I am currently working on a .Net application that makes HTTP requests to some web applications hosted on an IIS server. The application is deployed through ClickOnce and works great on simple network architectures.
One of our clients has a very complex network using a custom authentication server, on which the user must first register in order to authenticate and gain access to other applications on this network. After authentication on this server, a session cookie is created and sent to the user. Each time a user makes a request on a secure network server, this cookie is checked to provide access to the user. If this cookie is not sent with the request, the user is redirected to the login page. The only browser is Internet Explorer.
This cookie cannot be accessed from our .net application, because it runs in a different process than the Internet Explorer process that was used to log the user into the system and therefore is not sent with our requests, which cannot be executed, as the server redirects each of our requests is on the login page.
I took a look at embedding my application in Internet Explorer, making the main COM control visible and creating it on an HTML page with a tag. It works correctly, however, the session cookie set earlier in the browser is not sent when the ActiveX control executes web requests.
I was hoping that this sharing of session information would be automatic (although I really didn't believe it). So my questions are: is it possible to have access to this cookie in embedded ActiveX? How? Does it make sense to use the .Net COM-interop component instead of the “true” ActiveX control? In addition, there are special security words to describe this behavior (given that I am not an expert on security topics, is this lack of proper terminology making it difficult to find the necessary resources)?
, , , , ActiveX , , , .