Skip to content

Instantly share code, notes, and snippets.

@awakecoding

awakecoding/InternetSecurityZone.cs

Created March 14, 2023 01:28
Show Gist options
  • Save awakecoding/70cce2181da109dddce6c6a10f82328b to your computer and use it in GitHub Desktop.
Save awakecoding/70cce2181da109dddce6c6a10f82328b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
InternetSecurityZone.cs
namespace UrlMon.InternetSecurityZones
{
using System;
using System.Runtime.InteropServices;
/*
* About URL Security Zones
* https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/ms537183(v=vs.85)
*
* CoInternetCreateSecurityManager function
* https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/ms537157(v=vs.85)
*
* CoInternetCreateZoneManager function
* https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/ms537159(v=vs.85)
*
* chromium source code using url security zone APIs
* https://github.com/chromium/chromium/blob/main/net/http/url_security_manager_win.cc
*/
public enum SZM_FLAGS : uint
{
CREATE = 0,
DELETE = 1,
}
public enum URLTEMPLATE : uint
{
CUSTOM = 0x00000,
PREDEFINED_MIN = 0x10000,
LOW = 0x10000,
MEDLOW = 0x10500,
MEDIUM = 0x11000,
MEDHIGH = 0x11500,
HIGH = 0x12000,
PREDEFINED_MAX = 0x20000,
}
public enum URLZONE : uint
{
LOCAL_MACHINE = 0,
INTRANET = 1,
TRUSTED = 2,
INTERNET = 3,
UNTRUSTED = 4,
}
public enum URLZONEREG : uint
{
DEFAULT = 0,
HKLM = 1,
HKCU = 2,
}
public enum ZAFLAGS : uint
{
CUSTOM_EDIT = 0x00000001,
ADD_SITES = 0x00000002,
REQUIRE_VERIFICATION = 0x00000004,
INCLUDE_PROXY_OVERRIDE = 0x00000008,
INCLUDE_INTRANET_SITES = 0x00000010,
NO_UI = 0x00000020,
SUPPORTS_VERIFICATION = 0x00000040,
UNC_AS_INTRANET = 0x00000080,
DETECT_INTRANET = 0x00000100,
USE_LOCKED_ZONES = 0x00010000,
VERIFY_TEMPLATE_SETTINGS = 0x00020000,
NO_CACHE = 0x00040000
}
public enum PUAF : uint
{
DEFAULT = 0x00000000,
NOUI = 0x00000001,
ISFILE = 0x00000002,
WARN_IF_DENIED = 0x00000004,
FORCEUI_FOREGROUND = 0x00000008,
CHECK_TIFS = 0x00000010,
DONTCHECKBOXINDIALOG = 0x00000020,
TRUSTED = 0x00000040,
ACCEPT_WILDCARD_SCHEME = 0x00000080,
ENFORCERESTRICTED = 0x00000100,
NOSAVEDFILECHECK = 0x00000200,
REQUIRESAVEDFILECHECK = 0x00000400,
DONT_USE_CACHE = 0x00001000,
LMZ_UNLOCKED = 0x00010000,
LMZ_LOCKED = 0x00020000,
DEFAULTZONEPOL = 0x00040000,
NPL_USE_LOCKED_IF_RESTRICTED = 0x00080000,
NOUIIFLOCKED = 0x00100000,
DRAGPROTOCOLCHECK = 0x00200000,
}
public enum PUAFOUT : uint
{
DEFAULT = 0x00000000,
ISLOCKZONEPOLICY = 0x00000001,
}
public enum PSUACTION : uint
{
DEFAULT = 0x00000001,
SECURITY_URL_ONLY = 0x00000002,
}
public enum INTERNETFEATURELIST : uint
{
FEATURE_OBJECT_CACHING = 0,
FEATURE_ZONE_ELEVATION = 1,
FEATURE_MIME_HANDLING = 2,
FEATURE_MIME_SNIFFING = 3,
FEATURE_WINDOW_RESTRICTIONS = 4,
FEATURE_WEBOC_POPUPMANAGEMENT = 5,
FEATURE_BEHAVIORS = 6,
FEATURE_DISABLE_MK_PROTOCOL = 7,
FEATURE_LOCALMACHINE_LOCKDOWN = 8,
FEATURE_SECURITYBAND = 9,
FEATURE_RESTRICT_ACTIVEXINSTALL = 10,
FEATURE_VALIDATE_NAVIGATE_URL = 11,
FEATURE_RESTRICT_FILEDOWNLOAD = 12,
FEATURE_ADDON_MANAGEMENT = 13,
FEATURE_PROTOCOL_LOCKDOWN = 14,
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE = 15,
FEATURE_SAFE_BINDTOOBJECT = 16,
FEATURE_UNC_SAVEDFILECHECK = 17,
FEATURE_GET_URL_DOM_FILEPATH_UNENCODED = 18,
FEATURE_TABBED_BROWSING = 19,
FEATURE_SSLUX = 20,
FEATURE_DISABLE_NAVIGATION_SOUNDS = 21,
FEATURE_DISABLE_LEGACY_COMPRESSION = 22,
FEATURE_FORCE_ADDR_AND_STATUS = 23,
FEATURE_XMLHTTP = 24,
FEATURE_DISABLE_TELNET_PROTOCOL = 25,
FEATURE_FEEDS = 26,
FEATURE_BLOCK_INPUT_PROMPTS = 27,
FEATURE_ENTRY_COUNT = 28,
}
public enum MUTZ_FLAGS : uint
{
NOSAVEDFILECHECK = 0x00000001,
ISFILE = 0x00000002,
ACCEPT_WILDCARD_SCHEME = 0x00000080,
ENFORCERESTRICTED = 0x00000100,
RESERVED = 0x00000200,
REQUIRESAVEDFILECHECK = 0x00000400,
DONT_UNESCAPE = 0x00000800,
DONT_USE_CACHE = 0x00001000,
FORCE_INTRANET_FLAGS = 0x00002000,
IGNORE_ZONE_MAPPINGS = 0x00004000,
}
public enum URLACTION : uint
{
MIN = 0x00001000,
DOWNLOAD_MIN = 0x00001000,
DOWNLOAD_SIGNED_ACTIVEX = 0x00001001,
DOWNLOAD_UNSIGNED_ACTIVEX = 0x00001004,
DOWNLOAD_CURR_MAX = 0x00001004,
DOWNLOAD_MAX = 0x000011FF,
ACTIVEX_MIN = 0x00001200,
ACTIVEX_RUN = 0x00001200,
ACTIVEX_OVERRIDE_OBJECT_SAFETY = 0x00001201,
ACTIVEX_OVERRIDE_DATA_SAFETY = 0x00001202,
ACTIVEX_OVERRIDE_SCRIPT_SAFETY = 0x00001203,
SCRIPT_OVERRIDE_SAFETY = 0x00001401,
ACTIVEX_CONFIRM_NOOBJECTSAFETY = 0x00001204,
ACTIVEX_TREATASUNTRUSTED = 0x00001205,
ACTIVEX_NO_WEBOC_SCRIPT = 0x00001206,
ACTIVEX_OVERRIDE_REPURPOSEDETECTION = 0x00001207,
ACTIVEX_OVERRIDE_OPTIN = 0x00001208,
ACTIVEX_SCRIPTLET_RUN = 0x00001209,
ACTIVEX_DYNSRC_VIDEO_AND_ANIMATION = 0x0000120A,
ACTIVEX_OVERRIDE_DOMAINLIST = 0x0000120B,
ACTIVEX_CURR_MAX = 0x0000120B,
ACTIVEX_MAX = 0x000013ff,
SCRIPT_MIN = 0x00001400,
SCRIPT_RUN = 0x00001400,
SCRIPT_JAVA_USE = 0x00001402,
SCRIPT_SAFE_ACTIVEX = 0x00001405,
CROSS_DOMAIN_DATA = 0x00001406,
SCRIPT_PASTE = 0x00001407,
ALLOW_XDOMAIN_SUBFRAME_RESIZE = 0x00001408,
SCRIPT_XSSFILTER = 0x00001409,
SCRIPT_CURR_MAX = 0x00001409,
SCRIPT_MAX = 0x000015ff,
HTML_MIN = 0x00001600,
HTML_SUBMIT_FORMS = 0x00001601,
HTML_SUBMIT_FORMS_FROM = 0x00001602,
HTML_SUBMIT_FORMS_TO = 0x00001603,
HTML_FONT_DOWNLOAD = 0x00001604,
HTML_JAVA_RUN = 0x00001605,
HTML_USERDATA_SAVE = 0x00001606,
HTML_SUBFRAME_NAVIGATE = 0x00001607,
HTML_META_REFRESH = 0x00001608,
HTML_MIXED_CONTENT = 0x00001609,
HTML_INCLUDE_FILE_PATH = 0x0000160A,
HTML_MAX = 0x000017ff,
SHELL_MIN = 0x00001800,
SHELL_INSTALL_DTITEMS = 0x00001800,
SHELL_MOVE_OR_COPY = 0x00001802,
SHELL_FILE_DOWNLOAD = 0x00001803,
SHELL_VERB = 0x00001804,
SHELL_WEBVIEW_VERB = 0x00001805,
SHELL_SHELLEXECUTE = 0x00001806,
