Mobile app version of vmapp.org
Login or Join
Sent6035632

: White labelling with frames and IE I have a SaaS application that offers some basic white-labelling functionality related to CSS, company logos etc. However, one client now wants to white-label

@Sent6035632

Posted in: #Security #WebDevelopment #WebHosting

I have a SaaS application that offers some basic white-labelling functionality related to CSS, company logos etc. However, one client now wants to white-label the application with their own URL so that they can then resell it to their own customers.

The way that they have chosen to implement this is by having a single page on their own webserver that uses HTML 4 frames (not iframes) to host our site. This works fine for Chrome, Firefox, Safari and newer versions of IE, but breaks badly for older versions of IE (particularly IE8) when running in a locked-down corporate environment. This is because the entire application requires user authentication, which in our environment (IIS/ASP.NET) means the use of cookies; and with sites that have not been explicitly trusted by locked-down IE8, the cookie domain not matching the browser's URL causes the cookie to be rejected, so users can not sign in to our application.

We can also be sure that asking clients of our clients to change their security policies so that they can access our application is also a non-starter, as is asking them to switch to another browser!

Does anyone have experience of running secure white-labelled sites in this or similar ways? Short of setting up separate webservers with new URLs and SSL certificates, with ASP.NET's cookieless session tracking enabled, I'm not sure what else I can try.

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Sent6035632

1 Comments

Sorted by latest first Latest Oldest Best

 

@Si4351233

I have done this in the past and the best way I have found to overcome this has been setting up the application (which for us was a white label customer support portal) on it's own instance of apache configured to handle all traffic from all domains on a particular IP address...

EG: domain.com, portal.domain-2.com,
portal.domain-3.co.cc
...

We then programmed into the application detection of the domain name and the business logic handled branding of the site with a custom css file for colours and key images such as logo's and yet still functioned the way we needed it to. In addition we where using a few cookies, not for authentication but still for required application functionality, and because the domain name was handled all the way through from the browser to the application server setting cookies was no problem as it was all in the correct domain based on the white label domain being used.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme