0

I have researched all I can on implementing the IHTTPSECURITY interface with Delphi TWebBrowser. I am trying to navigate to a site via https. The site has a self signed certificate. I wish to avoid the security warnings popping up/appearing in the browser.

If I switch silent mode to true for the browser the security dialog no longer pops up, but the browser automatically selects "No" as the answer to the question "Do you want to Proceed"?.

I believe the way around this is via the IHTTPSecurity interface. I have found code to implement this for EmbeddedWB (why-doesnt-queryservice-get-called-for-ihttpsecurity-when-using-tembeddedwb). I have tried to implement this for TWebBrowser, but the onSecurityProblem function does not fire. My code is below:

unit Unit1;

interface

uses
  Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
  Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.OleCtrls, Vcl.StdCtrls, SHDocVw, ActiveX, Winapi.Urlmon, Winapi.WinInet;

  type TWebBrowser = class(SHDocVw.TWebBrowser, IHTTPSecurity, IWindowForBindingUI)
  private
    function GetWindow(const guidReason: TGUID; out hwnd): HRESULT; stdcall;
    function OnSecurityProblem(dwProblem: Cardinal): HRESULT; stdcall;
  end;


type
  TForm1 = class(TForm)
    WebBrowser1: TWebBrowser;
    Button1: TButton;
    Edit1: TEdit;
    procedure Button1Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

uses System.NetEncoding;

{$R *.dfm}

procedure TForm1.Button1Click(Sender: TObject);
  var
    Flags, TargetFrameName, PostData, headers, url:OleVariant;
    authenticate:string;
begin
  webBrowser1.Navigate('about:blank');
  Flags := '1';
  TargetFrameName := '';
  PostData := '';

  Authenticate := TNetEncoding.Base64.Encode('MediaUser:test');
  Headers:='Authorization: Basic '+Authenticate;
  webBrowser1.Navigate(Edit1.text, flags, TargetFrameName, PostData, headers);
end;

function TWebBrowser.GetWindow(const guidReason: TGUID;
  out hwnd): HRESULT;
begin
  Result := S_FALSE;
end;


function TWebBrowser.OnSecurityProblem(dwProblem: Cardinal): HRESULT;
begin
  if (dwProblem = ERROR_INTERNET_INVALID_CA) or
     (dwProblem = ERROR_INTERNET_SEC_CERT_CN_INVALID)
    then Result := S_OK
    else Result := E_ABORT;
end;

end.

What am I doing wrong?

As a side issue, when the above app terminates I get an unspecified EoleException.

Mark Williams
  • 192
  • 2
  • 12
  • You may need to use Cef4Delphi as described here: https://stackoverflow.com/questions/48554936/delphi-cef4-chromium-do-not-show-web-sites-with-secure-connection-error – Alain Thiffault Oct 05 '18 at 19:56
  • Just checked out Cef4Delphi and it describes itself as a project to embed Chromium based browsers in Delphi. I don't really want to go down that route. I believe it should be possible to do what I want to do with `TWebBrowser` using `IHTTPSecurity`, but I am using it incorrectly it seems. – Mark Williams Oct 05 '18 at 20:11

0 Answers0