6 Replies - 401 Views - Last Post: 19 December 2013 - 01:22 PM Rate Topic: -----

#1 synlight  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 89
  • View blog
  • Posts: 582
  • Joined: 14-September 11

Changing registry settings on end user's machine

Posted 19 December 2013 - 07:00 AM

After 4 days of eye crossing research, I THINK I have found out why my application won't allow automated basic auth. Since the WebBroswer control is a wrapper for IE..

From MS Support:

By default, versions of Windows Internet Explorer that were released starting with the release of security update 832894 do not support handling user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs. The following URL syntax is not supported in Internet Explorer or in Windows Explorer:
http(s)://username:password@server/resource.ext

While this still doesn't explain why passing it in the headers doesn't work, at least it's a trail for me to follow. The thing is, is that the workaround involves disabling settings in the user's registry:

To disable the new default behavior in Windows Explorer and Internet Explorer, create iexplore.exe and explorer.exe DWORD values in one of the following registry keys and set their value data to 0.

For all users of the program, set the value in the following registry key:
 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE

For the current user of the program only, set the value in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE


That seems to me like something I should NOT be doing. Is that ethically/legally troublesome?

Is This A Good Question/Topic? 0
  • +

Replies To: Changing registry settings on end user's machine

#2 tlhIn`toq  Icon User is online

  • Please show what you have already tried when asking a question.
  • member icon

Reputation: 5517
  • View blog
  • Posts: 11,826
  • Joined: 02-June 10

Re: Changing registry settings on end user's machine

Posted 19 December 2013 - 07:14 AM

If it were my machine and I found some program changing my security settings that affect my vulnerability across my entire internet browsing experience I would be damned angry.

Its not the place of a program or a site to make those kinds of changes to a user's machine. Ever.
Was This Post Helpful? 1
  • +
  • -

#3 Skydiver  Icon User is online

  • Code herder
  • member icon

Reputation: 3574
  • View blog
  • Posts: 11,112
  • Joined: 05-May 12

Re: Changing registry settings on end user's machine

Posted 19 December 2013 - 07:25 AM

That same KB article seemed to offer other options than changing the user settings. I'm online only for a short time today though and don't have enough time to research more. Sorry.
Was This Post Helpful? 1
  • +
  • -

#4 synlight  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 89
  • View blog
  • Posts: 582
  • Joined: 14-September 11

Re: Changing registry settings on end user's machine

Posted 19 December 2013 - 07:25 AM

Yeah it didn't sound like a good idea to me. Which is why I asked LOL. You guys are the only people I have to ask questions like this.

Sigh. Back to the drawing board.
Was This Post Helpful? 0
  • +
  • -

#5 synlight  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 89
  • View blog
  • Posts: 582
  • Joined: 14-September 11

Re: Changing registry settings on end user's machine

Posted 19 December 2013 - 08:48 AM

Thanks skydiver! That's the article I found.

Another question.. it seems like adding the URL to IE's list of trusted websites may also work. Since the user is adding that URL to my application themselves, would it be okay to do that? It would still entail adding a registry key, but it wouldn't modify any other security settings.
Was This Post Helpful? 0
  • +
  • -

#6 Charles:)  Icon User is offline

  • D.I.C Regular

Reputation: 139
  • View blog
  • Posts: 337
  • Joined: 26-November 09

Re: Changing registry settings on end user's machine

Posted 19 December 2013 - 09:49 AM

If you must do it automatically, you should at least inform the user (e.g. via a message box), but it's better to do something like:

  • List it as a manual step that the user must do as part of the installation
  • Have it as an optional step that the installer can do, with a warning that the software won't work if users don't do that step
  • Have the software offer to do it for the user (e.g. when it starts up), again with a warning that the software won't work if they choose not to


The gist is that you should be able to do it for the user, but only if they approve, or at very least they must be aware of what you're doing. You should also have an option (in the software or the un-installer) to remove the site from trusted.
Was This Post Helpful? 2
  • +
  • -

#7 synlight  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 89
  • View blog
  • Posts: 582
  • Joined: 14-September 11

Re: Changing registry settings on end user's machine

Posted 19 December 2013 - 01:22 PM

That's an excellent idea Charles! I am still trying to find a way around this whole mess. I found the IAuthenticate interface, that may do it. But I don't understand how to use it yet.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1