Deleting cookies in WPF web browser control - wpf

I am developing a WPF application in which I am working with twitter API. To show twitter authentication page I am using WPF web-browser control. I am able to login and use twitter API successfully. My problem is that I need to clear web browser's cookies to implement logout functionality. Is there any way to clear session cookies in WPF web browser?

I ran into this issue yesterday and finally came up with a full solution today. The answer is mentioned here which is put into more detail here and here.
The primary issue here is that the WebBrowser (in WPF and WinForms) does not permit you to modify (delete) existing session cookies. These session cookies are what prevent a multi-user single device experience from being successful.
The StackOverflow response in the link above omits an important part, it requires the use of an unsafe code block, instead of using the Marshal service. Below is a full solution that can be placed into your project to suppress the session cookie persistence.
public static partial class NativeMethods
{
[DllImport("wininet.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool InternetSetOption(IntPtr hInternet, int dwOption, IntPtr lpBuffer, int dwBufferLength);
private const int INTERNET_OPTION_SUPPRESS_BEHAVIOR = 81;
private const int INTERNET_SUPPRESS_COOKIE_PERSIST = 3;
public static void SuppressCookiePersistence()
{
var lpBuffer = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(int)));
Marshal.StructureToPtr(INTERNET_SUPPRESS_COOKIE_PERSIST, lpBuffer, true);
InternetSetOption(IntPtr.Zero, INTERNET_OPTION_SUPPRESS_BEHAVIOR, lpBuffer, sizeof(int));
Marshal.FreeCoTaskMem(lpBuffer);
}
}

Check the following,
http://social.msdn.microsoft.com/Forums/en/wpf/thread/860d1b66-23c2-4a64-875b-1cac869a5e5d
private static void _DeleteSingleCookie(string name, Uri url)
{
try
{
// Calculate "one day ago"
DateTime expiration = DateTime.UtcNow - TimeSpan.FromDays(1);
// Format the cookie as seen on FB.com. Path and domain name are important factors here.
string cookie = String.Format("{0}=; expires={1}; path=/; domain=.facebook.com", name, expiration.ToString("R"));
// Set a single value from this cookie (doesnt work if you try to do all at once, for some reason)
Application.SetCookie(url, cookie);
}
catch (Exception exc)
{
Assert.Fail(exc + " seen deleting a cookie. If this is reasonable, add it to the list.");
}
}

I have not tested this, but I think the best way would be to define a Javascript method on the page (if you're able to) that clears the cookie.
document.cookie='c_user=;expires=Thu, 01 Jan 1970 00:00:00 GMT;domain=.facebook.com';
(or whatever the cookie name is). Then you can use the InvokeScript method on the WebBrowser control.

Related

ReportViewer Custom Protocol

I am using the ReportViewer in my WPF application and I am trying to get a custom protocol to work with the application. So I get the ability to open sub-programs inside my application when a url is clicked inside the ReportViewer.
When I click on the custom-protocol-url (inside the ReportViewer) nothing happens.
When I open the same report via the Web-Browser, my URL works flawlessly.
It seems like the ReportViewer doesn't allow custom protocols? Has anyone experienced that aswell? Is there any documentation on that?
http, https and mailto are working in the ReportViewer.
I am just adding an Action in the Report pointing to my url
customurl://123
Url definition:
[HKEY_CLASSES_ROOT\customurl]
#="URL: customurl Protocol"
"URL Protocol"=""
[HKEY_CLASSES_ROOT\customurl\shell]
[HKEY_CLASSES_ROOT\customurl\shell\open]
[HKEY_CLASSES_ROOT\customurl\shell\open\command]
#="\"C:\\Extra Programme\\TestAlert.exe\" \"%1\""
Testalert (just the test-program by microsoft):
static string ProcessInput(string s)
{
// TODO Verify and validate the input
// string as appropriate for your application.
return s;
}
static void Main(string[] args)
{
Console.WriteLine("Alert.exe invoked with the following parameters.\r\n");
Console.WriteLine("Raw command-line: \n\t" + Environment.CommandLine);
Console.WriteLine("\n\nArguments:\n");
foreach (string s in args)
{
Console.WriteLine("\t" + ProcessInput(s));
}
Console.WriteLine("\nPress any key to continue...");
Console.ReadKey();
}
I have looked into the code of ReportViewer and found an if statement, that checks if the url starts with either http:// or https:// or mailto:.
It gets this information with Uri.UriSchemeHttp, Uri.UriSchemeHttps and Uri.UriSchemeMailto
So you could overwrite eg. Uri.UriSchemeHttp with "customurl" (if your url is customurl://123) before rendering the report.
var field = typeof(Uri).GetField("UriSchemeHttp");
field.SetValue(null, "customurl");
The more elegant solution would be, to use a webbrowser control and just show the SSRS Web-Page

