SAMPLE:How To Use IAuthenticate to Bind to a Secured HTML Page

 Last reviewed: January 19, 1998
Article ID: Q156905
The information in this article applies to:
  • Microsoft ActiveX SDK, version 1.0
  • Internet Client SDK, version 4.0, 4.01

SUMMARY

The Progress sample included with the ActiveX Internet Client SDK demonstrates how to use a URL moniker to asynchronously bind to data from a remote site on the Internet or an intranet. The sample this article describes, Progress.exe, enhances the Progress sample that comes with the ActiveX Internet Client SDK by handling the case where authentication is required to access secured data.

The following file is available for download from the Microsoft Software Library: 

 ~ Progress.exe (size: 41761 bytes)
For more information about downloading files from the Microsoft Software Library, please see the following article in the Microsoft Knowledge Base: 

   ARTICLE-ID: Q119591
   TITLE     : How to Obtain Microsoft Support Files from Online Services
For additional information, please see the following article in the Microsoft Knowledge Base: 

   ARTICLE-ID: Q156904
   TITLE     : FIX: Returning User Name and Password from IAuthenticate
               Fails

MORE INFORMATION

Handling authentication requests from a URL moniker requires that the URL moniker host implement a bind status callback object which exposes both the IBindStatusCallback interface and the IAuthenticate interface. The sample uses multiple inheritance to expose these interfaces on the same object.

The IAuthenticate interface consists of a single method, Authenticate. The sample implements IAuthenticate::Authenticate as follows:

STDMETHODIMP CBindStatusCallback::Authenticate( 

    HWND __RPC_FAR *phwnd,
    LPWSTR __RPC_FAR *pszUsername,
    LPWSTR __RPC_FAR *pszPassword)
{ 
   if (!phwnd || !pszUsername || !pszPassword)
   {
      return E_INVALIDARG;
   }

   // The progress sample's HWND is stored in g_hwndDlg
   *phwnd = g_hwndDlg;
   *pszUsername = NULL;
   *pszPassword = NULL;
   return S_OK;
}

When the URL moniker attempts to bind to the object specified in the call to CreateURLMoniker, it determines whether or not the object is secured. If the object is secured, the URL moniker queries the bind status callback object for IAuthenticate. The URL moniker queries for IAuthenticate through the IBindStatusCallback interface pointer registered with the bind context used in the binding operation.

The implementation of Authenticate above returns a valid window handle. The URL moniker uses this handle as the parent window handle in a call to the InternetErrorDlg WININET API. InternetErrorDlg presents the user with a dialog box requesting a user name and password required to access the secured data.

To demonstrate how a URL moniker requests authentication information from its host, perform the following steps:

  1. Launch the Internet Information Server (IIS) Service Manager utility.
2. Double-click on the WWW Service to display its property sheet. 3. Click the Service tab. 4. Under Password Authentication, uncheck both "Allow Anonymous" and 
   "Windows NT Challenge/Response" and check "Basic (Clear Text)."
5. Dismiss the property sheet by clicking OK. 6. Build the revised Progress sample. 7. Run the revised Progress sample and specify as an argument the HTTP 
   address of an HTML page on the Web Server configured in steps 1 through
   5.
8. Click the Go button to commence the download. 9. A network password dialog box appears. Enter the user name and password 
   of an account that has access to the machine running the IIS.
The HTML page specified in step 7 is displayed in the sample dialog box.

Additional query words: URLMON IBSC
Keywords : AXSDKUrlMon kbdsi
Version : 1.0
Platform : WINDOWS
Issue type : kbfile

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: January 19, 1998
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.