BUG: Proxy Authentication Through IAuthenticate May Fail on Secure URL (329802)


The information in this article applies to:

  • Microsoft Internet Explorer 6.0 Service Pack 1
This article was previously published under Q329802
Important: The hotfix described in this article has been superseded by the 813951 Critical Update. For additional information about this update, click the following article number to view the article in the Microsoft Knowledge Base:

813951 You Cannot Access Your MSN E-mail Account or Authenticate with a Web Site in Various Programs

SYMPTOMS

In a Web browser control host, when you initially navigate to a secure URL through a proxy server that requires authentication, and if you provide the authentication credentials through the IAuthenticate interface, you may receive a "Page Not Found" error message. Important Note:

813951

This hotfix contains a bug that is addressed in the following Microsoft Knowledge Base article: 813951 - BUG: Proxy Authentication Through IAuthenticate May Fail on Secure URL.

RESOLUTION

A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Internet Explorer 6.0 service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. 
   Date        Time      Version        Size     File name
   ---------------------------------------------------------
   11-19-2002  23:22:38  6.0.2800.1139  483,328  Urlmon.dll

STATUS

Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

The error occurs because the proxy credentials are not cached correctly when they go through a secure connection in this situation.

Steps to Reproduce the Behavior

  1. Set up a proxy server.
  2. Create a test account name, and then create a password that has permission to use the proxy server.
  3. Create a Microsoft Foundation Classes (MFC) CHtmlView class application, and then implement the IAuthenticate and the IServiceProvider interfaces in a custom control site. The IServiceProvider interface permits the Web browser control to discover the IAuthenticate interface.

    The following example code is specific to Microsoft Foundation Classes 7.0:

    MyOleControlSite.h 
    #include <afxocc.h>
#include <afxhtml.h>

class CHtmlControlSite : public COleControlSite
{
public:
	CHtmlControlSite(COleControlContainer* pParentWnd);
	~CHtmlControlSite();

	CHtmlView* GetView() const;

	BEGIN_INTERFACE_PART(DocHostUIHandler, IDocHostUIHandler)
		STDMETHOD(ShowContextMenu)(DWORD, LPPOINT, LPUNKNOWN, LPDISPATCH);
		STDMETHOD(GetHostInfo)(DOCHOSTUIINFO*);
		STDMETHOD(ShowUI)(DWORD, LPOLEINPLACEACTIVEOBJECT,
			LPOLECOMMANDTARGET, LPOLEINPLACEFRAME, LPOLEINPLACEUIWINDOW);
		STDMETHOD(HideUI)(void);
		STDMETHOD(UpdateUI)(void);
		STDMETHOD(EnableModeless)(BOOL);
		STDMETHOD(OnDocWindowActivate)(BOOL);
		STDMETHOD(OnFrameWindowActivate)(BOOL);
		STDMETHOD(ResizeBorder)(LPCRECT, LPOLEINPLACEUIWINDOW, BOOL);
		STDMETHOD(TranslateAccelerator)(LPMSG, const GUID*, DWORD);
		STDMETHOD(GetOptionKeyPath)(OLECHAR **, DWORD);
		STDMETHOD(GetDropTarget)(LPDROPTARGET, LPDROPTARGET*);
		STDMETHOD(GetExternal)(LPDISPATCH*);
		STDMETHOD(TranslateUrl)(DWORD, OLECHAR*, OLECHAR **);
		STDMETHOD(FilterDataObject)(LPDATAOBJECT , LPDATAOBJECT*);
	END_INTERFACE_PART(DocHostUIHandler)

	DECLARE_INTERFACE_MAP()
};

class CMyOleControlSite : public CHtmlControlSite
{
public:
	CMyOleControlSite(COleControlContainer *pCnt = NULL):CHtmlControlSite(pCnt) {}

	BEGIN_INTERFACE_PART(Authenticate, IAuthenticate)

	STDMETHODIMP Authenticate( 
		HWND __RPC_FAR *phwnd,
		LPWSTR __RPC_FAR *pszUsername,
		LPWSTR __RPC_FAR *pszPassword);

	END_INTERFACE_PART(Authenticate)


	BEGIN_INTERFACE_PART(ServiceProvider, IServiceProvider)
		STDMETHODIMP QueryService(REFGUID guid, REFIID iid, LPVOID * ppv);
	END_INTERFACE_PART(ServiceProvider)  

	DECLARE_INTERFACE_MAP();
};
    MyOleControlSite.cpp 
    #include "stdafx.h"
#include "MyOleControlSite.h"

BEGIN_INTERFACE_MAP(CMyOleControlSite, CHtmlControlSite)
	INTERFACE_PART(CMyOleControlSite, IID_IAuthenticate, Authenticate)
	INTERFACE_PART(CMyOleControlSite, IID_IServiceProvider, ServiceProvider)
END_INTERFACE_MAP()

///////////////////////////////////////////////////////////////////////////// 
// CMyOleControlSite: IAthenticate::IUnknown methods

ULONG CMyOleControlSite::XAuthenticate::AddRef()
{
	METHOD_PROLOGUE(CMyOleControlSite, Authenticate)
	return pThis->ExternalAddRef();
}

ULONG CMyOleControlSite::XAuthenticate::Release()
{                            
	METHOD_PROLOGUE(CMyOleControlSite, Authenticate)
	return pThis->ExternalRelease();
}

