Q: In the WebViewer sample for encryption, a dialog prompts users to enter the document password.
How I can securely get this password from my server?
A: You can do this by making an AJAX request to your own server, through HTTPS.
Below is a modified config.js from the encryption sample.
The AJAX request is completely under your control, so you can implement your own server authentication for added security.
e.g.
//Override the LoadDocument function for decryption
ReaderControl.prototype.LoadDocument = function(doc, streaming) {
console.log("loadDocument encrypt override");
var me = this;
var decryptDocument = function(password) {
try {
var decrypt = window.CoreControls.Encryption.Decrypt;
var partRetriever = new window.CoreControls.PartRetrievers.HttpPartRetriever(doc, true, decrypt, {
password: password,
type: 'aes',
error: function(error) {
alert(error);
}
});
} catch(err) {
console.error(err);
}
me.docViewer.LoadAsync(partRetriever);
};
//Make a secure HTTPS request to your server to fetch the XOD password
$.ajax({
type: "POST",
data: {username: "...", password: "..."} //you can do your own user authentication here
}).done(function(data){
var password = data;
decryptDocument(password);
}).fail(function(jqXHR, textStatus){
//failed to fetch XOD password
});
};