...

View Full Version : Https invalid syntax ie new update



isster
08-14-2004, 01:25 AM
As many of you know, you are no longer able to access an https site with your username and password like this using internet explorer:

https://username:password@mysite.com

You will get a syntax error. The reason is because of microsoft new patch that disables this feature.

http://support.microsoft.com/default.aspx?scid=kb;%5Bln%5D;834489

------------------------------------------------------------------------
I have a link to a site with https://username:password@mysite.com that users clicked on to gain access to it. This way, users don't have to remember this sites username and password.

This is essential.
-------------------------------------------------------------------------
Is there a way to create a link using javascript to allow access to a site that uses this kind of authentication without the user having to enter a url?
-------------------------------------------------------------------------
Previously I thought this would work because it connected to the https site and created a cookie on my computer. Then I thought I would just redirect the user to the login page. But after WinHttpReq.Send() is called the cookie is destroyed. Is There a way for you to tell the ActiveXObject not to destroy the cookie?

<script language="JavaScript">
var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
var temp = WinHttpReq.Open("GET", ="https://www.mysite.com/", false);
WinHttpReq.SetCredentials("username","password",0);
WinHttpReq.Send();

top.location.href="https://www.mysite.com/";
</script>

----------------------------------------------------------------------
Any help would be greatly appreciated. And I am sure many many people are looking for this solution. You would be a javascript god if you can solve it!

isster
08-14-2004, 01:32 AM
The above url should look like this:

https://username:password@mysite.com

Sorry, the text editor parsed it as a smily face :eek:

Willy Duitt
08-14-2004, 01:50 AM
What happened when you followed the Microsoft link you posted above??
They posted several workarounds, did you bother following the links they provided or would you like us to do that for you?

From what I read, they provided several solutions, if you have problems with implementing any of the solutions, please post your attempts and perhaps someone can spot where you may have erred...



Workarounds for application and Web site developers
URLs that are opened by objects that call WinInet or Urlmon functions
For objects that use an HTTP or an HTTPS URL that includes user information when they call a WinInet or Urlmon function such as InternetOpenURL, rewrite the object to use one of the following methods to send user information to the Web site:
Use the InternetSetOption function and include the following option flags:
INTERNET_OPTION_USERNAME
INTERNET_OPTION_PASSWORD
Note For these flags, the InternetSetOption option must have a handle returned by the InternetConnect function. Therefore, if the application uses the InternetOpenUrl function, modify the application to use the InternetConnect, HttpOpenRequest and HttpSendRequest WinInet functions. For additional information about how to use these functions, visit the following Microsoft Web sites:
http://msdn.microsoft.com/library/en-us/wininet/wininet/internetconnect.asp

http://msdn.microsoft.com/library/en-us/wininet/wininet/httpopenrequest.asp

http://msdn.microsoft.com/library/en-us/wininet/wininet/httpsendrequest.asp

Use the IAuthenticate Interface. For additional information about how to use the IAuthenticate Interface, visit the following Microsoft Web site:
http://msdn.microsoft.com/workshop/networking/moniker/reference/ifaces/iauthenticate/iauthenticate.asp

Note With this workaround, you can open Web sites that the URL-spoofing technique redirects. The whole URL appears, including the redirected location. For example, the following URL appears:
http://www.wingtiptoys.com@www.example.com

The user still arrives at the redirected Web site. In this example, the user arrives at http://www.example.com.


.....Willy

isster
08-14-2004, 02:03 AM
I've spend 9 days on this project. Their work arounds doesn't work for what I need. All their solutions have to do with the server side. NOT the client side. Believe me, I've researched and researched and nothing is working.

The users browser has to log them in once they click on that link. The reason for this is session cookies. If you run it on the server, the session cookies will not be stored on the client computer. So Microsoft solutions doesnt work for me. They said that you can just tell the user to enter their password through the prompt, but theirs gotta be another automated way.

PDXDeveloper
06-30-2005, 01:52 AM
I am trying to figure out how to work with the IAuthenticate interface.
I have a .NET C# application that uses a WebBrowser control to access a secure web site. I am tryint to let the application display content without having user log in.
I've read what's on MSDN and searched all over the internet. I can't seem to find any sort of example or anything on how to use IAuthenticate at all.
Don't even really know where to start with it.
I would really appreciate any help in this.

Thank you.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum