens a document in the associated application. Not applicable for some applications.
    • 'OpenWith' - show system 'Open With' dialog to select an application to be used to open a document. This option is supported on Windows and OS X only.
    • 'Print' - print document.

Login URL Parameter

If any of the cookies specified in sCookieNames parameter are not found, the protocol application assumes that the session has expired and the user needs to log-in. It will display a message informing that log-in is required and if the user confirms, it will redirect to the log-in URL specified in the sLoginUrl parameter.

 See Also:

Next Article:

Printing Documents from a Web Page Using WebDAV Ajax Library