How to tell WebBrowser control what credentials to use?

[Guest]

Hi,

I am using the System.Windows.Forms.WebBrowser control in a WinForms
application to automate some actions agains a web application.

How do I tell the WebBrowser control programatically what credentials and
what authentication mode to use when accessing a web site?

A code snippet would be greatly appreciated.

Thanks,

 

[Linda Liu [MSFT]]

Hi Adar,

How do I tell the WebBrowser control programatically what credentials and

what authentication mode to use when accessing a web site?

Do you mean the WebBrowser security?

The WebBrowser control is designed to work in full trust only. The HTML
content displayed in the control can come from external Web Servers and may
contain unmanaged code in the form of scripts or Web controls. If you use
the WebBrowser control in this situation, the control is no less secure
than Internet Explorer would be, but the managed WebBrowser contro does not
prevent such unmanged code from runing.

Hope this helps.


Sincerely,
Linda Liu
Microsoft Online Community Support

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Hi all,

Sorry Linda, you missed me completely.

Lets say I have the user name and password for a remote site stored locally
and I want the login to happen without end user intervention. How do I
tell the WebBrowser control the credentials to use against a remote site?

To Linda: I am not worried about local security because I will only be working
against well known (and safe) intranet web applications.

Thanks,

 

[Linda Liu [MSFT]]

Hi Adar,

After doing some research on this issue, I only find a way for a client
application code to communicate with a web page scripting code. We could
call the functions in the web page script code from our client application,
and access the public propeties and methods defined in our client
application from the web page script code.

I think you may add a function to accept username and password in the
script code of the web page. Then call this function from the client
application to pass the stored username and password. You may modify the
logon logic in the web page to use the username and password that has been
passed.

For more information on how to implement two-way communication between
DHTML code and client application code, you could refer to the following
page.

http://msdn2.microsoft.com/en-us/library/a0746166.aspx

Hope this helps.


Sincerely,
Linda Liu
Microsoft Online Community Support

 

[Guest]

Hi Linda (and all),

Sorry, we seam to be misunderstanding each other.

Let me try and re-state my problem/question.

I have a WinForms application that contains the WebBrowser control.
This WebBrowser control needs to access a web application (web site)
that requires authentication. I want the navigation to the web application
and the login process to happen without end-user intervention (automatically).

If I were to use WebRequest / WebResponse to access that same web site
I would use something like:

// Create a request for the URL.
WebRequest request =
WebRequest.Create ("http://www.contoso.com/default.html");

// If required by the server, set the credentials.
// or use a different ICredentials implementation
request.Credentials = CredentialCache.DefaultCredentials;
// Or something with specific username and password like
request.Credentials =
new NetworkCredential("UserName", "SecurelyStoredPassword")

// Call the site using the specified credentials.
HttpWebResponse response = (HttpWebResponse)request.GetResponse ();


How would I do the equivalent if I am using WebBrowser control instead of
the WebRequest / WebResponse?

How do I supply the WebBrowser control the credentials to use when accessing
the web site.

(As you can see from the scenario I describe, I have no control over the
HTML or the script that comes from the web site.)

Thanks,

 

[Linda Liu [MSFT]]

Hi Adar,

As far as I know, there're two kinds of authentication modes for web site.
One is form authentication which requires the user to input his username
and password in the web page. And the other is integration authentication
which uses the current windows user's username and password to log on the
web site.

Could you tell me what kind of the authentication mode of the web site
you'll navigate is?

As for the first authentication mode, we could pass the username and
password from windows application to the web page using the method I
mentioned in my previous reply. However, this probably requires script in
the web page to accept the username and password.

As for the second authentication mode, IE always uses the current user's
username and password to log on the web site and we could't change this
behavior. The WebBrowser control is a shell of IE, which means the control
does what IE does when accessing web sites.

If you do want to navigate the web site by the specified username and
password, you could run the windows application as the specified user. To
do this, right-click the windows application and choose Run as. Then input
the specified username and password in the Run As dialog.

Hope this helps.
If you have any concerns, please feel free to let me know.



Sincerely,
Linda Liu
Microsoft Online Community Support

 

[Guest]

Hi Linda,

In cases of integrated authentication the browser pops up a dialog box to
prompt the user for a username and password. I want to override this
behavior.
I have done some more research myself and found information about the
IServiceProvider, IProfferService and IAuthenticate interfaces. Howerver, it
is still not clear to me how to tie all of this together. The documentation
is
very scarce on these subjects. Does the browser implement the IProfferService
interface? How can I obtain a reference to it? Can I register my
implementation
of IAuthenticate with it? Again, a little code snippet would be greate.

In cases of WinForms authentication I can use code similar to the following.
This segment navigates to google and puts my name in the search edit control
and sends "Enter". I can do the same in a login form entering the username
and password in the proper fields.

gBrowser.Navigate("http://www.google.com/");
InternetExplorer gIE = gBrowser.ActiveXInstance as
InternetExplorer;

HTMLDocumentClass docClass = gIE.Document as HTMLDocumentClass;

IHTMLElement query = docClass.getElementById("q");
IHTMLElement2 query2 = query as IHTMLElement2;
query2.focus();
query.innerText = "Adar Wesley";

// Find the HWND of the browser control so I can send it the
keyboard
// messages.
IntPtr IEServerHWND = Win32.FindWindowEx(gBrowser.Handle,
IntPtr.Zero, "Shell Embedding", null);
IEServerHWND = Win32.FindWindowEx(IEServerHWND, IntPtr.Zero,
"Shell DocObject View", null);
IEServerHWND = Win32.FindWindowEx(IEServerHWND, IntPtr.Zero,
"Internet Explorer_Server", null);

Win32.PostMessage(IEServerHWND, Win32.WM_KEYDOWN,
(int)Keys.Enter, 0x000001);
Win32.PostMessage(IEServerHWND, Win32.WM_KEYUP, (int)Keys.Enter,
0xC0000001);

Thanks,

 

[Linda Liu [MSFT]]

Hi Adar,

Thank you for your prompt response and detailed update.

