I have made an app that will login automatically in the websites I use daily.
1 of them uses a security certificate which I have installed, when I browse it with IE I can accept the certificate and login, same with chrome, but when I browse with my app it will only show me
Navigation to the webpage was canceled
What you can try:
Refresh the page.
I'm thinking I have to somehow include that certificate on my app but I'm stuck, I've been googling about it but I can't find a straight answer.
I've read that the webbrowser control doesn't support HTTPS which the website I need to login is, if so is there any other way I can access the website within my app, maybe a different webbrowser control?
I'm using VB.net by the way.
some extra info:
I don't own the website so I cannot make any changes there.
I do have valid and legal access to the website using the certificate they issued for me.
The problem was I had browser.ScriptErrorsSuppressed = True
Somehow the browser control was taking the "Accept certificate" messagebox as script error.
Related
I have a web app that uses Firebase for authentication, more specifically it uses the signInWithPopup(provider) method. There is also a desktop client based on Electron which simply loads the same web app. With recent updates this method of authentication stopped working as Electron is regarded as unsecure environment.
Is there a way to open the login popup in the default browser (i.e. Chrome) which is secure, complete the login process there, and return to the Electron app with the login information?
If login popup in default browser, the same issue can happen with security. It needs both ends to be secure.
Can you try to generate certificate and use it in your electron ? Instead of self signed certificate, you can generate through Let’s Encrypt (Authorised CA). Hope this solves your issue.
I am working on some browser tests in selenium on Chrome. I have a script which ran on my personal machine can connect to a site and has no issues. However when the script is ran on a machine inside our network, it pops an authentication pop up. When I click cancel on the authentication box, it continues to a user login page which allows regular authentication. I have disabled IWA for the browser but it is still popping up.
I tried passing username#password:url but that did not work. Our test account is not connected to the domain and this website will try to use your Windows account but outside the network it defaults to the login page where we do have regular userid/pw for certain people (like our test account they created for us). We do not control the server so I cannot change that behavior.
I would normally close the alert in this case however selenium is not recognizing the authentication popup as an alert so the script just hangs. So step 2 would be the userid/password sent in the URL but that doesn't work either. I would prefer not to go the route of installing any other tools (like AutoIt) and try to solve this with settings.
Is there a way to skip the authentication popup in chrome? In the header the response is its using "Negotiate" for auth. I do not get that when testing on my local machine outside the network.
We have a program that runs in IIS with Windows authentication, and which is available to the outside world.
Right now, we provide to every interested party a link to the program, along with guest credentials they then have to type.
Is there a possibility to do away with the credentials? Our internal people should be able to login as usual, but we want to provide a link to get into the guest account without typing any login credentials.
I have tried to add the credentials into the clickable url, but Internet Explorer and Edge browser do not support this, and Mobile Safari throws phishing warnings.
Can this be done universally, that the authentication is done invisibly in the background in all browsers, using some kind of redirect or XHR call with arguments or something like that?
Running WAMP and I'm trying to embed an iframe of an external website (mcmaster) in a dokuwiki and I'm getting a security alert that doesn't allow the site to be displayed. Security alert says the sites certificate isn't good, and I didn't get the option to allow the page in the iframe but if i opened in a new window i got the option to. So after allowing it just returns a blank screen. What do I need to enable or exception to add in Apache to allow the server to embed this website? Apologies if this is in the wrong stack but I assume this is a server issue not a coding issue, as other sites work fine with the syntax.
I have a mvc4 web app that sits behind ADFS 2.0 authentication, it's configured using the web.config file. The application can be visited by going directly to a URL or as an iframe inside of CRM 2013.
The application works in all (tested) browsers when visiting the URL directly, both redirection to login form and handing the user back to the web app with the proper information in the ClaimsIdentity.
However, when visiting the app as an iframe inside CRM2013, internet explorer goes into a continous login loop. You are asked to provide the credentials (which are the same as for logging in to CRM) and when you click ok you get redirected back to the same login page again, to my knowledge the app never receives the hand off.
In Safari, Chrome, Firefox, and Opera the users are able to log into the application inside of CRM as well as outside without any problems (I'd even go as far as saying that it works better than expected for these browsers).
Does anyone have any idea of what I can try or what the problem could be for IE?
EDIT 1
I'm thinking it has to do with some security setting and am playing around with the settings in IE. Unchecking this box stops the login form from showing in IE at all and I get an empty page instead.
Is the iFrame on the same (sub)domain as the site inside? You can use Fiddler to view your redirect flow, are the cookies added as expected?
I've seen cookies that are overridden by the iFrame host, in that case you lose the auth cookie. Browsers react differently on same domain cookies.
Another problem might be X-Frame-Options, do you see any warning in the F12 console of IE?