3

I am using WebBrowser control to programmatically access a single website, but whenever I login, I receive this certificate security alert:

enter image description here

Since I trust that website and since I need to programmatically automate the login as well, this dialog box gets in the way.

I searched SO for a solution and found a question similar to mine, but the accepted answer does not work!

I defined a static member in the form that contains the WebControl:

public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
  return true;
}

In my form's constructor I added:

ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate);

But that didn't get rid of the certificate security alert.

I also, clicked the View Certificate button, then clicked the Install Certificate button in the dialog that followed, but that didn't seem to help either.

Is there any way to get rid of this warning?

Is there an IE equivalent to Firefox's Add Security Exception‌​?

Note: The owner's certificate works perfectly fine (without exhibiting this security alert) with standalone browsers (IE, FF, Chrome, Safari). It only exhibits the problem with the WebBroswer control.

Community
  • 1
  • 1
ih8ie8
  • 944
  • 8
  • 23
  • 6
    Get a valid certificate. It would be a security hole if you can get around this, as malware writers could do the same and you would not know that you are taking a risk at a site. – James Black Oct 21 '12 at 16:29
  • 1
    @JamesBlack That website is not mine. But I do trust it. Firefox has a mechanism to add a [Security Exception](http://www.asknetinfo.com/plesk-control-panel-certificate-error.html). How about IE9? – ih8ie8 Oct 21 '12 at 16:31
  • 1
    Yes FF has but not programativally since that whould indeed be a security loop hole – Rune FS Oct 21 '12 at 17:02
  • @RuneFS Not programmatically for the first time this alert is displayed is fine for me (I am only using this application in one machine). I wish Windows Forms had a Firefox/Chrome/WebKit control... – ih8ie8 Oct 21 '12 at 17:06

3 Answers3

6

ScriptErrorsSuppressed = True doesn't help: the security dialog does not appear, but the effect is like pressing "No"

Jack Reacher
  • 61
  • 1
  • 1
  • I'm not sure what the effect of pressing NO is actually. When I enable script errors and press NO when it asks if I want to continue to run scripts on this site, often times I get a script error right back again, many times in a row sometimes, like when a video player is enabling many controls in the same way and throwing an error. It should stop but it simply doesn't. – John Faulkner Jul 19 '13 at 12:25
5

The best idea is to sort out the broken certificate. Browsers guard these warnings for a reason. What you're doing is trying to circumvent the user's safety.

If you must do this using the webbrowser control, then set ScriptErrorsSuppressed to true.

Jeff Watkins
  • 6,343
  • 16
  • 19
  • 1
    Nor the website neither the certificate are mine. I am the only user of that program. I can afford adding an exception. But how do I do that? – ih8ie8 Oct 21 '12 at 16:32
  • 2
    Ask the owner of the site to fix their certificates. – Jeff Watkins Oct 21 '12 at 16:33
  • 1
    The owner's certificate works perfectly fine (without exhibiting this security alert) with standalone browsers (IE, FF, Chrome, Safari). It only exhibits the problem with the WebBroswer control. There is nothing the owner can do about this. – ih8ie8 Oct 21 '12 at 16:49
  • 1
    Ok, how are you accessing the service? If you're not using the servicepointmanager to get to your resource, that delegate won't get fired. – Jeff Watkins Oct 21 '12 at 16:58
  • I am using `WebBrowser.Navigate()` to first access the login page, then via `WebBrowser.Document`'s form I call `form.InvokeMember("submit")`. It's that simple and it works, except for the non-scriptable security alert... – ih8ie8 Oct 21 '12 at 17:01
  • Using custom validation rules doesn't necessarily decrease security. For example if you check the fingerprint of the certificate it's actually stronger than relying on CAs. – CodesInChaos Oct 23 '12 at 11:34
0

I solved this by importing the broken certificate in root trusted certification authority.

enter image description here

EJoshuaS - Stand with Ukraine
  • 11,977
  • 56
  • 49
  • 78
user4705184
  • 1
  • 1