When you use HTTP redirection, all client communication with your Corda Server™ is handled by your Web server. From a security standpoint, this means that communication between a client and your Corda Server inherits the same level of security as communication between a client and your Web server.
From a development standpoint, the main consequence of this is that all requests for images and documents from the Corda Server should instead be made to the Corda® Redirector module on your Web server.
For example, suppose you are running a Corda Server on the same machine as your Web server, http://www.mycompany.com. Without HTTP redirection, a client would use the following address to communicate with the Corda Server: http://www.mycompany.com:2001. With HTTP redirection, a client can request a Corda image or Highwire™ document from an address similar to the following: http://www.mycompany.com/ctredirector.dll (for the ISAPI redirector for IIS) or http://www.mycompany.com/servlet/ctRedirector (for the Servlet redirector).
Notice that by using the Corda Redirector, you no longer have to expose port 2001. To the client, it appears that the Corda Server is running over the Web server port (80 .
When writing code for the Corda Embedder, set the externalServerAddress attribute to the address of the Corda Redirector instead of the address of your server. For example, if your Corda Redirector address were http://www.mycompany.com/scripts/ctredirector.dll, you would use the following line of code in your Web pages:
myImage.externalServerAddress = "http://www.mycompany.com/scripts/ctredirector.dll";
This does not affect the internalCommPortAddress because the Corda Embedder uses a separate port (the comm port, 2002), and cannot communicate with the Corda Server through a Corda Redirector. A Corda Redirector is not necessary for the comm port because the Web application that uses Corda Embedder is also behind the firewall.
The following architecture summary helps you understand HTTP redirection. For more information about redirection architecture, see Alternative Configurations.
If you are confused about how the Corda Redirector works, consider the following setup:
Your Web server is located at http://server.mycompany.com . On this Web server, you have a Web page called stats.asp that uses Corda Embedder to embed a Corda image. Your Corda Server is on a machine behind the firewall at 10.0.1.2, using its default port settings (server port = 2001, comm port = 2002). You have installed the ISAPI version of the Corda Redirector on your Web server.
In this situation, set the externalServerAddress and the internalCommPortAddress attributes in your Corda Embedder code as follows:
myImage.externalServerAddress = "http://server.mycompany.com/scripts/ctredirector.dll";
myImage.internalCommPortAddress = "10.0.1.2:2002";
When a client requests the stats.asp page from the Web server, Corda Embedder sends an image request to your Corda Server over port 2002 at the address 10.0.1.2. Your Corda Server generates the image and returns to Corda Embedder the HTML necessary for the client to request the image. Corda Embedder writes this to the Web page, and the Web server sends the page on to the client.
In the Web page, the client sees a tag similar to the following.
<img src= "http://server.mycompany.com/scripts/ctredirector.dll?12345"/>
It then requests an image from the address http://server.mycompany.com/scripts/ctredirector.dll . The Web server (specifically, the Corda Redirector module) handles this request and redirects it to port 2001 at the address 10.0.1.2, which is your Corda Server's server port. Your Corda Server sees the query string, fetches the image, and sends it back to the Web server, which then forwards it on to the client.