arunperi_ee
asked on
How to invoke IE through Com component in vc++
I invoked IE using com component "CComQIPtr<IWebBrowser2>". In that I used "Navigate2" method to invoke the IE with the appropriate URL. Here when i formed the URL i sent the user id and password for authentication for that web page. This user id and pwd and both visible in the browser which is raising security concerns. How can I send them similar to post method or make them invisible though web page but still get authenticated in the server?
You can use IAuthenticate for that purpose, see http://msdn2.microsoft.com/en-us/library/ms775080.aspx and http://msdn2.microsoft.com/en-us/library/ms775079.aspx
BTW, see also the example at http://www.microsoft.com/downloads/details.aspx?familyid=5255950D-ED9A-419D-BDA3-55FBE6E21F57&displaylang=en ("Sample: Using IAuthenticate to Bind to Secured Web Page")
ASKER
Hi,
I am not using IAuthenticate can you please clarify where exactly I can modify the code or how i can go about:
I have used CComQIPtr<IWebBrowser2> m_pWebBrowser1;
m_pWebBrowser1.CoCreateIns tance(CLSI D_Internet Explorer);
hr = m_pWebBrowser1->Navigate2( .....)
Where can I used the interface that you have quoted.
Can you please elaborate with an example if possible which could help me know exactly the solution.
Thanks.
I am not using IAuthenticate can you please clarify where exactly I can modify the code or how i can go about:
I have used CComQIPtr<IWebBrowser2> m_pWebBrowser1;
m_pWebBrowser1.CoCreateIns
hr = m_pWebBrowser1->Navigate2(
Where can I used the interface that you have quoted.
Can you please elaborate with an example if possible which could help me know exactly the solution.
Thanks.
Plese check the example linked above, that would be a little too much code to post here.
Navigate2 Method
http://msdn2.microsoft.com/en-us/library/aa752094.aspx
I assume that the URL looks something like:
http://www.someWebSite.com/login?id=theUser&pswd=thePassword
That is a HTTP GET transaction. If so, you can change to using the POST version of that call: Populate the 4th parameter with a string that contains all of the stuff after the
?
in the URL. That will hide it from view.
If the website requires the other kind of security (where the browser pops up a gray box requesting the user and password) then you can send that data in the 5th parameter. You need to create a header line in the format:
Authorization: Basic %s\r\n
where %s is a string in the format
user:password
and it has been base64-encoded. If this is the need, let me know and I'll explain further.
-- Dan
http://msdn2.microsoft.com/en-us/library/aa752094.aspx
I assume that the URL looks something like:
http://www.someWebSite.com/login?id=theUser&pswd=thePassword
That is a HTTP GET transaction. If so, you can change to using the POST version of that call: Populate the 4th parameter with a string that contains all of the stuff after the
?
in the URL. That will hide it from view.
If the website requires the other kind of security (where the browser pops up a gray box requesting the user and password) then you can send that data in the 5th parameter. You need to create a header line in the format:
Authorization: Basic %s\r\n
where %s is a string in the format
user:password
and it has been base64-encoded. If this is the need, let me know and I'll explain further.
-- Dan
ASKER
Hi Dan,
Yes when we are sending the user id and password in the URL it can be easily interpreted. Though I am able to login to the site.
The best would be to use Post method to open the URL. But there should be no dialog opening up it should happen without that and once the link is clicked it should happen smoothly with no further authentication.
Can you please explain how it can be encoded or invoked using POST method.
---Arun.
Yes when we are sending the user id and password in the URL it can be easily interpreted. Though I am able to login to the site.
The best would be to use Post method to open the URL. But there should be no dialog opening up it should happen without that and once the link is clicked it should happen smoothly with no further authentication.
Can you please explain how it can be encoded or invoked using POST method.
---Arun.
If a GET URL works, then a POST URL should also work -- without poping up a dialog box.
Just do as I recommended: Put the stuff that normally comes after the
?
into the 4th parameter (the PostData) and remove all of it (including the ?) from the first parameter (the URL).
-- Dan
Just do as I recommended: Put the stuff that normally comes after the
?
into the 4th parameter (the PostData) and remove all of it (including the ?) from the first parameter (the URL).
-- Dan
ASKER
Hi Dan,
I have done that but still it's not working. I invoked using:
hr = m_pWebBrowser2->Navigate2( &vaURL,
COleVariant((long) 0, VT_I4),
COleVariant((LPCTSTR)NULL, VT_BSTR),
&vaLoginCredent,
COleVariant((LPCTSTR)NULL, VT_BSTR)
);
where vaURL contains: www.<<URL>>
and vaLoginCredent contains: <<Crerdentials = <<...>> UserID= <<UID>> Password=<<PWD>>
Please let me know where I am going wrong.
Thanks,
Arun.
