SAMPLE: Secumgr.exe Overrides Security Manager for WebBrowser Host (246227)

MORE INFORMATION

The following file is available for download from the Microsoft Download Center:
Release Date: Nov-15-1999

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base: Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. SECUMGR is an MFC dialog-based application that hosts the WebBrowser control. It exposes an implementation of the IInternetSecurityManager interface from the control site, which is used by the WebBrowser to override traditional security decisions. The highlighted function in this sample is ProcessUrlAction in the Custsite.cpp.

The sample provides a handful of check boxes to the user for disabling security-related functionality. These buttons map to URLACTIONs that are passed in to ProcessUrlAction. SECUMGR passes back the correct URLPOLICY to enable or disable these features (ActiveX, Script, Java) as requested. Note that most security decisions are made during page load and are not modifiable on the fly.

Not all URLACTIONs can be set to a lower security policy. For example, in Internet Explorer 5.0, you cannot change the action for URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX from URLPOLICY_QUERY to URLPOLICY_ALLOW.

NOTE: In order to implement the IInternetSecurityManager interface on the control site, SECUMGR uses an unofficial technique that may not work correctly in future MFC versions. For additional information, click the article number below to view the article in the Microsoft Knowledge Base: