1

I need to create a custom security manager for a hosted WebBrowser control in my C# application. The hosted WebBrowser control should be independent from IE security and privacy settings.

Problem: If IE privacy settings are set to "High", the websites that depend on cookies don't function properly in hosted WebBrowser control (sites work fine if the privacy setting is set to "Medium").

The winform that hosts the WebBrowser control provides below implementation for GetSecurityId, MapUrlToZone and ProcessUrlAction. The ProcessUrlAction gets called by the embedded browser for URL Actions like ACTIVEX_RUN, SCRIPT_RUN; but it's not getting called for any cookie related url actions.

Is there some way to enable cookies for webbrowser control? Or is there something wrong with below code?

private void InitBrowserSecurityData()
{
    securityID = new byte[MAX_SIZE_SECURITY_ID];

    securityID[0] = (byte)'f';
    securityID[1] = (byte)'i';
    securityID[2] = (byte)'l';
    securityID[3] = (byte)'e';
    securityID[4] = (byte)':';
    securityID[5] = 0;
    securityID[6] = 3;
    securityID[7] = 0;
    securityID[8] = 0;
    securityID[9] = 0;
}

//GetSecurityId
int IInternetSecurityManager.GetSecurityId(string pwszUrl, IntPtr pbSecurityId, ref uint pcbSecurityId, ref uint dwReserved)
{
    if (pcbSecurityId >= MAX_SIZE_SECURITY_ID)
    {
        Marshal.Copy(securityID, 0, pbSecurityId, MAX_SIZE_SECURITY_ID);
        pcbSecurityId = 9;
        return HResults.S_OK;
    }
    return (int)WinInetErrors.INET_E_DEFAULT_ACTION;
}

//MapUrlToZone
int IInternetSecurityManager.MapUrlToZone(string pwszUrl, out uint pdwZone, uint dwFlags)
{
    pdwZone = (uint)tagURLZONE.URLZONE_LOCAL_MACHINE;
    return HResults.S_OK;
}

//ProcessUrlAction
int IInternetSecurityManager.ProcessUrlAction(string pwszUrl, uint dwAction, IntPtr pPolicy, 
    uint cbPolicy, IntPtr pContext, uint cbContext, uint dwFlags, uint dwReserved)
{
    URLACTION action = (URLACTION)dwAction;

    bool hasUrlPolicy = (cbPolicy >= unchecked((uint)Marshal.SizeOf(typeof(int))));
    URLPOLICY urlPolicy = (hasUrlPolicy) ? (URLPOLICY)Marshal.ReadInt32(pPolicy) : URLPOLICY.ALLOW;

    bool hasContext = (cbContext >= unchecked((uint)Marshal.SizeOf(typeof(Guid))));
    Guid context = (hasContext) ? (Guid)Marshal.PtrToStructure(pContext, typeof(Guid)) : Guid.Empty;
    //all URL actions are allowed
    if (hasUrlPolicy)
    {
        urlPolicy = URLPOLICY.ALLOW;
        Marshal.WriteInt32(pPolicy, (int)urlPolicy);
        return HResults.S_OK;
    }
    return (int)WinInetErrors.INET_E_DEFAULT_ACTION;
}

I have already seen these questions, but they don't work for me.

Security Level for WebBrowser control

Custom IInternetSecurityManager not being called with dialogs

overriding GetSecurityId in IInternetSecurityManager

Community
  • 1
  • 1
CPJoshi
  • 387
  • 4
  • 11
  • I have got a similar problem. Could your problem be solved? – 1' OR 1 -- Oct 01 '11 at 13:45
  • Sorry for this late reply Birk. Looks the Cookie actions are never passed to IInternetSecurityManager...Have a look at [this](http://www.tech-archive.net/Archive/InetSDK/microsoft.public.inetsdk.programming.webbrowser_ctl/2006-03/msg00073.html) – CPJoshi Oct 12 '11 at 08:26

1 Answers1

2

It seems Internet explorer does not pass Cookie actions to IInternetSecurityManager. That's the reason it's hard to override IE privacy settings in embedded browser control. Some wise people already figured this out long time back here

CPJoshi
  • 387
  • 4
  • 11