HRESULT CMyOleControlSite::XAuthenticate::QueryInterface(REFIID riid, void **ppvObj)
{
	METHOD_PROLOGUE(CMyOleControlSite, Authenticate)
	HRESULT hr = (HRESULT)pThis->ExternalQueryInterface(&riid, ppvObj);
	return hr;
}


///////////////////////////////////////////////////////////////////////////// 
// CMyOleControlSite: Authenticate methods

STDMETHODIMP CMyOleControlSite::XAuthenticate::Authenticate( 
    HWND __RPC_FAR *phwnd,
    LPWSTR __RPC_FAR *pszUsername,
    LPWSTR __RPC_FAR *pszPassword)
{
	METHOD_PROLOGUE(CMyOleControlSite, Authenticate)

	// add code from next step

	return S_OK;
}

// 
// IServiceProvider
// 

ULONG CMyOleControlSite::XServiceProvider::AddRef()
{
	METHOD_PROLOGUE(CMyOleControlSite, ServiceProvider)
	return pThis->ExternalAddRef();
}

ULONG CMyOleControlSite::XServiceProvider::Release()
{                            
	METHOD_PROLOGUE(CMyOleControlSite, ServiceProvider)
	return pThis->ExternalRelease();
}

HRESULT CMyOleControlSite::XServiceProvider::QueryInterface(REFIID riid, void **ppvObj)
{
	METHOD_PROLOGUE(CMyOleControlSite, ServiceProvider)
	HRESULT hr = (HRESULT)pThis->ExternalQueryInterface(&riid, ppvObj);
	return hr;
}

STDMETHODIMP CMyOleControlSite::XServiceProvider::QueryService(REFGUID sid, REFIID iid, LPVOID * ppv)
{
 	METHOD_PROLOGUE(CMyOleControlSite, ServiceProvider)

	if (sid == IID_IAuthenticate || iid == IID_IAuthenticate) {
		return (HRESULT)pThis->ExternalQueryInterface(&iid, ppv);
    } else {
		*ppv = NULL;
	}
		
	return E_NOINTERFACE;
}
    ProxyTestView.h 
    class CProxyTestView : public CHtmlView
{
...
	BOOL CreateControlSite(COleControlContainer* pContainer, 
		COleControlSite** ppSite, UINT nID, REFCLSID clsid);
    ProxyTestView.cpp 
    BOOL CProxyTestView::CreateControlSite(COleControlContainer* pContainer, 
	COleControlSite** ppSite, UINT nID, REFCLSID clsid)
{
	ASSERT(ppSite != NULL);
	*ppSite = new CMyOleControlSite(pContainer);
	return TRUE;
}
  4. In the implementation of the IAuthenticate interface, provide a user name and a password, as shown in the following example:
    STDMETHODIMP CMyOleControlSite::XAuthenticate::Authenticate( 
    HWND __RPC_FAR *phwnd,
    LPWSTR __RPC_FAR *pszUsername,
    LPWSTR __RPC_FAR *pszPassword)
{
	METHOD_PROLOGUE(CMyOleControlSite, Authenticate)

	CString strUsername = "Altoid/LocalAltoid";
	CString strPassword = "Test123";
	
	WCHAR *wszDlgUser = (WCHAR *) CoTaskMemAlloc(255 * sizeof(WCHAR));
	WCHAR *wszDlgPassword = (WCHAR *) CoTaskMemAlloc(255 * sizeof(WCHAR));
	MultiByteToWideChar(GetACP(), 0, (const char*)strUsername, -1, wszDlgUser, 255);
	MultiByteToWideChar(GetACP(), 0, (const char*)strPassword, -1, wszDlgPassword, 255);
	*pszUsername = wszDlgUser;
	*pszPassword = wszDlgPassword;
	*phwnd = NULL;

	return S_OK;
}
  5. In the OnInitialUpdate function, move to the "about:blank" page:
    void CProxyTestView::OnInitialUpdate()
{
	CHtmlView::OnInitialUpdate();
	Navigate2(_T("about:blank"),NULL,NULL);
}
  6. Add a menu item, and then add a handler to move to a secure URL, as shown in the following example:
    void CProxyTestView::OnActionTest()
{
	Navigate2(_T("https://www.etrade.com"),NULL,NULL);
}
  7. Build and then test the project. You see that the page cannot be found. If you modify the page so that it moves to a non-secure URL, or if you visit the secure URL after you visit the non-secure URL, the move succeeds.

REFERENCES

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

320153 BUG: Implementation of IAuthenticate to Bypass the Username or Password Dialog

For more information about the COleControlSite class, visit the following Microsoft Developer Network Web site:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vclib/html/vcrefCOleControlSite.asp

For more information about the IAuthenticate interface, visit the following Microsoft Developer Network Web site:

http://msdn.microsoft.com/library/default.asp?url=/workshop/networking/moniker/reference/ifaces/iauthenticate/iauthenticate.asp

For more information about developing Web-based solutions for Microsoft Internet Explorer, visit the following Microsoft Web sites:

http://msdn.microsoft.com/ie/

http://support.microsoft.com/iep

Modification Type:MajorLast Reviewed:4/21/2006
Keywords:kbHotfixServer kbQFE kbQFE kbIE600sp2fix kbbug kbfix kbIE600preSP2fix kbSecurity KB329802 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.