Type a page name and press Enter. You'll jump to the page if it exists, or you can create it if it doesn't.
To create a page in a module other than Interfaces, prefix the name with the module name and a period.
[return: MarshalAs(UnmanagedType.I4)][PreserveSig]
int SetZoneMapping(UInt32 dwZone,
[In,MarshalAs(UnmanagedType.LPWStr)] string lpszPattern,
UInt32 dwFlags);
[return: MarshalAs(UnmanagedType.I4)][PreserveSig]
int GetZoneMappings(UInt32 dwZone, out UCOMIEnumString ppenumString,
UInt32 dwFlags);
}
C# Sample Application:
This sample uses IInternetSecurityManager within an ActiveX control to determine the Zone from which the web page hosting the control is loaded. If the Zone is not My Computer, a flag is thrown indicating the zone is not safe. This is useful for cases where you want to mark a control as safe for scripting, but you want to limit the zones in which it is allowed to run or to perform certain actions, something IE security does not allow. Note that you will need to add shdocvw.dll as a reference within your project, and that you should set "Register for COM Interop" to True in Project Properties | Configuration Properties | Build.
[Guid("<class guid>")]
[ClassInterface(ClassInterfaceType.None)]
[ProgId("IEZoneSecurity.ZoneSecurityDemo")]
public class ZoneSecurityDemo : System.Windows.Forms.Control, _ZoneSecurityDemo
{
private Guid _IID_TopLevelBrowser = new Guid("4C96BE40-915C-11CF-99D3-00AA004AE837");
private Guid _IID_WebBrowserApp = new Guid("0002DF05-0000-0000-C000-000000000046");
private Guid _CLSID_SecurityManager = new Guid("7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4");
private bool _ZoneSafetyConfirmed = false;
public void AssessZoneSafety()
{
object oleClientSiteObj = null;
IEZoneSecurity.IServiceProvider serviceProvider = null;
object topServiceProviderObj = null;
IServiceProvider topServiceProvider = null;
object webBrowserObj = null;
SHDocVw.IWebBrowser webBrowser = null;
try
{
// Get the client site service provider.
Type iOleObjectType = this.GetType().GetInterface("IOleObject", true);
oleClientSiteObj = iOleObjectType.InvokeMember("GetClientSite",
BindingFlags.Instance |
BindingFlags.InvokeMethod |
BindingFlags.Public, null,
this, null);
serviceProvider = oleClientSiteObj as IEZoneSecurity.IServiceProvider;
// Get top level browser service provider.
Guid IID_TopLevelBrowser = _IID_TopLevelBrowser;
Guid Riid = typeof(IEZoneSecurity.IServiceProvider).GUID;
topServiceProviderObj = null;
serviceProvider.QueryService(ref IID_TopLevelBrowser, ref Riid,
out topServiceProviderObj);
topServiceProvider = topServiceProviderObj as IServiceProvider;
// Get web browser object.
Guid IID_WebBrowserApp = _IID_WebBrowserApp;
Riid = typeof(SHDocVw.IWebBrowser).GUID;
webBrowserObj = null;
topServiceProvider.QueryService(ref IID_WebBrowserApp, ref Riid,
out webBrowserObj);
webBrowser = webBrowserObj as SHDocVw.IWebBrowser;
// Determine which zone the browser is currently in.
Type t = Type.GetTypeFromCLSID(_CLSID_SecurityManager);
object securityManager = Activator.CreateInstance(t);
IInternetSecurityManager ISM = securityManager as IInternetSecurityManager;
uint Zone;
ISM.MapUrlToZone(webBrowser.LocationURL, out Zone, 0);
Marshal.ReleaseComObject(securityManager);
// Only accept calls from the My Computer zone.
if (Zone == 0)
_ZoneSafetyConfirmed = true;
}
catch
{
}
finally
{
if (webBrowser != null)
Marshal.ReleaseComObject(webBrowser);
if (webBrowserObj != null)
Marshal.ReleaseComObject(webBrowserObj);
if (topServiceProvider != null)
Marshal.ReleaseComObject(topServiceProvider);
if (topServiceProviderObj != null)
Marshal.ReleaseComObject(topServiceProviderObj);
if (serviceProvider!= null)
Marshal.ReleaseComObject(serviceProvider);
if (oleClientSiteObj != null)
Marshal.ReleaseComObject(oleClientSiteObj);
}
}
}
}
VB Definition:
<ComImport(), GuidAttribute("79EAC9EE-BAF9-11CE-8C82-00AA004BA90B")> _
<InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)> _
Public Interface IInternetSecurityManager
<PreserveSig()> _
Function SetSecuritySite(<[In]()> ByVal pSite As IntPtr) As <MarshalAs(UnmanagedType.I4)> Integer
to do
<PreserveSig()> _
Function GetSecuritySite(<[Out]()> ByVal pSite As IntPtr) As <MarshalAs(UnmanagedType.I4)> Integer
VB Sample Application:
<PreserveSig()> _
Function MapUrlToZone(<[In]()> <MarshalAs(UnmanagedType.LPWStr)> ByVal pwszUrl As String,
ByRef pdwZone As UInt32, ByVal dwFlags As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer
User-Defined Types:
None.
<PreserveSig()> _
Function GetSecurityId(<MarshalAs(UnmanagedType.LPWStr)> ByVal pwszUrl As String,
<MarshalAs(UnmanagedType.LPArray)> ByVal pbSecurityId As Byte(),
ByRef pcbSecurityId As UInt32, ByVal dwReserved As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer
Notes:
I haven't been able to get this to work at all in JavaScript unless the ActiveX control in is object tags.
<PreserveSig()> _
Function ProcessUrlAction(<[In]()> <MarshalAs(UnmanagedType.LPWStr)> ByVal pwszUrl As String,
ByVal dwAction As UInt32, <[Out]()> ByVal pPolicy As Byte, ByVal cbPolicy As UInt32,
ByVal pContext As Byte, ByVal cbContext As UInt32, ByVal dwFlags As UInt32,
ByVal dwReserved As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer
So, even if your ActiveX control doesn't have any UI, don't do this:
<PreserveSig()> _
Function QueryCustomPolicy(<[In]()> <MarshalAs(UnmanagedType.LPWStr)> ByVal pwszUrl As String,
ByRef guidKey As Guid, ByRef ppPolicy As Byte, ByRef pcbPolicy As UInt32,
ByRef pContext As Byte, ByVal cbContext As UInt32, ByVal dwReserved As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer
<script language=javascript>
MyObject = new ActiveXObject("IEZoneSecurity.ZoneSecurityDemo");
</script>
<PreserveSig()> _
Function SetZoneMapping(ByVal dwZone As UInt32,
<[In]()> <MarshalAs(UnmanagedType.LPWStr)> ByVal lpszPattern As String,
ByVal dwFlags As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer
Instead, do this:
<PreserveSig()> _
Function GetZoneMappings(ByVal dwZone As UInt32, <[Out]()> ByVal ppenumString As IEnumString,
ByVal dwFlags As UInt32) As <MarshalAs(UnmanagedType.I4)> Integer 'As UCOMIEnumString
End Interface
VB Sample Application:
User-Defined Types:
None.
Notes:
I haven't been able to get this to work at all in JavaScript unless the ActiveX control in is object tags.
So, even if your ActiveX control doesn't have any UI, don't do this:
<script language=javascript>
MyObject = new ActiveXObject("IEZoneSecurity.ZoneSecurityDemo");