locked
How to intercept security warnings in IWebBrowser2 control RRS feed

  • Question

  • I am working on a win32 app that embeds an IWebBrowser2 control. On navigating to a webpage I am getting a pop-up dialog box titled "Security Alert" with the message "Revocation information for the security certificate for this site is not available.".

    I would like to handle these errors programmatically and show the UI to the user only if necessary. As per the documentation, I implemented IHttpSecurity and IServiceProvider interfaces to intercept the issue in onSecurityProblem. To test my implementation I navigated the webpage to expired.badssl.com but I didn't receive the onSecurityProblem callback. Weirdly I was able to receive the callback on reloading the webpage after it failed to load initially. So this confirms that my implementation is (somewhat) correct.

    Now the problem is that I am not able to receive the callback for my website even if I refresh. I always get the warning alert dialog. On digging further I found that the dialog was because of an XMLHttpRequest that the webpage made to an analytics server.

    Is there a method to intercept the security warning in such a situation?

    PS - I found another solution to disable the warning box using the silent property on IWebBrowser2 control. But it disables all the dialogs - authentication, proxy etc - which I would like to keep.

    Friday, May 22, 2020 1:43 PM

All replies

  • Hi nangalvivek,

    If you are just showing the specific site in the web browser control then you should check why that site is showing this error.

    Check whether certificate is in the CRL list. Check whether you can see this issue on other machines or not.

    I suggest you please post your sample code that you had tried on your side.

    We will try to check it and try to provide suggestions for it.

    Regards,

    Deepak


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, May 25, 2020 6:17 AM
  • I am getting the errors on every machine but only if I open the webpage in Internet Explorer. There is no such warning in Edge, Chrome or Firefox.

    How do I verify that the certificate is in a CRL list?

    Wednesday, May 27, 2020 4:56 AM
  • Hi nangalvivek,

    Below is the helpful link for checking the expired certificates.

    Viewing Expired Certificate Revocation List (CRL)

    If possible then you can provide the feedback about this on that site.

    It may create security issues if try to show this site in web browser control.

    Regards,

    Deepak

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.




    Wednesday, May 27, 2020 7:03 AM
  • IServiceProvider doesn't work on the first navigation so navigate to about:blank and wait for DocumentComplete before going to your target page.

    If IServiceProvider doesn't give what you want then you probably need IInternetSession.



    Visual C++ MVP

    Friday, May 29, 2020 12:33 AM