Microsoft KB Archive/329802

= BUG: Proxy Authentication Through IAuthenticate May Fail on Secure URL =

Article ID: 329802

Article Last Modified on 11/15/2007

-

APPLIES TO


 * Microsoft Internet Explorer 6.0 Service Pack 1

-



This article was previously published under Q329802



Important: The hotfix described in this article has been superseded by the 813951 Critical Update. For additional information about this update, click the following article number to view the article in the Microsoft Knowledge Base:

813951 You Cannot Access Your MSN E-mail Account or Authenticate with a Web Site in Various Programs



SYMPTOMS
In a Web browser control host, when you initially navigate to a secure URL through a proxy server that requires authentication, and if you provide the authentication credentials through the IAuthenticate interface, you may receive a &quot;Page Not Found&quot; error message. Important Note:

813951

This hotfix contains a bug that is addressed in the following Microsoft Knowledge Base article: 813951 - BUG: Proxy Authentication Through IAuthenticate May Fail on Secure URL.



RESOLUTION
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.

To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:

http://go.microsoft.com/?linkid=6294451

Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.   Date        Time      Version        Size     File name -  11-19-2002  23:22:38  6.0.2800.1139  483,328  Urlmon.dll



STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
The error occurs because the proxy credentials are not cached correctly when they go through a secure connection in this situation.

Steps to Reproduce the Behavior
 Set up a proxy server. Create a test account name, and then create a password that has permission to use the proxy server.  Create a Microsoft Foundation Classes (MFC) CHtmlView class application, and then implement the IAuthenticate and the IServiceProvider interfaces in a custom control site. The IServiceProvider interface permits the Web browser control to discover the IAuthenticate interface.

The following example code is specific to Microsoft Foundation Classes 7.0:

MyOleControlSite.h
 * 1) include 
 * 2) include 

class CHtmlControlSite : public COleControlSite { public: CHtmlControlSite(COleControlContainer* pParentWnd); ~CHtmlControlSite;

CHtmlView* GetView const;

BEGIN_INTERFACE_PART(DocHostUIHandler, IDocHostUIHandler) STDMETHOD(ShowContextMenu)(DWORD, LPPOINT, LPUNKNOWN, LPDISPATCH); STDMETHOD(GetHostInfo)(DOCHOSTUIINFO*); STDMETHOD(ShowUI)(DWORD, LPOLEINPLACEACTIVEOBJECT,           LPOLECOMMANDTARGET, LPOLEINPLACEFRAME, LPOLEINPLACEUIWINDOW); STDMETHOD(HideUI)(void); STDMETHOD(UpdateUI)(void); STDMETHOD(EnableModeless)(BOOL); STDMETHOD(OnDocWindowActivate)(BOOL); STDMETHOD(OnFrameWindowActivate)(BOOL); STDMETHOD(ResizeBorder)(LPCRECT, LPOLEINPLACEUIWINDOW, BOOL); STDMETHOD(TranslateAccelerator)(LPMSG, const GUID*, DWORD); STDMETHOD(GetOptionKeyPath)(OLECHAR **, DWORD); STDMETHOD(GetDropTarget)(LPDROPTARGET, LPDROPTARGET*); STDMETHOD(GetExternal)(LPDISPATCH*); STDMETHOD(TranslateUrl)(DWORD, OLECHAR*, OLECHAR **); STDMETHOD(FilterDataObject)(LPDATAOBJECT, LPDATAOBJECT*); END_INTERFACE_PART(DocHostUIHandler)

DECLARE_INTERFACE_MAP };

class CMyOleControlSite : public CHtmlControlSite { public: CMyOleControlSite(COleControlContainer *pCnt = NULL):CHtmlControlSite(pCnt) {}

BEGIN_INTERFACE_PART(Authenticate, IAuthenticate)

STDMETHODIMP Authenticate(        HWND __RPC_FAR *phwnd,        LPWSTR __RPC_FAR *pszUsername,        LPWSTR __RPC_FAR *pszPassword);

END_INTERFACE_PART(Authenticate)

BEGIN_INTERFACE_PART(ServiceProvider, IServiceProvider) STDMETHODIMP QueryService(REFGUID guid, REFIID iid, LPVOID * ppv); END_INTERFACE_PART(ServiceProvider)

DECLARE_INTERFACE_MAP; }; MyOleControlSite.cpp
 * 1) include &quot;stdafx.h&quot;
 * 2) include &quot;MyOleControlSite.h&quot;

BEGIN_INTERFACE_MAP(CMyOleControlSite, CHtmlControlSite) INTERFACE_PART(CMyOleControlSite, IID_IAuthenticate, Authenticate) INTERFACE_PART(CMyOleControlSite, IID_IServiceProvider, ServiceProvider) END_INTERFACE_MAP

