Custom IInternetSecurityManager not being called w

2019-01-27 08:58发布

问题:

Hello and thank you for looking.

Problem Description:

I have implemented a c# WinForm application with the browser control embedded and have implemented IInternetSecurityManager to perform the tasks we need in order to allow cross-domain access in iframes with our locally installed web pages.

All things are working as expected with IInternetSecurityManager, IOleClientSite, IDocHostShowUI and IDocHostUIHandler. In other words, we are being called by the browser control for all of our implementations.

The problem is when the web page loaded in the browser control has script that calls window.showModalDialog(): The browser control instance that is being used no longer communicates with our client site. Absolutely no QueryInterface calls or any other methods are called in any of the interfaces mentioned above.

The document in the dialog is not using our security manager implementation I am assuming because the web browser control in the dialog that IE displays is not the same one we called SetClientSite() on.

Question:

How do we talk to this new browser control? We need to be able to give the browser control in the dialog that is shown by IE, our IInternetSecurityManager implementation. But, we never get the opportunity to tell it about our client site to make the hook up, so to speak. In other words, there is no communication from IE that tells us via an interface that says, "I am a new browser control created by IE and here is my IUnknown interface. This your chance to set my client site, etc." We would be golden if there was such a notification coming from IE.

The result is two different security contexts are being used and our applicaiton fails any time we are in a dialog using an iframe, because our IInternetSecurityManager implementation is not in use.

Example Source Code:

I have chiseled away at source code to protect the innocent :) and have reduced down to something I think you can work with in its own Visual Studio 2010 solution.

Please read the ReadMe.txt file for information on the problem, repro steps, etc.

The test web pages I wrote display information and steps to guide you through the use of the sample.

Please let me know if you have questions about what I am trying to accomplish or if the sample isn’t clear enough.

Please advise. Thank you.

http://home.comcast.net/~lowrider2112/bin/TestIEHost.rar

回答1:

You can override the web-browser's control method CreateWebBrowserSiteBase.

protected override WebBrowserSiteBase CreateWebBrowserSiteBase()
{
    return new ExtendedWebBrowserSite(this);
} 

and implement ExtendedWebBrowserSite like this:

class ExtendedWebBrowserSite : WebBrowser.WebBrowserSite,
    IDocHostShowUI,
    IfacesEnumsStructsClasses.IServiceProvider,
    IInternetSecurityManager
    ...

That can call the class IInternetSecurityManager.



回答2:

One option would be to create your own dialog form (in C#) with another custom-security WebBrowser control on it. Then you can call from Javascript to C# to open the form instead of using showModalDialog.