Progress uses IAuthenticate to bind to secured Web page (156905)


The information in this article applies to:

  • Microsoft Internet Explorer (Programming) 3.0
  • Microsoft Internet Explorer (Programming) 4.0
  • Microsoft Internet Explorer (Programming) 4.01
  • Microsoft Internet Explorer (Programming) 5
This article was previously published under Q156905

SUMMARY

The Progress.exe sample from the ActiveX SDK, Internet Client SDK, and MSDN Online Web Workshop demonstrates how to use a URL moniker to asynchronously bind to data from a remote site on the Internet or an intranet. This Knowledge Base sample extends the original Progress by handling the case where authentication is required to access secured data.

MORE INFORMATION

The following file is available for download from the Microsoft Download Center:
DownloadDownload the Progress.exe package now.

Progress.exe

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. Handling authentication requests from a URL moniker requires that the URL moniker host implement a bind status callback object which exposes both the IBindStatusCallback interface and the IAuthenticate interface. The sample uses multiple inheritance to expose these interfaces on the same object.

The IAuthenticate interface consists of a single method, Authenticate. The sample implements IAuthenticate::Authenticate as follows: 
#define USERNAME_BUFFER_SIZE 255
#define PASSWORD_BUFFER_SIZE 255
#define ARRAY_SIZE( arr ) ( sizeof(arr)/sizeof(arr[0]) )

STDMETHODIMP CBindStatusCallback::Authenticate(
	HWND *phwnd,
	LPWSTR *pwszUsername,
	LPWSTR *pwszPassword)
{
	TCHAR pszDlgUser[USERNAME_BUFFER_SIZE];
	WCHAR *wszDlgUser = NULL;
	TCHAR pszDlgPassword[PASSWORD_BUFFER_SIZE];
	WCHAR *wszDlgPassword = NULL;
	
	if (!phwnd || !pwszUsername || !pwszPassword)
		return E_INVALIDARG;
	
	*phwnd = NULL;
	
	// If dialog controls have valid user & pass, use that
	HWND hWndUser = ::GetDlgItem(g_hwndDlg, IDC_USERNAME);
	HWND hWndPassword = ::GetDlgItem(g_hwndDlg, IDC_PASSWORD);
	
	// This is needed because in case the above window handles are not valid,
	// the buffers will stay uninitialized
	ZeroMemory(pszDlgUser, sizeof(pszDlgUser));
	ZeroMemory(pszDlgPassword, sizeof(pszDlgPassword));
	
	::GetWindowText(hWndUser, pszDlgUser, ARRAY_SIZE(pszDlgUser));
	::GetWindowText(hWndPassword, pszDlgPassword, ARRAY_SIZE(pszDlgPassword));
	
	if ( *pszDlgUser )
	{
	
	#ifndef UNICODE
	
		wszDlgPassword = (WCHAR *)CoTaskMemAlloc( PASSWORD_BUFFER_SIZE * sizeof(WCHAR) );
		wszDlgUser = (WCHAR *)CoTaskMemAlloc( USERNAME_BUFFER_SIZE * sizeof(WCHAR) );
		
		MultiByteToWideChar(GetACP(), 0, pszDlgUser, -1, wszDlgUser, USERNAME_BUFFER_SIZE);
		MultiByteToWideChar(GetACP(), 0, pszDlgPassword, -1, wszDlgPassword, PASSWORD_BUFFER_SIZE);
	
	#else
	
		wszDlgUser = (WCHAR*)CoTaskMemAlloc((lstrlen(pszDlgUser) + 1) * sizeof(WCHAR));
		lstrcpy(wszDlgUser,pszDlgUser);
		
		wszDlgPassword = (WCHAR*)CoTaskMemAlloc((lstrlen(pszDlgPassword) + 1) * sizeof(WCHAR));
		lstrcpy(wszDlgPassword,pszDlgPassword);
	
	#endif
	
		*pwszUsername = wszDlgUser;
		*pwszPassword = wszDlgPassword;
	}
	else
	{
		*pwszUsername = NULL;
		*pwszPassword = NULL;
		*phwnd = g_hwndDlg;
	
	    // Depending on your application, this may return S_OK also.
	    return E_ACCESSDENIED;
	}
	return S_OK;
}
When the URL moniker attempts to bind to the object specified in the call to CreateURLMoniker, it determines whether or not the object is secured. If the object is secured, the URL moniker queries the bind status callback object for IAuthenticate. The URL moniker queries for IAuthenticate through the IBindStatusCallback interface pointer registered with the bind context used in the binding operation.

This implementation of Authenticate retrieves the username and password from the dialog controls and returns them to the URL moniker if the username is non-NULL. Otherwise, the sample returns a valid window handle. The URL moniker uses this handle as the parent window handle in a call to the InternetErrorDlg WININET API. InternetErrorDlg presents the user with a dialog box requesting a user name and password required to access the secured data.

To demonstrate how a URL moniker requests authentication information from its host, following these steps:
  1. Start the Internet Information Server (IIS) Service Manager utility.
  2. Change the properties of the Web site you are going to test Progress against. In the security options, disable all authentication options other than basic authentication.
  3. Build the revised Progress sample.
  4. Run the revised Progress sample and specify as an command-line argument the HTTP address of an HTML page on the Web Server configured in steps 1 and 2.
  5. Click Go to start the download.
  6. A network password dialog box is displayed. Enter the user name and password of an account that has access to the computer that is running IIS.
The HTML page specified in step 4 is displayed in the sample dialog box.
Modification Type:MajorLast Reviewed:1/19/2005
Keywords:kbdownload kbfile kbinfo kbSample kbURLMon KB156905 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.