Provide a link to a secure website from a WinForms application

[Bart]

Hi,
I'm struggling with the following problem.

I have a WinForms application (.NET 2.0) where the user can lookup
information on companies. In this application, I have to insert links to a
third party website which has detailed information of that company.
Normally, this website requires a username and password to logon. We got a
username and a password from the supplier and they gave us an URL with which
we can login directly using a TVA-number as a parameter in the URL. The
credentials are to be passed as basic authentication in the http-header.
So, I found out I need to add the following headers:

- WWW-Authenticate : Basic realm="xxx"
- AUTHORIZATION: Basic xxx (where xxx is the base64 encoded
usernameassword string)

I tried a lot of stuff but I can't figure out how to do this.
Using a WebBrowser control from inside the application is not an option. The
user has to use the Internet Explorer.

I tried it with a separate website which is running on our webserver. I
provided a link in our application which simply links to our website. This
website redirects to the third party website but I can't add the necessary
stuff to the headers. I'm still getting the inputdialog for a username and
password. I installed HTTPDebuggerPro to look at the outgoing headers and
the authorization header isn't in it.
When I debug my application I noticed I'm getting an exception
(NotSupportedException) on the headers collection stating I need to be in
IIS pipeline mode.

When I use a HttpWebRequest and a HttpWebResponse, I get an OK. But what to
do next? At that moment, the user still has not an IE in front of him with
the information.

Any help is appreciated.
Thanks,
Bart

 

[Jeff Winn]

Those classes you're using are for making your own browser application, not
starting an instance of Internet Explorer.

If you're wanting to start up IE and have it navigate to that page use the
System.Diagnostics.Process class.

Process.Start("http://www.yahoo.com"); or whatever URI you're wanting the
browser to navigate to. This will use whatever their default web browser is
currently set to on their machine.

If you do want to force IE to be used as the browser:
Process.Start("C:\\Program Files\\Internet Explorer\\iexplore.exe",
"http://www.yahoo.com"); will accomplish that. I would suggest checking the
registry to determine where IE is installed at rather than passing in a
hardcoded path like I did, otherwise when the process is being started an
exception will get thrown that it cannot find the file specified if IE is
not there.

 

[Bart]

Thanks for the answer.
This opens the default browser but it doesn't logon the user automatically.
It simply pop ups a dialog for username and password. (Like they open their
browser and enter the location manually). I should be able to pass those
credentials in the header of the request so they are logged on
automatically.

 

[Jeff Winn]

Sounds like you're trying to have the application log the user into the site
by bypassing the site authentication from your application. If someone
managed to get their hands on the software the potential for damage to your
business is high since they're using your account. But that's just my
opinion.

I can't think of any way to have the user automatically logged into the site
if it's being done through a POST method when you're using IE. If it's a GET
method you could very easily just put it in the URI you're having IE connect
to, but again - you're exposing your account information for all to see
which is just plain irresponsible.