Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to share session cookies between Internet Explorer and an ActiveX components hosted in a webpage?

I am currently working on a .Net application which makes HTTP requests to some web applications hosted on a IIS server. The application is deployed through ClickOnce and is working fine on simple networks architectures.
One of our customers has a very complex network involving a custom authentication server on which the user has first to log himself in order to be authenticated and get access to other applications on this network. Once authenticated on this server, a session cookie is created and sent to the user. Every time the user then makes a request on a secured server of the network, this cookie is checked to grant access to the user. If this cookie is not sent with the request, the user is redirected to the login page. The only browser used is Internet Explorer.
This cookie cannot be accessed from our .net application since it is executed in another process than the Internet Explorer process which was used to log the user in, and thus is not sent with our requests, which cannot be completed since the server redirects every of our requests to the login page.
I had a look at embedding my application into Internet Explorer by making the main control COM visible and creating it on an HTML page with an tag. It is working properly, however the sessions cookies set earlier in the browser are not sent when the ActiveX control makes web requests.
I was hoping this sharing of the session information would be automatic (although I didn't really believe it). So my questions are : Is it possible to have access to this cookie in the embedded ActiveX? How? Does it make a difference to use a .Net COM-interop component instead of a "true" ActiveX control? Also, are there specific security words to describe this kind of behaviors (given that I am not an expert at all on security topics, this lack of proper terminology makes it a lot harder to find the needed resources)?

My goal is to have my application's requests look the same from the requests made by the host browser's requests, and I thought that embedding the application as an ActiveX control into the browser was the only way to achieve this, however any suggestion on another to do this is welcome.

like image 270
jerem Avatar asked Nov 06 '22 15:11

jerem


1 Answers

A way I found to achieve this is to have the ActiveX component embedding the Internet Explorer component (WebBrowser object), and to use it to do my http requests instead of standard class objects. By doing this, session cookies (even http-only ones) set in Internet Explorer become available to the embedded Internet Explorer and are automatically sent with each requests.

like image 172
jeremy-george Avatar answered Nov 14 '22 16:11

jeremy-george