I'm sorry that when I research on the sample code you provided, the code
couldn't pass compilation. The errors are 'The type or namespace
'InternetExplorer' could not be found' and 'The name 'Win32' does not exist
in the current context'. Could you tell me what assembly and namespace do
the 'InternetExplorer' and 'Win32' reside?

I look forward to your reply.


Sincerely,
Linda Liu
Microsoft Online Community Support

 

[Guest]

Hi Linda,

Win32 is defined as follows:
internal class Win32
{
public const int WM_KEYDOWN = 0x0100;
public const int WM_KEYUP = 0x0101;
public const int WM_CHAR = 0x0102;
public const int WM_DEADCHAR = 0x0103;
public const int WM_SYSKEYDOWN = 0x0104;
public const int WM_SYSKEYUP = 0x0105;
public const int WM_SYSCHAR = 0x0106;
public const int WM_SYSDEADCHAR = 0x0107;
public const int WM_UNICHAR = 0x0109;
public const int UNICODE_NOCHAR = 0xFFFF;

[DllImport("user32.dll")]
public static extern bool PostMessage(IntPtr hwnd, UInt32 msg, Int32
wparam, UInt32 lparam);

[DllImport("user32.dll")]
public static extern IntPtr FindWindowEx(IntPtr parentHWND, IntPtr
afterChild, string className, string windowTitle);

[DllImport("user32.dll")]
public static extern UInt32 MapVirtualKey(UInt32 uCode, UInt32
uMapType);
}


InternetExplorer is defined by adding a reference to the COM object named
"Microsoft Internet Controls", which is defined in the COM dll named
shdocvw.dll in
system32.

I also have references in my code to IOleObject and IOleClientSite which
are defined as follows. However, I think the references in the code to these
interfaces are commented out in the version I posted, so you won't need them.


[ComImport]
[Guid("00000112-0000-0000-C000-000000000046")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
internal interface IOleObject
{
void SetClientSite(IOleClientSite pClientSite);
void GetClientSite(ref IOleClientSite ppClientSite);
void SetHostNames(object szContainerApp, object szContainerObj);
void Close(uint dwSaveOption);
void SetMoniker(uint dwWhichMoniker, object pmk);
void GetMoniker(uint dwAssign, uint dwWhichMoniker, object ppmk);
void InitFromData(IDataObject pDataObject, bool fCreation, uint
dwReserved);
void GetClipboardData(uint dwReserved, ref IDataObject ppDataObject);
void DoVerb(uint iVerb, uint lpmsg, object pActiveSite, uint lindex,
uint hwndParent, uint lprcPosRect);
void EnumVerbs(ref object ppEnumOleVerb);
void Update();
void IsUpToDate();
void GetUserClassID(uint pClsid);
void GetUserType(uint dwFormOfType, uint pszUserType);
void SetExtent(uint dwDrawAspect, uint psizel);
void GetExtent(uint dwDrawAspect, uint psizel);
void Advise(object pAdvSink, uint pdwConnection);
void Unadvise(uint dwConnection);
void EnumAdvise(ref object ppenumAdvise);
void GetMiscStatus(uint dwAspect, uint pdwStatus);
void SetColorScheme(object pLogpal);
}

[ComImport]
[Guid("00000118-0000-0000-C000-000000000046")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
internal interface IOleClientSite
{
void SaveObject();
void GetMoniker(uint dwAssign, uint dwWhichMoniker, ref object ppmk);
void GetContainer(ref object ppContainer);
void ShowObject();
void OnShowWindow(bool fShow);
void RequestNewObjectLayout();
}

 

[Luke Zhang [MSFT]]

Hello Adar,

I have reviewed the thread and i am not very clear on what is the
authentication mehod in your web application, is it a form authentication
or windows authentication? Or you want support both of them?

For form authentication, the solution is as you have listed, we can get the
HTMLDocument object from the web browser control and fill the text box as
simulate the user's input.

For windows authentication, as Linda has addressed, the Webbrowser will use
the current logo user's credential. To get around this, we may have two
options:

1. Impersonate. For example, call the LogonUser API before the form is
lunch so that the application will be run under another credential.
2. IAuthenticate interfaces. This one is more complicated and need more
programming on INET SDK, which is out of topics on
microsoft.public.dotnet.framework.windowsforms. We may involve more
resource to assist you on this, would you please let me know the your
email? (To get my actual email, please remove "online")

Sincerely,

Luke Zhang

Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Hi Luke and Linda,

Thanks for all your time. I also posted this issue in the
ie5.programming.components.webbrowser_ctl news group. In that group
the subject was: "IAuthenticate, IServiceProvider - override WebBrowser
login dialog". In that thread I got a response from Walter Wang that
included a
working sample. At the same time I continued my own research and got to
a different working solution. I posted my solution in my rely to Walter's
post.
You can see both solutions there.

Again thanks for your time and effort.