SHELL_EXECUTE_HIGHRISK = 0x00001806,
SHELL_EXECUTE_MODRISK = 0x00001807,
SHELL_EXECUTE_LOWRISK = 0x00001808,
SHELL_POPUPMGR = 0x00001809,
SHELL_RTF_OBJECTS_LOAD = 0x0000180A,
SHELL_ENHANCED_DRAGDROP_SECURITY = 0x0000180B,
SHELL_EXTENSIONSECURITY = 0x0000180C,
SHELL_SECURE_DRAGSOURCE = 0x0000180D,
SHELL_REMOTEQUERY = 0x0000180E,
SHELL_PREVIEW = 0x0000180F,
SHELL_CURR_MAX = 0x0000180F,
SHELL_MAX = 0x000019ff,
NETWORK_MIN = 0x00001A00,
CREDENTIALS_USE = 0x00001A00,
AUTHENTICATE_CLIENT = 0x00001A01,
COOKIES = 0x00001A02,
COOKIES_SESSION = 0x00001A03,
CLIENT_CERT_PROMPT = 0x00001A04,
COOKIES_THIRD_PARTY = 0x00001A05,
COOKIES_SESSION_THIRD_PARTY = 0x00001A06,
COOKIES_ENABLED = 0x00001A10,
NETWORK_CURR_MAX = 0x00001A10,
NETWORK_MAX = 0x00001Bff,
JAVA_MIN = 0x00001C00,
JAVA_PERMISSIONS = 0x00001C00,
JAVA_CURR_MAX = 0x00001C00,
JAVA_MAX = 0x00001Cff,
INFODELIVERY_MIN = 0x00001D00,
INFODELIVERY_NO_ADDING_CHANNELS = 0x00001D00,
INFODELIVERY_NO_EDITING_CHANNELS = 0x00001D01,
INFODELIVERY_NO_REMOVING_CHANNELS = 0x00001D02,
INFODELIVERY_NO_ADDING_SUBSCRIPTIONS = 0x00001D03,
INFODELIVERY_NO_EDITING_SUBSCRIPTIONS = 0x00001D04,
INFODELIVERY_NO_REMOVING_SUBSCRIPTIONS = 0x00001D05,
INFODELIVERY_NO_CHANNEL_LOGGING = 0x00001D06,
INFODELIVERY_CURR_MAX = 0x00001D06,
INFODELIVERY_MAX = 0x00001Dff,
CHANNEL_SOFTDIST_MIN = 0x00001E00,
CHANNEL_SOFTDIST_PERMISSIONS = 0x00001E05,
CHANNEL_SOFTDIST_MAX = 0x00001Eff,
DOTNET_USERCONTROLS = 0x00002005,
BEHAVIOR_MIN = 0x00002000,
BEHAVIOR_RUN = 0x00002000,
FEATURE_MIN = 0x00002100,
FEATURE_MIME_SNIFFING = 0x00002100,
FEATURE_ZONE_ELEVATION = 0x00002101,
FEATURE_WINDOW_RESTRICTIONS = 0x00002102,
FEATURE_SCRIPT_STATUS_BAR = 0x00002103,
FEATURE_FORCE_ADDR_AND_STATUS = 0x00002104,
FEATURE_BLOCK_INPUT_PROMPTS = 0x00002105,
FEATURE_DATA_BINDING = 0x00002106,
FEATURE_CROSSDOMAIN_FOCUS_CHANGE = 0x00002107,
AUTOMATIC_DOWNLOAD_UI_MIN = 0x00002200,
AUTOMATIC_DOWNLOAD_UI = 0x00002200,
AUTOMATIC_ACTIVEX_UI = 0x00002201,
ALLOW_RESTRICTEDPROTOCOLS = 0x00002300,
ALLOW_APEVALUATION = 0x00002301,
WINDOWS_BROWSER_APPLICATIONS = 0x00002400,
XPS_DOCUMENTS = 0x00002401,
LOOSE_XAML = 0x00002402,
LOWRIGHTS = 0x00002500,
WINFX_SETUP = 0x00002600,
INPRIVATE_BLOCKING = 0x00002700,
ALLOW_AUDIO_VIDEO = 0x00002701,
ALLOW_ACTIVEX_FILTERING = 0x00002702,
ALLOW_STRUCTURED_STORAGE_SNIFFING = 0x00002703,
}
public enum URLPOLICY : uint
{
ALLOW = 0x00,
QUERY = 0x01,
DISALLOW = 0x03,
ACTIVEX_CHECK_LIST = 0x00010000,
CREDENTIALS_SILENT_LOGON_OK = 0x00000000,
CREDENTIALS_MUST_PROMPT_USER = 0x00010000,
CREDENTIALS_CONDITIONAL_PROMPT = 0x00020000,
CREDENTIALS_ANONYMOUS_ONLY = 0x00030000,
AUTHENTICATE_CLEARTEXT_OK = 0x00000000,
AUTHENTICATE_CHALLENGE_RESPONSE = 0x00010000,
AUTHENTICATE_MUTUAL_ONLY = 0x00030000,
JAVA_PROHIBIT = 0x00000000,
JAVA_HIGH = 0x00010000,
JAVA_MEDIUM = 0x00020000,