CefSharp load a page with browser login

I need to ebed a web browser in a Wpf app, I tried with the one from the toolbox but get some issues and went to CefSharp.
public MainWindow()
{
InitializeComponent();
BrowserSettings settings = new BrowserSettings();
Cef.Initialize(new CefSettings());
CefSharp.Wpf.ChromiumWebBrowser webBrowser = new CefSharp.Wpf.ChromiumWebBrowser();
licence_grid.Children.Add(webBrowser);
webBrowser.Address = "http://myurlToLoad the page";
}
The problem is when I used a normal url the page load.
But when I used the url I intend to use and whith which the user enter his user and password in a browser pop up (I mean not a pop up from the website) . I get an error with this page take yoo much time to load and nothing else.
Can someone give me some tracks to follow...
Thanks
It sounds like the popup you are referring to is in fact the site prompting for basic authentication.
In that case you need to provide an IRequestHandler.GetAuthCredentials handler.
As the question & answer is very old and i would like to give the latest update on this solution, there is slight change as per original solution suggested.
anybody consuming cefsharp need to implement the authentication dialog. and changes in method is
bool IRequestHandler.GetAuthCredentials(IWebBrowser browserControl, IBrowser browser, IFrame frame, bool isProxy,
string host, int port, string realm, string scheme, IAuthCallback callback)
{
//NOTE: If you do not wish to implement this method returning false is the default behaviour
// We also suggest you explicitly Dispose of the callback as it wraps an unmanaged resource.
// shyam - original implemenation.
//callback.Dispose();
//return false;
bool handled = false;
// Instantiate the dialog box
AuthDialog dlg = new AuthDialog(host); // create new dialog with username and password field.
// Open the dialog box modally
dlg.ShowDialog();
if (dlg.DialogResult == System.Windows.Forms.DialogResult.OK)
{
// The user did not cancel out of the dialog. Retrieve the username and password.
callback.Continue(dlg.UserName,dlg.Password);
handled = true;
}
return handled;
}

Persistent cookies in WPF WebBrowser control?

I'm using the WPF WebBrowser to display online help inside an app (just a few small web pages). Some of those pages use cookies to display items only for the first few times the pages are viewed (it's a "Why not try X" type of thing).
However, for some reason the cookies don't seem to be working inside the WebBrowser control. They work fine in full IE as well as Firefox and Chrome (so the items correctly hide), but they never hide when viewed through the WPF WebBrowser control.
Is there something special about using cookies in the WPF WebBrowser control? It seems to be behaving as if all the cookies are only stored in memory, rather than being persisted on disk.
Here's one of those pages inside a browser (where the cookies work):
And here's the exact same page inside the app:
That additional content should only be visible for the first few times of using the software (i.e. it should be hidden after N views of that web page), but because I can't get cookies to work it's always visible.
Cookies handling in Internet Explorer (or hosted versions) is tied to the IE's own notion of "URL Security Zones", doc here: About URL security Zones
So, IE determines an url zone using various alogorithms applied to the url. Depending on the zone, your hosted browser may or may not support session or persistent cookies.
Strangely, when I create a small WPF sample, add the web browser to it and have navigate to this persistent cookie tester utiliy page: http://www.rbaworld.com/Security/Computers/Cookies/givecook.shtml, it works fine. Each time I launch the sample app, the counter is incremented fine, so not everyone can reproduce your problem. Well, that's the whole purpose of URL Security zones: it can vary by machine, by user, by Windows policy, etc...
The next question is: Can I change the zone you're running in? The short and easy answer is ... no because it's heavily tied to the security.
If you were hosting IE yourself, you could implement your own security zone handle as described here: Implementing a Custom Security Manager and a sample here: SAMPLE: Secumgr.exe Overrides Security Manager for WebBrowser Host but you're relying on WPF's webbrowser that does not allow any override... You can get to Reflector and copy all WPF private/internal code but that's a log of risky work!
The last thing you can try is to manipulate the standard Internet Security Manager. Here is some sample code that gives some hints. At least you should be able to determine the zone you're running in (MapUrltoZone) and change the cookie (TryAllowCookie). The problem with the standard manager is most of the times, it pops up dialog to the end-user allowing authorization... (security again!):
[ComImport, Guid("7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4")]
private class InternetSecurityManager
{
}
[ComImport, InterfaceType(ComInterfaceType.InterfaceIsIUnknown), Guid("79eac9ee-baf9-11ce-8c82-00aa004ba90b")]
private interface IInternetSecurityManager
{
void Unused1();
void Unused2();
[PreserveSig]
int MapUrlToZone([In, MarshalAs(UnmanagedType.BStr)] string pwszUrl, out int pdwZone, [In] int dwFlags);
void Unused3();
[PreserveSig]
int ProcessUrlAction(string pwszUrl, int dwAction, ref int pPolicy, int cbPolicy, ref Guid pContext, int cbContext, int dwFlags, int dwReserved);
// left undefined
}
public static SecurityZone MapUrlToZone(Uri uri)
{
IInternetSecurityManager securityManager = (IInternetSecurityManager)new InternetSecurityManager();
int zoneId;
if (securityManager.MapUrlToZone(uri.ToString(), out zoneId, 0) < 0)
return SecurityZone.NoZone;
return (SecurityZone)zoneId;
}
private const int URLACTION_COOKIES = 0x00001A02;
private const int URLACTION_COOKIES_ENABLED = 0x00001A10;
private const int URLPOLICY_ALLOW = 0x00;
private const int URLPOLICY_DISALLOW = 0x03;
private const int PUAF_DEFAULT = 0x00000000;
public static bool TryAllowCookies(Uri uri)
{
IInternetSecurityManager securityManager = (IInternetSecurityManager)new InternetSecurityManager();
int policy = 0;
Guid context = Guid.Empty;
int hr = securityManager.ProcessUrlAction(uri.ToString(), URLACTION_COOKIES_ENABLED, ref policy, Marshal.SizeOf(policy), ref context, Marshal.SizeOf(context), PUAF_DEFAULT, 0);
return (hr == 0) && policy == URLPOLICY_ALLOW;
}
Good luck :)
The WebBrowser control won't allow this by default. For security reasons, you probably wouldn't want different applications from different developers/companies being able to access cookie info that another app created.
However, check out this answer How to delete Cookies from windows.form?
That pertains to deleting cookies through javascript, but you may be able to use a similar method in order to persist and create the site cookie each time the application is loaded.

Managing cookies in a WPF WebBrowser control?

Is there a way to read/write the cookies that a WebBrowser control uses?
I am doing something like this...
string resultHtml;
HttpWebRequest request = CreateMyHttpWebRequest(); // fills http headers and stuff
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
using (StreamReader sr = new StreamReader(response.GetResponseStream()))
{
resultHtml = sr.ReadToEnd();
}
WebBrowser browser = new WebBrowser();
browser.CookieContainer = request.CookieContainer; // i wish i could do this :(
browser.NavigateToString(resultHtml);
One of the potentially confusing things about the WebBrowser control and cookies is that at a first glance, it often looks like your app gets a separate cookie store. For example, if you log into a site that stores a persistent cookie to identify you, then whether you appear to be logged in for that site from inside an app hosting the control will be independent of whether you seem to be logged in via Internet Explorer.
In fact, you can even be logged in with different identities.
However, although it might be natural to draw the conclusion that each app hosting the WebBrowser therefore gets its own cookies, in fact that's not true. There are merely two sets of cookies: the ones used in 'low integrity' mode (which is what IE runs in by default), and the other set, which is what you'll get in a normal app that hosts the WebBrowser and also what you'll get if you run IE elevated.
the webbrowser control uses WinInet for networking, specifically use the InternetSetCookie(Ex) and InternetGetCookie(Ex) functions for Cookie management. There isn't a WinInet wrapper in .Net, but you can p-invoke.
Yes you are right, InternetGetCookieEx is the only way to retrieve HttpOnly cookies and it is the preferred way to grab cookie from WebBrowser control.
I posted a complete example here
You can use Application.GetCookie and Application.SetCookie methods.
Although Application is more or less related to WPF, you can use these methods in any desktop .NET code. In fact, they are wrappers on InternetGetCookieEx and InternetSetCookieEx Windows APIs.
I faced the same issue few days ago.
Besides the examples of the previous answers, here is a Win32 wrapper for the WebBrowser control. The advantage of this implementation is that it exposes more options that the default WebBrowser control.
Unfortunately if It's not WPF native, so you will have to create a wrapper if you're planning to use it in WPF.
http://code.google.com/p/csexwb2/
Here is sample from [link][1]
> public static class WinInetHelper
{
public static bool SupressCookiePersist()
{
// 3 = INTERNET_SUPPRESS_COOKIE_PERSIST
// 81 = INTERNET_OPTION_SUPPRESS_BEHAVIOR
return SetOption(81, 3);
}
public static bool EndBrowserSession()
{
// 42 = INTERNET_OPTION_END_BROWSER_SESSION
return SetOption(42, null);
}
static bool SetOption(int settingCode, int? option)
{
IntPtr optionPtr = IntPtr.Zero;
int size = 0;
if (option.HasValue)
{
size = sizeof(int);
optionPtr = Marshal.AllocCoTaskMem(size);
Marshal.WriteInt32(optionPtr, option.Value);
}
bool success = InternetSetOption(0, settingCode, optionPtr, size);
if (optionPtr != IntPtr.Zero) Marshal.Release(optionPtr);
return success;
}
[System.Runtime.InteropServices.DllImport("wininet.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool InternetSetOption(
int hInternet,
int dwOption,
IntPtr lpBuffer,
int dwBufferLength
);
}

WPF WebBrowser Cookies to be used in WebRequest

I try to construct WebRequest to a web page after successful logging in to secured web portal via WPF WebBrowser control, but stuck with the problem of reusing WebBrowser cookies in WebRequest.
Unlike WinForms, in WPF WebBrowser control there is no way to extract CookieCollection via WebBrowser.Document.Cookies because Document object does not have Cookies property. The
only way I found is to use mshtml.HTMLDocument2 which has cookies as string
mshtml.IHTMLDocument2 doc = (mshtml.IHTMLDocument2)webBrowser.Document;
string cookies = doc.cookie;
However it is not good enough as looks like MSHTML.Document2
- does not allow to extract important HttpOnly cookies (like ASP.Net_SessionID)
- and I need manually construct CookiesCollection object from Cookies string.
As a result, WebRequest with cookies constructed from string is failing with Session timeout error as ASP.Net_SessionID is not available.
Is there another way of building proper and completed CookieCollection object from WPF WebBrowser control?
Update: After EricLaw posted his comment, here is a snippet of code you could use to get an HttpOnly cookie:
[DllImport("wininet.dll", SetLastError = true)]
private static extern bool InternetGetCookieEx(string pchURL, string pchCookieName,
StringBuilder pchCookieData, ref System.UInt32 pcchCookieData,
int dwFlags, IntPtr lpReserved);
private int INTERNET_COOKIE_HTTPONLY = 0x00002000;
public void GetCookie()
{
string url = "http://www.bing.com";
string cookieName = "ASP.NET_SessionId";
StringBuilder cookie = new StringBuilder();
int size = 256;
InternetGetCookieEx(url, cookieName, cookie, ref size,
INTERNET_COOKIE_HTTPONLY, null)
}
The value would be stored in the StringBuilder "cookie"
A more detailed example can be found in this MSDN blog post.
The only other possible way to get cookies from the WebBrowser that I know of is to use the InternetGetCookie method as mentioned in this StackOverflow answer.
However, it's not possible to get HttpOnly cookies as they are unretrievable as a security feature in browsers. This helps to prevent cross-site scripting. This works the same in WinForms as it does in WPF. More information on HttpOnly cookies can be found in the Wikipedia HTTP Cookie article.

Resources