///////////////////////////////////////////////////////////////////////////// // CMyOleControlSite: IAthenticate::IUnknown methods

ULONG CMyOleControlSite::XAuthenticate::AddRef {   METHOD_PROLOGUE(CMyOleControlSite, Authenticate) return pThis->ExternalAddRef; }

ULONG CMyOleControlSite::XAuthenticate::Release {                               METHOD_PROLOGUE(CMyOleControlSite, Authenticate) return pThis->ExternalRelease; }

HRESULT CMyOleControlSite::XAuthenticate::QueryInterface(REFIID riid, void **ppvObj) {   METHOD_PROLOGUE(CMyOleControlSite, Authenticate) HRESULT hr = (HRESULT)pThis->ExternalQueryInterface(&riid, ppvObj); return hr; }

///////////////////////////////////////////////////////////////////////////// // CMyOleControlSite: Authenticate methods

STDMETHODIMP CMyOleControlSite::XAuthenticate::Authenticate(    HWND __RPC_FAR *phwnd,    LPWSTR __RPC_FAR *pszUsername,    LPWSTR __RPC_FAR *pszPassword) {   METHOD_PROLOGUE(CMyOleControlSite, Authenticate)

// add code from next step

return S_OK; }

// // IServiceProvider //

ULONG CMyOleControlSite::XServiceProvider::AddRef {   METHOD_PROLOGUE(CMyOleControlSite, ServiceProvider) return pThis->ExternalAddRef; }

ULONG CMyOleControlSite::XServiceProvider::Release {                               METHOD_PROLOGUE(CMyOleControlSite, ServiceProvider) return pThis->ExternalRelease; }

HRESULT CMyOleControlSite::XServiceProvider::QueryInterface(REFIID riid, void **ppvObj) {   METHOD_PROLOGUE(CMyOleControlSite, ServiceProvider) HRESULT hr = (HRESULT)pThis->ExternalQueryInterface(&riid, ppvObj); return hr; }

STDMETHODIMP CMyOleControlSite::XServiceProvider::QueryService(REFGUID sid, REFIID iid, LPVOID * ppv) {   METHOD_PROLOGUE(CMyOleControlSite, ServiceProvider)

if (sid == IID_IAuthenticate || iid == IID_IAuthenticate) { return (HRESULT)pThis->ExternalQueryInterface(&iid, ppv); } else { *ppv = NULL; }   return E_NOINTERFACE; } ProxyTestView.h class CProxyTestView : public CHtmlView { ...   BOOL CreateControlSite(COleControlContainer* pContainer,         COleControlSite** ppSite, UINT nID, REFCLSID clsid); ProxyTestView.cpp BOOL CProxyTestView::CreateControlSite(COleControlContainer* pContainer,    COleControlSite** ppSite, UINT nID, REFCLSID clsid) {   ASSERT(ppSite != NULL); *ppSite = new CMyOleControlSite(pContainer); return TRUE; }                     In the implementation of the IAuthenticate interface, provide a user name and a password, as shown in the following example: STDMETHODIMP CMyOleControlSite::XAuthenticate::Authenticate(    HWND __RPC_FAR *phwnd,    LPWSTR __RPC_FAR *pszUsername,    LPWSTR __RPC_FAR *pszPassword) {   METHOD_PROLOGUE(CMyOleControlSite, Authenticate)

CString strUsername = &quot;Altoid/LocalAltoid&quot;; CString strPassword = &quot;Test123&quot;; WCHAR *wszDlgUser = (WCHAR *) CoTaskMemAlloc(255 * sizeof(WCHAR)); WCHAR *wszDlgPassword = (WCHAR *) CoTaskMemAlloc(255 * sizeof(WCHAR)); MultiByteToWideChar(GetACP, 0, (const char*)strUsername, -1, wszDlgUser, 255); MultiByteToWideChar(GetACP, 0, (const char*)strPassword, -1, wszDlgPassword, 255); *pszUsername = wszDlgUser; *pszPassword = wszDlgPassword; *phwnd = NULL;

return S_OK; }                   </li>  In the OnInitialUpdate function, move to the &quot;about:blank&quot; page: void CProxyTestView::OnInitialUpdate {   CHtmlView::OnInitialUpdate; Navigate2(_T(&quot;about:blank&quot;),NULL,NULL); }                   </li>  Add a menu item, and then add a handler to move to a secure URL, as shown in the following example: void CProxyTestView::OnActionTest {   Navigate2(_T(&quot;https://www.etrade.com&quot;),NULL,NULL); }                   </li> Build and then test the project. You see that the page cannot be found. If you modify the page so that it moves to a non-secure URL, or if you visit the secure URL after you visit the non-secure URL, the move succeeds.</li></ol>

<div class="references_section">