I have done that but still it's not working. I invoked using:
hr = m_pWebBrowser2->Navigate2(
COleVariant((long) 0, VT_I4),
COleVariant((LPCTSTR)NULL,
&vaLoginCredent,
COleVariant((LPCTSTR)NULL,
);
where vaURL contains: www.<<URL>>
and vaLoginCredent contains: <<Crerdentials = <<...>> UserID= <<UID>> Password=<<PWD>>
Please let me know where I am going wrong.
Thanks,
Arun.
First, the POST data should look the same as when it is in the URL, including the ampersand (&) signs. For instance,
Credentials=blahBlah&UserI D=blechBle ch&Passwor d=fooFoo
Next, the first parameter should be a Variant. I can't tell what it is in your code. But since you are using
&vaURL,
I can tell that you are passing a pointer to something, which may be incorrect. An example usage is here:
How To Automate Internet Explorer to POST Form Data
http://support.microsoft.com/kb/q167658/
I'm seeing that the fourth parmeter must be a VARIANT of type
VT_ARRAY | VT_UI1
that is, a SafeArray of bytes, so we can't just pass a simple string.
A sequence like this will work:
COleVariant vaUrl= (LPCSTR)"http://www.somesite.com/account/login,asp";
char* szFormData= "userName=SomeName&userPsw d=SomePass word";
COleSafeArray vaFormdata;
DWORD dwPostDataLen= lstrlen( szFormData );
vaFormdata.CreateOneDim( VT_UI1, dwPostDataLen, szFormData );
m_Browser.Navigate2( vaUrl, 0, 0, vaFormdata, 0 );
-- Dan
Credentials=blahBlah&UserI
Next, the first parameter should be a Variant. I can't tell what it is in your code. But since you are using
&vaURL,
I can tell that you are passing a pointer to something, which may be incorrect. An example usage is here:
How To Automate Internet Explorer to POST Form Data
http://support.microsoft.com/kb/q167658/
I'm seeing that the fourth parmeter must be a VARIANT of type
VT_ARRAY | VT_UI1
that is, a SafeArray of bytes, so we can't just pass a simple string.
A sequence like this will work:
COleVariant vaUrl= (LPCSTR)"http://www.somesite.com/account/login,asp";
char* szFormData= "userName=SomeName&userPsw
COleSafeArray vaFormdata;
DWORD dwPostDataLen= lstrlen( szFormData );
vaFormdata.CreateOneDim( VT_UI1, dwPostDataLen, szFormData );
m_Browser.Navigate2( vaUrl, 0, 0, vaFormdata, 0 );
-- Dan
ASKER
Thanks Dan for the effort but it still doesn't work.
I have done the way you guided me Dan, please refer below:
CString strBrowseToURL = "http://" + strURL +"/" + strFolder;
CString strLoginCredent = "Credentials="+ str +"&userid=" + strUserId +"&password=" + strPassword;
char *szFormData = strLoginCredent.GetBuffer( strLoginCr edent.GetL ength());
strLoginCredent.ReleaseBuf fer();
COleSafeArray vaFormdata;
DWORD dwPostDataLen = lstrlen( szFormData );
vaFormdata.CreateOneDim( VT_UI1, dwPostDataLen, szFormData );
CoInitialize(NULL);
CComQIPtr<IWebBrowser2> m_pWebBrowser2;
m_pWebBrowser2.CoCreateIns tance(CLSI D_Internet Explorer);
COleVariant vaURL((LPCTSTR)strBrowseTo URL);
hr = m_pWebBrowser2->Navigate2( &vaURL,
COleVariant((long) 0, VT_I4),
COleVariant((LPCTSTR)NULL, VT_BSTR),
&vaFormdata,
COleVariant((LPCTSTR)NULL, VT_BSTR));
Guess I am missing something. I will see what's going wrong.
Thanks,
Arun.
I have done the way you guided me Dan, please refer below:
CString strBrowseToURL = "http://" + strURL +"/" + strFolder;
CString strLoginCredent = "Credentials="+ str +"&userid=" + strUserId +"&password=" + strPassword;
char *szFormData = strLoginCredent.GetBuffer(
strLoginCredent.ReleaseBuf
COleSafeArray vaFormdata;
DWORD dwPostDataLen = lstrlen( szFormData );
vaFormdata.CreateOneDim( VT_UI1, dwPostDataLen, szFormData );
CoInitialize(NULL);
CComQIPtr<IWebBrowser2> m_pWebBrowser2;
m_pWebBrowser2.CoCreateIns
COleVariant vaURL((LPCTSTR)strBrowseTo
hr = m_pWebBrowser2->Navigate2(
COleVariant((long) 0, VT_I4),
COleVariant((LPCTSTR)NULL,
&vaFormdata,
COleVariant((LPCTSTR)NULL,
Guess I am missing something. I will see what's going wrong.
Thanks,
Arun.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Dan. Infact I was waiting to verify the above said code with the other dev team.
Thank you once again.
---Arun.
Thank you once again.
---Arun.