Can You Support Cross-Domain Authentication If AJAX/iFrame Calls to Another Domain?