I am trying to automate testing for a site that uses an iFrame(?) sort of punch-out which links to another website's catalogue to make purchases. The process is the user will login and be able to select a set of catalogues to connect to. Upon clicking a catalogue set they will be prompted w/ this security dialog:
and once they click 'Show all content' they are prompted w/ this:
This will take them to the actual catalogue site where they can place orders. Is there any way to interact w/ these prompts?
Try AutoIT, It can click on the screen using windows ids
https://www.autoitscript.com/site/autoit/
It'll create an exe and just call the exe whenever you like.
Selenium Webdriver is not able to interact with native browser popups. It does with JavaScript alerts and dialogs but that's not what you are trying to do.
The common solution to working with dialogs (file uploads, login dialogs) is to circumvent them by sending the file data or login info to the HTTP request.
See this question or this question for examples of these two scenarios. In your case you can't do that.
You could use another product (something other than Selenium) or change the IE configuration or the setup/environment of the tests so you are not prompted by these security alerts.
For example, for your first alert: "Only secure content is displayed", you can disable it by going in the IE options, security, Custom Level and then disabling Display non secure items.
Related
Using WebView2 browser when a user clicks a link that opens another program, this prompt shows up every time.
Is there a way to suppress this in WebView2?
You can use the NavigationStarting event to cancel navigations to URIs that start with the URI schemes you care about and then do whatever you like with that URI. For example, call ShellExecuteExW, or Windows.System.Launcher.LaunchUriAsync with the URI so that the OS opens the URI.
As Yu Zhou notes this is dangerous if its arbitrary websites opening arbitrary applications as in the case of a web browser. If you're going to skip this security prompt you should ensure that you own the web content or trust the web content in the WebView2 to not be malicious. If you are showing arbitrary URIs or user submitted web content you should not skip the prompt.
I can understand that you want to bypass the prompt, but it's by design and we can't change it. It is designed for security. This prompt is the only thing standing between every arbitrary site on the Internet (loaded inside your browser’s sandbox) and a full-trust application on your computer (running outside of the browser’s sandbox).
The only thing we can do to reduce the pain is to check the "Always allow..." checkbox, so that the prompt won't show at the next time.
I have a single solution with multiple C# ASP.NET Web Forms projects. I want a way to identify a given browser so that each website can identifier that same browser. I need to do this from the C# Code-Behind code (not with the client code, like JavaScript). I also cannot use the Session because it isn't shared across websites. I don't think cookies are either.
For example, if a user logs onto Website1 and then logs onto Website2 with the same browser on the same computer, I want to be able to identify that. But if a user logs onto Website1 with Chrome and then Website1 with FireFox (regardless of whether it's on the same computer or not), I want to detect that as well.
If it makes any difference, I am using Azure to publish my web projects. So all websites will have similar domains (eg website1.azurewebsites.net and website2.azurewebsites.net).
If you want to track someone using the same browser on the same computer then use a cookie. If the websites have different domains you'll need to be clever because modern browsers have a lot of protection against what they see as tracking cookies. One option is using a hidden interstitial page as described here.
Your second scenario, a user accessing same site with different browsers, I suggest storing the user agent string (one of the request headers) and adding this to a login audit so you can build up a collection of different user agents used by a given user. There are libraries available for parsing user agent strings and extracting name, version, engine etc.
Between these two techniques and a bit of business logic you should get what you need. If you would like me to clarify any of this, let me know and I'll provide more detail.
Is it possible to clear browsing data, cookies, active logins, etc. behind the scenes(programatically) on chrome custom tabs?
My goal is to have the user be prompted to login every time they open the custom tab (instead of being logged in automatically)
Shared cookie jar and permissions model so users don't have to log in to sites they are already connected to, or re-grant permissions they have already granted.
Chrome Custom Tabs is the Chrome browser (via the Chrome service and custom Intents) and thus the cache, cookies, etc.. are shared (actually the same).
The answer is no, you can not programmatically clear the data of Chrome.
Note: Right now there is no support of creating an Incognito-based Custom Tab
I would issue the user a transient/session cookie so it does not get persisted if you wish to forced a re-login on the start of every new session.
"My goal is to have the user be prompted to login every time they open the custom tab (instead of being logged in automatically)"
As of now July 2020, on appauth's request builder you can use the method setPrompt(AuthorizationRequest.Prompt.LOGIN)
This will prompt the user to login every time.
If this method isn't provided and let's say there is some persistence needed (to log the user in automatically after they have logged in). If the server issues cookies to do this Currently it is a challenge to log the user out using an endpoint
I have an ASP.Net C# Web Application in which I have added Windows Live oAuth authentication (I am not using the code supplied by the Visual Studio project template for oAuth). I have two return pages in my application where the user should come back after authenticating with the Windows Live oAuth Service. The reason I have two end points is to distinguish two different modes in my application based on where the user returns.
Anyways, the problem is that when I add the second URL in the configuration screen of Microsoft Windows live at https://account.live.com/developers/applications/apisettings/, the Microsoft Live page simply does not save it. Here is what I am doing:
Go to https://account.live.com/developers/applications/index
Click Application name and then edit Settings
go To API Settings
Click "Add another redirect URL"
Added my second URL and clicked save.
The second text box where I entered the URL simply disappears and my second URL does not work in the oAuth flow.
If any of you has faced a similar issue, do you have a work around? If this is something Microsoft should fix, where should I raise this bug with Microsoft?
Update: I have also tried a work around of creating two applications, so that each one has one of the return URLs, but Microsoft does not allow two applications with the same root domain URL. :(
I have the same issue.
This is not your fault, and there is nothing other than Microsoft would be able to fix it.
Is there a Win32 function I can call to show a Windows login dialog?
E.g., Internet Explorer and Visual Studio's Team Explorer both show a credentials dialog when accessing a website - how can I show that dialog?
I have a .NET Windows client application that uses the logged in Windows user identity when communicating to web services. The services use that user ID to determine who is calling the service and to decide what they have permissions to see.
I would like to add a command that allows the current user to do effectively a "run as", where they can enter the username/password of another user and we have the application act as them.
I could build a custom dialog and use the LoginUser() function, but I would rather use something "official".
You can use the CredUIPromptForCredentials API function
See also here
I think you're stuck creating your own dialog. It's not that hard to make it look official though.