ID: Q156904
The information in this article applies to:
In order to access a secured Internet resource via a URL moniker, a host must implement the IAuthenticate interface on the same object that exposes IBindStatusCallback. The documentation on IAuthenticate in the ActiveX SDK indicates that there are two possible ways to implement IAuthenticate:
1. Return a valid HWND to serve as the parent HWND for a default
authentication dialog box.
2. Return a valid user name and password.
While the first implementation works as expected, the alternative implementation fails during the bind operation.
When authentication is required to access an Internet resource, the server may have replied to the client with some data indicating the failure to access the desired data. If, for example the client makes an HTTP request, the server typically replies with a boilerplate HTML page. It is the client's responsibility to completely read all this data from the socket before attempting to re-send the request with the correct authentication information. There is a bug in Wininet.dll that fails to do this.
This problem does not occur when IAuthenticate::Authenticate returns a valid HWND to Urlmon.dll because internally Urlmon.dll calls the WININET API InternetErrorDlg() to retrieve authentication information from the user. In addition to obtaining a user name and password, InternetErrorDlg() drains the socket of any extraneous data on behalf of Urlmon.dll.
Microsoft has confirmed this to be a bug in the Microsoft products listed at the beginning of this article. This problem has been fixed in Internet Explorer 4.0.
ActiveX SDK online documentation
For additional information, please see the following article in the Microsoft Knowledge Base:
ARTICLE-ID: Q156905
TITLE : How To Use IAuthenticate to Bind to a Secured HTML Page
Keywords : AXSDKUrlMon
Version : 1.0
Platform : WINDOWS
Issue type : kbbug
Solution Type : kbfix
Last Reviewed: October 5, 1997