I'm using the WPF WebBrowser to display online help inside an app (just a few small web pages). Some of those pages use cookies to display items only for the first few times the pages are viewed (it's a "Why not try X" type of thing).
However, for some reason the cookies don't seem to be working inside the WebBrowser control. They work fine in full IE as well as Firefox and Chrome (so the items correctly hide), but they never hide when viewed through the WPF WebBrowser control.
Is there something special about using cookies in the WPF WebBrowser control? It seems to be behaving as if all the cookies are only stored in memory, rather than being persisted on disk.
Here's one of those pages inside a browser (where the cookies work):
And here's the exact same page inside the app:
That additional content should only be visible for the first few times of using the software (i.e. it should be hidden after N views of that web page), but because I can't get cookies to work it's always visible.
Cookies handling in Internet Explorer (or hosted versions) is tied to the IE's own notion of "URL Security Zones", doc here: About URL security Zones
So, IE determines an url zone using various alogorithms applied to the url. Depending on the zone, your hosted browser may or may not support session or persistent cookies.
Strangely, when I create a small WPF sample, add the web browser to it and have navigate to this persistent cookie tester utiliy page: http://www.rbaworld.com/Security/Computers/Cookies/givecook.shtml, it works fine. Each time I launch the sample app, the counter is incremented fine, so not everyone can reproduce your problem. Well, that's the whole purpose of URL Security zones: it can vary by machine, by user, by Windows policy, etc...
The next question is: Can I change the zone you're running in? The short and easy answer is ... no because it's heavily tied to the security.
If you were hosting IE yourself, you could implement your own security zone handle as described here: Implementing a Custom Security Manager and a sample here: SAMPLE: Secumgr.exe Overrides Security Manager for WebBrowser Host but you're relying on WPF's webbrowser that does not allow any override... You can get to Reflector and copy all WPF private/internal code but that's a log of risky work!
The last thing you can try is to manipulate the standard Internet Security Manager. Here is some sample code that gives some hints. At least you should be able to determine the zone you're running in (MapUrltoZone) and change the cookie (TryAllowCookie). The problem with the standard manager is most of the times, it pops up dialog to the end-user allowing authorization... (security again!):
[ComImport, Guid("7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4")]
private class InternetSecurityManager
{
}
[ComImport, InterfaceType(ComInterfaceType.InterfaceIsIUnknown), Guid("79eac9ee-baf9-11ce-8c82-00aa004ba90b")]
private interface IInternetSecurityManager
{
void Unused1();
void Unused2();
[PreserveSig]
int MapUrlToZone([In, MarshalAs(UnmanagedType.BStr)] string pwszUrl, out int pdwZone, [In] int dwFlags);
void Unused3();
[PreserveSig]
int ProcessUrlAction(string pwszUrl, int dwAction, ref int pPolicy, int cbPolicy, ref Guid pContext, int cbContext, int dwFlags, int dwReserved);
// left undefined
}
public static SecurityZone MapUrlToZone(Uri uri)
{
IInternetSecurityManager securityManager = (IInternetSecurityManager)new InternetSecurityManager();
int zoneId;
if (securityManager.MapUrlToZone(uri.ToString(), out zoneId, 0) < 0)
return SecurityZone.NoZone;
return (SecurityZone)zoneId;
}
private const int URLACTION_COOKIES = 0x00001A02;
private const int URLACTION_COOKIES_ENABLED = 0x00001A10;
private const int URLPOLICY_ALLOW = 0x00;
private const int URLPOLICY_DISALLOW = 0x03;
private const int PUAF_DEFAULT = 0x00000000;
public static bool TryAllowCookies(Uri uri)
{
IInternetSecurityManager securityManager = (IInternetSecurityManager)new InternetSecurityManager();
int policy = 0;
Guid context = Guid.Empty;
int hr = securityManager.ProcessUrlAction(uri.ToString(), URLACTION_COOKIES_ENABLED, ref policy, Marshal.SizeOf(policy), ref context, Marshal.SizeOf(context), PUAF_DEFAULT, 0);
return (hr == 0) && policy == URLPOLICY_ALLOW;
}
Good luck :)
The WebBrowser control won't allow this by default. For security reasons, you probably wouldn't want different applications from different developers/companies being able to access cookie info that another app created.
