When URL moniker meets security problems
URL moniker is a very useful. For example, URLDownloadToFile allows you to download files using IE. While it's easy to write code to do that job yourself, the users may be appreciated if they do not have to config it for their proxy.
Three months ago I met some problems with URLDownloadToFile when dealing with https url. If IE is used, it will pop up an error saying the certificate is not trusted, obviously the owner of the site does not want to spend money to get their certificate signed. URLDownloadToFile will simply fail in this case, it won't show you the dialog as IE does.
To see the dialog, we need to implement a callback object and pass it to URLDownloadToFile. MSDN simply said the callback should implement BindStatusCallback, but here, we need IHttpSecurity as well. And most important method is GetWindow() method. URLDownloadToFile need this to report error.
Three months ago I met some problems with URLDownloadToFile when dealing with https url. If IE is used, it will pop up an error saying the certificate is not trusted, obviously the owner of the site does not want to spend money to get their certificate signed. URLDownloadToFile will simply fail in this case, it won't show you the dialog as IE does.
To see the dialog, we need to implement a callback object and pass it to URLDownloadToFile. MSDN simply said the callback should implement BindStatusCallback, but here, we need IHttpSecurity as well. And most important method is GetWindow() method. URLDownloadToFile need this to report error.
class Callback : public IBindStatusCallback, IHttpSecurity
{
...
STDMETHOD(GetWindow)(REFGUID rguidReason, HWND *phwnd)
{
if (NULL != phwnd_)
{
(*phwnd) = (*phwnd_);
}
else
{
(*phwnd) = GetDesktopWindow();
}
return S_OK;
}
...
};