JAVA_LOW = 0x00030000,
JAVA_CUSTOM = 0x00800000,
CHANNEL_SOFTDIST_PROHIBIT = 0x00010000,
CHANNEL_SOFTDIST_PRECACHE = 0x00020000,
CHANNEL_SOFTDIST_AUTOINSTALL = 0x00030000,
BEHAVIOR_CHECK_LIST = 0x00010000,
}
[Guid("79eac9ee-baf9-11ce-8c82-00aa004ba90b")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
[ComImport]
public interface IInternetSecurityManager
{
[PreserveSig]
uint SetSecuritySite(
[In] IntPtr pSite);
[PreserveSig]
uint GetSecuritySite(
out IntPtr pSite);
[PreserveSig]
uint MapUrlToZone(
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszUrl,
out uint pdwZone,
[In] uint dwFlags);
[PreserveSig]
uint GetSecurityId(
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszUrl,
[Out] IntPtr pbSecurityId, [In, Out] ref uint pcbSecurityId,
[In] ref uint dwReserved);
[PreserveSig]
uint ProcessUrlAction(
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszUrl,
uint dwAction,
IntPtr pPolicy, uint cbPolicy,
IntPtr pContext, uint cbContext,
uint dwFlags,
uint dwReserved);
[PreserveSig]
uint QueryCustomPolicy(
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszUrl,
ref Guid guidKey,
out IntPtr ppPolicy, out uint pcbPolicy,
IntPtr pContext, uint cbContext,
uint dwReserved);
[PreserveSig]
uint SetZoneMapping(
uint dwZone,
[In, MarshalAs(UnmanagedType.LPWStr)] string lpszPattern,
uint dwFlags);
[PreserveSig]
uint GetZoneMappings(
[In] uint dwZone,
IntPtr ppenumString,
[In] uint dwFlags);
}
[Guid("79eac9ef-baf9-11ce-8c82-00aa004ba90b")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
[ComImport]
public interface IInternetZoneManager
{
[PreserveSig]
uint GetZoneAttributes(
uint dwZone,
IntPtr pZoneAttributes);
[PreserveSig]
uint SetZoneAttributes(
uint dwZone,
IntPtr pZoneAttributes);
[PreserveSig]
uint GetZoneCustomPolicy(
uint dwZone,
ref Guid guidKey,
out IntPtr ppPolicy,
ref uint pcbPolicy,
uint urlZoneReg);
[PreserveSig]
uint SetZoneCustomPolicy(
uint dwZone,
ref Guid guidKey,
IntPtr pPolicy,
uint cbPolicy,
uint urlZoneReg);
[PreserveSig]
uint GetZoneActionPolicy(
uint dwZone,
uint dwAction,
IntPtr pPolicy,
uint cbPolicy,
uint urlZoneReg);
[PreserveSig]
uint SetZoneActionPolicy(
uint dwZone,
uint dwAction,
IntPtr pPolicy,
uint cbPolicy,
uint urlZoneReg);
[PreserveSig]
uint PromptAction(uint dwAction,
IntPtr hwndParent,
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszUrl,
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszText,
uint dwPromptFlags);
[PreserveSig]
uint LogAction(
uint dwAction,
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszUrl,
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszText,
uint dwLogFlags);
[PreserveSig]
uint CreateZoneEnumerator(
ref uint pdwEnum,
ref uint pdwCount,
uint dwFlags);
[PreserveSig]
uint GetZoneAt(
uint dwEnum,
uint dwIndex,
ref uint pdwZone);
[PreserveSig]
uint DestroyZoneEnumerator(