However, check out this answer How to delete Cookies from windows.form?
That pertains to deleting cookies through javascript, but you may be able to use a similar method in order to persist and create the site cookie each time the application is loaded.
Related
I am developing a WPF application in which I am working with twitter API. To show twitter authentication page I am using WPF web-browser control. I am able to login and use twitter API successfully. My problem is that I need to clear web browser's cookies to implement logout functionality. Is there any way to clear session cookies in WPF web browser?
I ran into this issue yesterday and finally came up with a full solution today. The answer is mentioned here which is put into more detail here and here.
The primary issue here is that the WebBrowser (in WPF and WinForms) does not permit you to modify (delete) existing session cookies. These session cookies are what prevent a multi-user single device experience from being successful.
The StackOverflow response in the link above omits an important part, it requires the use of an unsafe code block, instead of using the Marshal service. Below is a full solution that can be placed into your project to suppress the session cookie persistence.
public static partial class NativeMethods
{
[DllImport("wininet.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool InternetSetOption(IntPtr hInternet, int dwOption, IntPtr lpBuffer, int dwBufferLength);
private const int INTERNET_OPTION_SUPPRESS_BEHAVIOR = 81;
private const int INTERNET_SUPPRESS_COOKIE_PERSIST = 3;
public static void SuppressCookiePersistence()
{
var lpBuffer = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(int)));
Marshal.StructureToPtr(INTERNET_SUPPRESS_COOKIE_PERSIST, lpBuffer, true);
InternetSetOption(IntPtr.Zero, INTERNET_OPTION_SUPPRESS_BEHAVIOR, lpBuffer, sizeof(int));
Marshal.FreeCoTaskMem(lpBuffer);
}
}
Check the following,
http://social.msdn.microsoft.com/Forums/en/wpf/thread/860d1b66-23c2-4a64-875b-1cac869a5e5d
private static void _DeleteSingleCookie(string name, Uri url)
{
try
{
// Calculate "one day ago"
DateTime expiration = DateTime.UtcNow - TimeSpan.FromDays(1);
// Format the cookie as seen on FB.com. Path and domain name are important factors here.
string cookie = String.Format("{0}=; expires={1}; path=/; domain=.facebook.com", name, expiration.ToString("R"));
// Set a single value from this cookie (doesnt work if you try to do all at once, for some reason)
Application.SetCookie(url, cookie);
}
catch (Exception exc)
{
Assert.Fail(exc + " seen deleting a cookie. If this is reasonable, add it to the list.");
}
}
I have not tested this, but I think the best way would be to define a Javascript method on the page (if you're able to) that clears the cookie.
document.cookie='c_user=;expires=Thu, 01 Jan 1970 00:00:00 GMT;domain=.facebook.com';
(or whatever the cookie name is). Then you can use the InvokeScript method on the WebBrowser control.
How do I use the word editor in a WPF application? Is it possible using windows forms hosting in WPF only? Is there another way to accomplish that?
I found AvalonEdit but it does not have features that I need. So using this way, my problem may not be solved.
Also there is some stuffs out there to host a windows forms control in WPF, but it could not be my answer.
I want to understand that is there a way to use word editor in a native way in a wpf app?
Will all APIs be available in that solution?
Thanks in advance.
You can host MS Word (2007/2010 and probably other versions) from within a WebBrowser control, this works in WinForms and should work in WPF too. A .NET API is provided for automating Word, documented here. The required interop assemblies ship with Office 2010, so deployment is a lot simpler than previous Office versions.
See this Microsoft Support article for more details on hosting Word within a WebBrowser control. The Screenshot below shows Word embedded within a host Winforms application.
Note that this only works reliably for a single hosted instance of Word, so you can't show 2 Word documents side by side in the same application. Also, the Ribbon can sometimes go missing - but Word hasn't ever caused the application to crash.
Administrative rights are required to make the required registry updates as there are potential security issues. One easy method to make the registry updates is to write a script, but the following (revised/untested) code shows how this can be done in c# for Word, Excel and PowerPoint:
using System.Security.AccessControl;
private Dictionary<string,uint> OfficeBrowserRegKeys()
{
string[] officeRegKeyArray = new string[]
{
#"SOFTWARE\Classes\Word.Document.12",
#"SOFTWARE\Classes\Word.DocumentMacroEnabled.12",
#"SOFTWARE\Classes\Excel.Sheet.12",
#"SOFTWARE\Classes\Excel.SheetMacroEnabled.12",
#"SOFTWARE\Classes\Excel.SheetBinaryMacroEnabled.12",
#"SOFTWARE\Classes\PowerPoint.Show.12",
#"SOFTWARE\Classes\PowerPoint.ShowMacroEnabled.12",
#"SOFTWARE\Classes\PowerPoint.SlideShow.12",
#"SOFTWARE\Classes\PowerPoint.SlideShowMacroEnabled.12"
};
Dictionary<string,uint> officeRegKeys = new Dictionary<string, uint>();
uint wrdVal = 0x80000024;
uint excelVal = 0x80000A00;
uint powerPtVal = 0x800000A0;
foreach(string keyName in officeRegKeyArray)
{
if (keyName.Contains("Word"))
{
officeRegKeys.Add(keyName, wrdVal);
}
else if (keyName.Contains("Excel"))
{
officeRegKeys.Add(keyName, excelVal);
}
else
{
officeRegKeys.Add(keyName, powerPtVal);
}
}
return officeRegKeys;
}
private void setNewOfficeKeys()
{
uint editFlag = 0x00010000;
Dictionary<string,uint> officeRegKeys = OfficeBrowserRegKeys();
foreach (KeyValuePair<string, uint> kvp in officeRegKeys)
{
try
{
RegistryKey rKey = Registry.LocalMachine.OpenSubKey(kvp.Key,
RegistryKeyPermissionCheck.ReadWriteSubTree,
System.Security.AccessControl.RegistryRights.SetValue);
rKey.SetValue("BrowserFlags", unchecked((int)kvp.Value),
RegistryValueKind.DWord);
rKey.SetValue("EditFlags", unchecked((int)editFlag),
RegistryValueKind.DWord);
}
catch (Exception e) { string msg = e.Message; }
}
}
Well, Word proper isn't technically designed to be hosted by another app, whether it's WPF, WINFORMS or anything else.
You CAN use api tricks (like SetParent) to move the Main Word window into a WPF hosted window. I've done it before, but it's pretty tricky business and it's very easy to miss things that cause GPFs (both in Word and your app).
Is there any reason why it needs to be "Word in your app"? Why not write a little word addin and then launch Word from your app when necessary. then the Addin can communicate with your app, or your DB or whatever as necessary from within Word.
Users may find that to be a more usable approach in any case.
In a WP7 Silverlight application with a WebBrowser control I want to use an own protocol like "myttp://" to deliver some local content. I can't use Navigate() to an IsolatedStrorage because some content will by created on demand. For the same reason NavigateToString() is also not usable for me.
I tried to register a WebRequestCreator descend for my MYTP protocol
myCreator = new MyRequestCreator();
WebRequest.RegisterPrefix("mytp://", myCreator);
but it isn't called from the browser control if I navigate to "mytp://test.html".
If I create a WebRequest via code
WebRequest request;
request = WebRequest.Create("mytp://test.html");`
everythings works fine.
Any suggestions what is wrong or how to do it?
The WebBrowser control will use the Windows Phone Internet Explorer Browser's HTTP stack to statisfy web requests. This HTTP stack is entirely separate from the Client HTTP stack being used by the application. Hence the browser does not see your protocol at all.
I agree with AnthonyWJones words, though I dont know, what exactly he meant by "Browser HTTP stack".
The standard Silverlight's "access to Browser's stack" (used to handle sessions etc) in form of System.Net.Browser.WebRequestCreator.BrowserHttp httprequest factory (versus the "normal/aside" System.Net.Browser.WebRequestCreator.ClientHttp factory) is actually available to the application code in WP7. It is hidden from the SDK, but available on the device and with small effort, the application can use it, for example, to have its emitted cookies in sync with the Browser's cache. For description, please see my humble other post
However, while using that factory and having all your session/cookies/userauth handling within those connections in sync with the WebBrowser, despite being very similar to the ClientHttp factory, you find (at least in 7.0 and 7.1 versions) that it is completely ignorant of any custom prefixes. Trying to open anything with this factory results in (WP7 v. Mango 7.1):
A first chance exception of type 'System.Net.ProtocolViolationException' occurred in System.Windows.dll
at System.Net.Browser.BrowserHttpWebRequest.InternalBeginGetRequestStream(AsyncCallback callback, Object state)
at System.Net.Browser.AsyncHelper.BeginOnUI(BeginMethod beginMethod, AsyncCallback callback, Object state)
at System.Net.Browser.BrowserHttpWebRequest.BeginGetRequestStream(AsyncCallback callback, Object state)
at MyApp.MyPage..ctor()
relevant code snippet of the MyPage:
public class WRC : IWebRequestCreate { public WebRequest Create(Uri uri) { return null;/*BREAKPOINT1*/ } }
WebRequest.RegisterPrefix("js://", new WRC()); // register the above handler
brwHttp = (IWebRequestCreate)typeof(System.Net.Browser.WebRequestCreator).GetProperty("BrowserHttp").GetValue(null, null);
var tmp = brwHttp.Create(new Uri("js://blah.blah.blah"));
var yyy = tmp.BeginGetResponse(callback, "wtf");
var response = tmp.EndGetResponse(yyy); /*BREAKPOINT2*/
var zzz = tmp.BeginGetRequestStream(callback, "wtf"); /*<---EXCEPTION*/
var stream = tmp.EndGetRequestStream(zzz); /*BREAKPOINT3*/
Execution results:
breakpoint1 never hit
breakpoint2 allows to see that "response" is NULL
breakpoint3 never hit due to the exception pasted above
My conclusion is, that the Silverlight Browser's stack is hardcoded to use some builtin set of prefixes, and all other prefixes are ignored/throw ProtocolViolation. My guess is, that in WP7 (7.0, 7.1) they are actually hardcoded to use http since my custom "js://" was passed to a BrowserHttpWebRequest.InternalBeginGetRequestStream as it's visible on the stacktrace :)
That confirms what Anthony had written - no way of having custom protocol handlers to work gracefully with the Silverlight's Browser Stack API.
However, I cannot agree with that the WebBrowser uses this connection factory. While is it true that the hidden factory is called BrowserHttp, and is true that it shares some per-user or per-session settings with the webbrowser, everything I try tens to indicate that the WebBrowser component uses yet completly other factory for its connections, and quite probably it is some native one. As an argument for that, I can only provide that I was able to successfully replace the original BrowserHttp factory with my simple custom implementation of it (both on the emulator and the phone), and with at least 6 webbrowsers in my current app, it wasn't used at all, not even once! (neither on the emulator, nor phone)
Is there a way to read/write the cookies that a WebBrowser control uses?
I am doing something like this...
string resultHtml;
HttpWebRequest request = CreateMyHttpWebRequest(); // fills http headers and stuff
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
using (StreamReader sr = new StreamReader(response.GetResponseStream()))
{
resultHtml = sr.ReadToEnd();
}
WebBrowser browser = new WebBrowser();
browser.CookieContainer = request.CookieContainer; // i wish i could do this :(
browser.NavigateToString(resultHtml);
One of the potentially confusing things about the WebBrowser control and cookies is that at a first glance, it often looks like your app gets a separate cookie store. For example, if you log into a site that stores a persistent cookie to identify you, then whether you appear to be logged in for that site from inside an app hosting the control will be independent of whether you seem to be logged in via Internet Explorer.
In fact, you can even be logged in with different identities.
However, although it might be natural to draw the conclusion that each app hosting the WebBrowser therefore gets its own cookies, in fact that's not true. There are merely two sets of cookies: the ones used in 'low integrity' mode (which is what IE runs in by default), and the other set, which is what you'll get in a normal app that hosts the WebBrowser and also what you'll get if you run IE elevated.
the webbrowser control uses WinInet for networking, specifically use the InternetSetCookie(Ex) and InternetGetCookie(Ex) functions for Cookie management. There isn't a WinInet wrapper in .Net, but you can p-invoke.
Yes you are right, InternetGetCookieEx is the only way to retrieve HttpOnly cookies and it is the preferred way to grab cookie from WebBrowser control.
I posted a complete example here
You can use Application.GetCookie and Application.SetCookie methods.
Although Application is more or less related to WPF, you can use these methods in any desktop .NET code. In fact, they are wrappers on InternetGetCookieEx and InternetSetCookieEx Windows APIs.
I faced the same issue few days ago.
Besides the examples of the previous answers, here is a Win32 wrapper for the WebBrowser control. The advantage of this implementation is that it exposes more options that the default WebBrowser control.
Unfortunately if It's not WPF native, so you will have to create a wrapper if you're planning to use it in WPF.
http://code.google.com/p/csexwb2/
Here is sample from [link][1]
> public static class WinInetHelper
{
public static bool SupressCookiePersist()
{
// 3 = INTERNET_SUPPRESS_COOKIE_PERSIST
// 81 = INTERNET_OPTION_SUPPRESS_BEHAVIOR
return SetOption(81, 3);
}
public static bool EndBrowserSession()
{
// 42 = INTERNET_OPTION_END_BROWSER_SESSION
return SetOption(42, null);
}
static bool SetOption(int settingCode, int? option)
{
IntPtr optionPtr = IntPtr.Zero;
int size = 0;
if (option.HasValue)
{
size = sizeof(int);
optionPtr = Marshal.AllocCoTaskMem(size);
Marshal.WriteInt32(optionPtr, option.Value);
}
bool success = InternetSetOption(0, settingCode, optionPtr, size);
if (optionPtr != IntPtr.Zero) Marshal.Release(optionPtr);
return success;
}
[System.Runtime.InteropServices.DllImport("wininet.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool InternetSetOption(
int hInternet,
int dwOption,
IntPtr lpBuffer,
int dwBufferLength
);
}
I try to construct WebRequest to a web page after successful logging in to secured web portal via WPF WebBrowser control, but stuck with the problem of reusing WebBrowser cookies in WebRequest.
Unlike WinForms, in WPF WebBrowser control there is no way to extract CookieCollection via WebBrowser.Document.Cookies because Document object does not have Cookies property. The
only way I found is to use mshtml.HTMLDocument2 which has cookies as string
mshtml.IHTMLDocument2 doc = (mshtml.IHTMLDocument2)webBrowser.Document;
string cookies = doc.cookie;
However it is not good enough as looks like MSHTML.Document2
- does not allow to extract important HttpOnly cookies (like ASP.Net_SessionID)
- and I need manually construct CookiesCollection object from Cookies string.
As a result, WebRequest with cookies constructed from string is failing with Session timeout error as ASP.Net_SessionID is not available.
Is there another way of building proper and completed CookieCollection object from WPF WebBrowser control?
Update: After EricLaw posted his comment, here is a snippet of code you could use to get an HttpOnly cookie:
[DllImport("wininet.dll", SetLastError = true)]
private static extern bool InternetGetCookieEx(string pchURL, string pchCookieName,
StringBuilder pchCookieData, ref System.UInt32 pcchCookieData,
int dwFlags, IntPtr lpReserved);
private int INTERNET_COOKIE_HTTPONLY = 0x00002000;
public void GetCookie()
{
string url = "http://www.bing.com";
string cookieName = "ASP.NET_SessionId";
StringBuilder cookie = new StringBuilder();
int size = 256;
InternetGetCookieEx(url, cookieName, cookie, ref size,
INTERNET_COOKIE_HTTPONLY, null)
}
The value would be stored in the StringBuilder "cookie"
A more detailed example can be found in this MSDN blog post.
The only other possible way to get cookies from the WebBrowser that I know of is to use the InternetGetCookie method as mentioned in this StackOverflow answer.
However, it's not possible to get HttpOnly cookies as they are unretrievable as a security feature in browsers. This helps to prevent cross-site scripting. This works the same in WinForms as it does in WPF. More information on HttpOnly cookies can be found in the Wikipedia HTTP Cookie article.