uint dwEnum);
[PreserveSig]
uint CopyTemplatePoliciesToZone(
uint dwTemplate,
uint dwZone,
uint dwReserved);
}
public static class UrlMon
{
[DllImport("urlmon.dll")]
public static extern uint CoInternetCreateSecurityManager(IntPtr pSP,
[MarshalAs(UnmanagedType.IUnknown)] out object ppISM, uint dwReserved);
[DllImport("urlmon.dll")]
public static extern uint CoInternetCreateZoneManager(IntPtr pSP,
[MarshalAs(UnmanagedType.IUnknown)] out object ppIZM, uint dwReserved);
}
}
namespace UrlMon.InternetSecurityZones
{
using System;
public static class InternetSecurityManager
{
private static readonly IInternetSecurityManager iface;
static InternetSecurityManager()
{
UrlMon.CoInternetCreateSecurityManager(IntPtr.Zero, out object pUnk, 0);
iface = (IInternetSecurityManager)pUnk;
}
public static uint CreateZoneMapping(URLZONE zone, string pattern)
{
// ERROR_FILE_EXISTS (0x80070050)
return SetZoneMapping(zone, pattern, SZM_FLAGS.CREATE);
}
public static uint DeleteZoneMapping(URLZONE zone, string pattern)
{
return SetZoneMapping(zone, pattern, SZM_FLAGS.DELETE);
}
public static uint SetZoneMapping(URLZONE zone, string pattern, SZM_FLAGS flags)
{
return iface.SetZoneMapping((uint)zone, pattern, (uint)flags);
}
public static uint MapUrlToZone(string url, ref uint zone, uint flags)
{
return iface.MapUrlToZone(url, out zone, flags);
}
public static bool IsIntranetSite(string url)
{
uint zone = 0;
if (MapUrlToZone(url, ref zone, 0) != 0)
{
return false;
}
return (zone == (uint)URLZONE.INTRANET);
}
public static bool EnsureIntranetSite(string url)
{
if (!IsIntranetSite(url))
{
// returns true if intranet zone mapping was added
return CreateZoneMapping(URLZONE.INTRANET, url) == 0;
}
return false; // no zone mapping was added (already an intranet site)
}
public static string GetMappedSiteUrl(string url)
{
Uri uri = new Uri(url);
return string.Format("{0}://{1}", uri.Scheme, uri.Host);
}
public static bool CanUseDefaultCredentials(string url)
{
uint policy = 0;
bool canUse;
unsafe
{
uint* ptrPolicy = (uint*)policy;
IntPtr pPolicy = new IntPtr(ptrPolicy);
uint cbPolicy = sizeof(uint);
var hr = iface.ProcessUrlAction(url,
(uint)URLACTION.CREDENTIALS_USE,
pPolicy, cbPolicy,
IntPtr.Zero, 0,
(uint)PUAF.NOUI, 0);
if (hr != 0)
{
return false;
}
}
if (policy == (uint)URLPOLICY.CREDENTIALS_SILENT_LOGON_OK)
{
canUse = true;
}
else if (policy == (uint)URLPOLICY.CREDENTIALS_CONDITIONAL_PROMPT)
{
uint zone = 0;
if (MapUrlToZone(url, ref zone, 0) != 0)
{
return false;
}
canUse = (zone <= (uint)URLZONE.INTRANET);
}
else if (policy == (uint)URLPOLICY.CREDENTIALS_MUST_PROMPT_USER)
{
canUse = false;
}
else if (policy == (uint)URLPOLICY.CREDENTIALS_ANONYMOUS_ONLY)
{
canUse = false;
}
else
{
canUse = false;
}
return canUse;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment