Created
March 14, 2023 01:28
-
-
Save awakecoding/70cce2181da109dddce6c6a10f82328b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
namespace UrlMon.InternetSecurityZones | |
{ | |
using System; | |
using System.Runtime.InteropServices; | |
/* | |
* About URL Security Zones | |
* https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/ms537183(v=vs.85) | |
* | |
* CoInternetCreateSecurityManager function | |
* https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/ms537157(v=vs.85) | |
* | |
* CoInternetCreateZoneManager function | |
* https://learn.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/ms537159(v=vs.85) | |
* | |
* chromium source code using url security zone APIs | |
* https://github.com/chromium/chromium/blob/main/net/http/url_security_manager_win.cc | |
*/ | |
public enum SZM_FLAGS : uint | |
{ | |
CREATE = 0, | |
DELETE = 1, | |
} | |
public enum URLTEMPLATE : uint | |
{ | |
CUSTOM = 0x00000, | |
PREDEFINED_MIN = 0x10000, | |
LOW = 0x10000, | |
MEDLOW = 0x10500, | |
MEDIUM = 0x11000, | |
MEDHIGH = 0x11500, | |
HIGH = 0x12000, | |
PREDEFINED_MAX = 0x20000, | |
} | |
public enum URLZONE : uint | |
{ | |
LOCAL_MACHINE = 0, | |
INTRANET = 1, | |
TRUSTED = 2, | |
INTERNET = 3, | |
UNTRUSTED = 4, | |
} | |
public enum URLZONEREG : uint | |
{ | |
DEFAULT = 0, | |
HKLM = 1, | |
HKCU = 2, | |
} | |
public enum ZAFLAGS : uint | |
{ | |
CUSTOM_EDIT = 0x00000001, | |
ADD_SITES = 0x00000002, | |
REQUIRE_VERIFICATION = 0x00000004, | |
INCLUDE_PROXY_OVERRIDE = 0x00000008, | |
INCLUDE_INTRANET_SITES = 0x00000010, | |
NO_UI = 0x00000020, | |
SUPPORTS_VERIFICATION = 0x00000040, | |
UNC_AS_INTRANET = 0x00000080, | |
DETECT_INTRANET = 0x00000100, | |
USE_LOCKED_ZONES = 0x00010000, | |
VERIFY_TEMPLATE_SETTINGS = 0x00020000, | |
NO_CACHE = 0x00040000 | |
} | |
public enum PUAF : uint | |
{ | |
DEFAULT = 0x00000000, | |
NOUI = 0x00000001, | |
ISFILE = 0x00000002, | |
WARN_IF_DENIED = 0x00000004, | |
FORCEUI_FOREGROUND = 0x00000008, | |
CHECK_TIFS = 0x00000010, | |
DONTCHECKBOXINDIALOG = 0x00000020, | |
TRUSTED = 0x00000040, | |
ACCEPT_WILDCARD_SCHEME = 0x00000080, | |
ENFORCERESTRICTED = 0x00000100, | |
NOSAVEDFILECHECK = 0x00000200, | |
REQUIRESAVEDFILECHECK = 0x00000400, | |
DONT_USE_CACHE = 0x00001000, | |
LMZ_UNLOCKED = 0x00010000, | |
LMZ_LOCKED = 0x00020000, | |
DEFAULTZONEPOL = 0x00040000, | |
NPL_USE_LOCKED_IF_RESTRICTED = 0x00080000, | |
NOUIIFLOCKED = 0x00100000, | |
DRAGPROTOCOLCHECK = 0x00200000, | |
} | |
public enum PUAFOUT : uint | |
{ | |
DEFAULT = 0x00000000, | |
ISLOCKZONEPOLICY = 0x00000001, | |
} | |
public enum PSUACTION : uint | |
{ | |
DEFAULT = 0x00000001, | |
SECURITY_URL_ONLY = 0x00000002, | |
} | |
public enum INTERNETFEATURELIST : uint | |
{ | |
FEATURE_OBJECT_CACHING = 0, | |
FEATURE_ZONE_ELEVATION = 1, | |
FEATURE_MIME_HANDLING = 2, | |
FEATURE_MIME_SNIFFING = 3, | |
FEATURE_WINDOW_RESTRICTIONS = 4, | |
FEATURE_WEBOC_POPUPMANAGEMENT = 5, | |
FEATURE_BEHAVIORS = 6, | |
FEATURE_DISABLE_MK_PROTOCOL = 7, | |
FEATURE_LOCALMACHINE_LOCKDOWN = 8, | |
FEATURE_SECURITYBAND = 9, | |
FEATURE_RESTRICT_ACTIVEXINSTALL = 10, | |
FEATURE_VALIDATE_NAVIGATE_URL = 11, | |
FEATURE_RESTRICT_FILEDOWNLOAD = 12, | |
FEATURE_ADDON_MANAGEMENT = 13, | |
FEATURE_PROTOCOL_LOCKDOWN = 14, | |
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE = 15, | |
FEATURE_SAFE_BINDTOOBJECT = 16, | |
FEATURE_UNC_SAVEDFILECHECK = 17, | |
FEATURE_GET_URL_DOM_FILEPATH_UNENCODED = 18, | |
FEATURE_TABBED_BROWSING = 19, | |
FEATURE_SSLUX = 20, | |
FEATURE_DISABLE_NAVIGATION_SOUNDS = 21, | |
FEATURE_DISABLE_LEGACY_COMPRESSION = 22, | |
FEATURE_FORCE_ADDR_AND_STATUS = 23, | |
FEATURE_XMLHTTP = 24, | |
FEATURE_DISABLE_TELNET_PROTOCOL = 25, | |
FEATURE_FEEDS = 26, | |
FEATURE_BLOCK_INPUT_PROMPTS = 27, | |
FEATURE_ENTRY_COUNT = 28, | |
} | |
public enum MUTZ_FLAGS : uint | |
{ | |
NOSAVEDFILECHECK = 0x00000001, | |
ISFILE = 0x00000002, | |
ACCEPT_WILDCARD_SCHEME = 0x00000080, | |
ENFORCERESTRICTED = 0x00000100, | |
RESERVED = 0x00000200, | |
REQUIRESAVEDFILECHECK = 0x00000400, | |
DONT_UNESCAPE = 0x00000800, | |
DONT_USE_CACHE = 0x00001000, | |
FORCE_INTRANET_FLAGS = 0x00002000, | |
IGNORE_ZONE_MAPPINGS = 0x00004000, | |
} | |
public enum URLACTION : uint | |
{ | |
MIN = 0x00001000, | |
DOWNLOAD_MIN = 0x00001000, | |
DOWNLOAD_SIGNED_ACTIVEX = 0x00001001, | |
DOWNLOAD_UNSIGNED_ACTIVEX = 0x00001004, | |
DOWNLOAD_CURR_MAX = 0x00001004, | |
DOWNLOAD_MAX = 0x000011FF, | |
ACTIVEX_MIN = 0x00001200, | |
ACTIVEX_RUN = 0x00001200, | |
ACTIVEX_OVERRIDE_OBJECT_SAFETY = 0x00001201, | |
ACTIVEX_OVERRIDE_DATA_SAFETY = 0x00001202, | |
ACTIVEX_OVERRIDE_SCRIPT_SAFETY = 0x00001203, | |
SCRIPT_OVERRIDE_SAFETY = 0x00001401, | |
ACTIVEX_CONFIRM_NOOBJECTSAFETY = 0x00001204, | |
ACTIVEX_TREATASUNTRUSTED = 0x00001205, | |
ACTIVEX_NO_WEBOC_SCRIPT = 0x00001206, | |
ACTIVEX_OVERRIDE_REPURPOSEDETECTION = 0x00001207, | |
ACTIVEX_OVERRIDE_OPTIN = 0x00001208, | |
ACTIVEX_SCRIPTLET_RUN = 0x00001209, | |
ACTIVEX_DYNSRC_VIDEO_AND_ANIMATION = 0x0000120A, | |
ACTIVEX_OVERRIDE_DOMAINLIST = 0x0000120B, | |
ACTIVEX_CURR_MAX = 0x0000120B, | |
ACTIVEX_MAX = 0x000013ff, | |
SCRIPT_MIN = 0x00001400, | |
SCRIPT_RUN = 0x00001400, | |
SCRIPT_JAVA_USE = 0x00001402, | |
SCRIPT_SAFE_ACTIVEX = 0x00001405, | |
CROSS_DOMAIN_DATA = 0x00001406, | |
SCRIPT_PASTE = 0x00001407, | |
ALLOW_XDOMAIN_SUBFRAME_RESIZE = 0x00001408, | |
SCRIPT_XSSFILTER = 0x00001409, | |
SCRIPT_CURR_MAX = 0x00001409, | |
SCRIPT_MAX = 0x000015ff, | |
HTML_MIN = 0x00001600, | |
HTML_SUBMIT_FORMS = 0x00001601, | |
HTML_SUBMIT_FORMS_FROM = 0x00001602, | |
HTML_SUBMIT_FORMS_TO = 0x00001603, | |
HTML_FONT_DOWNLOAD = 0x00001604, | |
HTML_JAVA_RUN = 0x00001605, | |
HTML_USERDATA_SAVE = 0x00001606, | |
HTML_SUBFRAME_NAVIGATE = 0x00001607, | |
HTML_META_REFRESH = 0x00001608, | |
HTML_MIXED_CONTENT = 0x00001609, | |
HTML_INCLUDE_FILE_PATH = 0x0000160A, | |
HTML_MAX = 0x000017ff, | |
SHELL_MIN = 0x00001800, | |
SHELL_INSTALL_DTITEMS = 0x00001800, | |
SHELL_MOVE_OR_COPY = 0x00001802, | |
SHELL_FILE_DOWNLOAD = 0x00001803, | |
SHELL_VERB = 0x00001804, | |
SHELL_WEBVIEW_VERB = 0x00001805, | |
SHELL_SHELLEXECUTE = 0x00001806, | |
SHELL_EXECUTE_HIGHRISK = 0x00001806, | |
SHELL_EXECUTE_MODRISK = 0x00001807, | |
SHELL_EXECUTE_LOWRISK = 0x00001808, | |
SHELL_POPUPMGR = 0x00001809, | |
SHELL_RTF_OBJECTS_LOAD = 0x0000180A, | |
SHELL_ENHANCED_DRAGDROP_SECURITY = 0x0000180B, | |
SHELL_EXTENSIONSECURITY = 0x0000180C, | |
SHELL_SECURE_DRAGSOURCE = 0x0000180D, | |
SHELL_REMOTEQUERY = 0x0000180E, | |
SHELL_PREVIEW = 0x0000180F, | |
SHELL_CURR_MAX = 0x0000180F, | |
SHELL_MAX = 0x000019ff, | |
NETWORK_MIN = 0x00001A00, | |
CREDENTIALS_USE = 0x00001A00, | |
AUTHENTICATE_CLIENT = 0x00001A01, | |
COOKIES = 0x00001A02, | |
COOKIES_SESSION = 0x00001A03, | |
CLIENT_CERT_PROMPT = 0x00001A04, | |
COOKIES_THIRD_PARTY = 0x00001A05, | |
COOKIES_SESSION_THIRD_PARTY = 0x00001A06, | |
COOKIES_ENABLED = 0x00001A10, | |
NETWORK_CURR_MAX = 0x00001A10, | |
NETWORK_MAX = 0x00001Bff, | |
JAVA_MIN = 0x00001C00, | |
JAVA_PERMISSIONS = 0x00001C00, | |
JAVA_CURR_MAX = 0x00001C00, | |
JAVA_MAX = 0x00001Cff, | |
INFODELIVERY_MIN = 0x00001D00, | |
INFODELIVERY_NO_ADDING_CHANNELS = 0x00001D00, | |
INFODELIVERY_NO_EDITING_CHANNELS = 0x00001D01, | |
INFODELIVERY_NO_REMOVING_CHANNELS = 0x00001D02, | |
INFODELIVERY_NO_ADDING_SUBSCRIPTIONS = 0x00001D03, | |
INFODELIVERY_NO_EDITING_SUBSCRIPTIONS = 0x00001D04, | |
INFODELIVERY_NO_REMOVING_SUBSCRIPTIONS = 0x00001D05, | |
INFODELIVERY_NO_CHANNEL_LOGGING = 0x00001D06, | |
INFODELIVERY_CURR_MAX = 0x00001D06, | |
INFODELIVERY_MAX = 0x00001Dff, | |
CHANNEL_SOFTDIST_MIN = 0x00001E00, | |
CHANNEL_SOFTDIST_PERMISSIONS = 0x00001E05, | |
CHANNEL_SOFTDIST_MAX = 0x00001Eff, | |
DOTNET_USERCONTROLS = 0x00002005, | |
BEHAVIOR_MIN = 0x00002000, | |
BEHAVIOR_RUN = 0x00002000, | |
FEATURE_MIN = 0x00002100, | |
FEATURE_MIME_SNIFFING = 0x00002100, | |
FEATURE_ZONE_ELEVATION = 0x00002101, | |
FEATURE_WINDOW_RESTRICTIONS = 0x00002102, | |
FEATURE_SCRIPT_STATUS_BAR = 0x00002103, | |
FEATURE_FORCE_ADDR_AND_STATUS = 0x00002104, | |
FEATURE_BLOCK_INPUT_PROMPTS = 0x00002105, | |
FEATURE_DATA_BINDING = 0x00002106, | |
FEATURE_CROSSDOMAIN_FOCUS_CHANGE = 0x00002107, | |
AUTOMATIC_DOWNLOAD_UI_MIN = 0x00002200, | |
AUTOMATIC_DOWNLOAD_UI = 0x00002200, | |
AUTOMATIC_ACTIVEX_UI = 0x00002201, | |
ALLOW_RESTRICTEDPROTOCOLS = 0x00002300, | |
ALLOW_APEVALUATION = 0x00002301, | |
WINDOWS_BROWSER_APPLICATIONS = 0x00002400, | |
XPS_DOCUMENTS = 0x00002401, | |
LOOSE_XAML = 0x00002402, | |
LOWRIGHTS = 0x00002500, | |
WINFX_SETUP = 0x00002600, | |
INPRIVATE_BLOCKING = 0x00002700, | |
ALLOW_AUDIO_VIDEO = 0x00002701, | |
ALLOW_ACTIVEX_FILTERING = 0x00002702, | |
ALLOW_STRUCTURED_STORAGE_SNIFFING = 0x00002703, | |
} | |
public enum URLPOLICY : uint | |
{ | |
ALLOW = 0x00, | |
QUERY = 0x01, | |
DISALLOW = 0x03, | |
ACTIVEX_CHECK_LIST = 0x00010000, | |
CREDENTIALS_SILENT_LOGON_OK = 0x00000000, | |
CREDENTIALS_MUST_PROMPT_USER = 0x00010000, | |
CREDENTIALS_CONDITIONAL_PROMPT = 0x00020000, | |
CREDENTIALS_ANONYMOUS_ONLY = 0x00030000, | |
AUTHENTICATE_CLEARTEXT_OK = 0x00000000, | |
AUTHENTICATE_CHALLENGE_RESPONSE = 0x00010000, | |
AUTHENTICATE_MUTUAL_ONLY = 0x00030000, | |
JAVA_PROHIBIT = 0x00000000, | |
JAVA_HIGH = 0x00010000, | |
JAVA_MEDIUM = 0x00020000, | |
JAVA_LOW = 0x00030000, | |
JAVA_CUSTOM = 0x00800000, | |
CHANNEL_SOFTDIST_PROHIBIT = 0x00010000, | |
CHANNEL_SOFTDIST_PRECACHE = 0x00020000, | |
CHANNEL_SOFTDIST_AUTOINSTALL = 0x00030000, | |
BEHAVIOR_CHECK_LIST = 0x00010000, | |
} | |
[Guid("79eac9ee-baf9-11ce-8c82-00aa004ba90b")] | |
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] | |
[ComImport] | |
public interface IInternetSecurityManager | |
{ | |
[PreserveSig] | |
uint SetSecuritySite( | |
[In] IntPtr pSite); | |
[PreserveSig] | |
uint GetSecuritySite( | |
out IntPtr pSite); | |
[PreserveSig] | |
uint MapUrlToZone( | |
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszUrl, | |
out uint pdwZone, | |
[In] uint dwFlags); | |
[PreserveSig] | |
uint GetSecurityId( | |
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszUrl, | |
[Out] IntPtr pbSecurityId, [In, Out] ref uint pcbSecurityId, | |
[In] ref uint dwReserved); | |
[PreserveSig] | |
uint ProcessUrlAction( | |
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszUrl, | |
uint dwAction, | |
IntPtr pPolicy, uint cbPolicy, | |
IntPtr pContext, uint cbContext, | |
uint dwFlags, | |
uint dwReserved); | |
[PreserveSig] | |
uint QueryCustomPolicy( | |
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszUrl, | |
ref Guid guidKey, | |
out IntPtr ppPolicy, out uint pcbPolicy, | |
IntPtr pContext, uint cbContext, | |
uint dwReserved); | |
[PreserveSig] | |
uint SetZoneMapping( | |
uint dwZone, | |
[In, MarshalAs(UnmanagedType.LPWStr)] string lpszPattern, | |
uint dwFlags); | |
[PreserveSig] | |
uint GetZoneMappings( | |
[In] uint dwZone, | |
IntPtr ppenumString, | |
[In] uint dwFlags); | |
} | |
[Guid("79eac9ef-baf9-11ce-8c82-00aa004ba90b")] | |
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] | |
[ComImport] | |
public interface IInternetZoneManager | |
{ | |
[PreserveSig] | |
uint GetZoneAttributes( | |
uint dwZone, | |
IntPtr pZoneAttributes); | |
[PreserveSig] | |
uint SetZoneAttributes( | |
uint dwZone, | |
IntPtr pZoneAttributes); | |
[PreserveSig] | |
uint GetZoneCustomPolicy( | |
uint dwZone, | |
ref Guid guidKey, | |
out IntPtr ppPolicy, | |
ref uint pcbPolicy, | |
uint urlZoneReg); | |
[PreserveSig] | |
uint SetZoneCustomPolicy( | |
uint dwZone, | |
ref Guid guidKey, | |
IntPtr pPolicy, | |
uint cbPolicy, | |
uint urlZoneReg); | |
[PreserveSig] | |
uint GetZoneActionPolicy( | |
uint dwZone, | |
uint dwAction, | |
IntPtr pPolicy, | |
uint cbPolicy, | |
uint urlZoneReg); | |
[PreserveSig] | |
uint SetZoneActionPolicy( | |
uint dwZone, | |
uint dwAction, | |
IntPtr pPolicy, | |
uint cbPolicy, | |
uint urlZoneReg); | |
[PreserveSig] | |
uint PromptAction(uint dwAction, | |
IntPtr hwndParent, | |
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszUrl, | |
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszText, | |
uint dwPromptFlags); | |
[PreserveSig] | |
uint LogAction( | |
uint dwAction, | |
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszUrl, | |
[In, MarshalAs(UnmanagedType.LPWStr)] string pwszText, | |
uint dwLogFlags); | |
[PreserveSig] | |
uint CreateZoneEnumerator( | |
ref uint pdwEnum, | |
ref uint pdwCount, | |
uint dwFlags); | |
[PreserveSig] | |
uint GetZoneAt( | |
uint dwEnum, | |
uint dwIndex, | |
ref uint pdwZone); | |
[PreserveSig] | |
uint DestroyZoneEnumerator( | |
uint dwEnum); | |
[PreserveSig] | |
uint CopyTemplatePoliciesToZone( | |
uint dwTemplate, | |
uint dwZone, | |
uint dwReserved); | |
} | |
public static class UrlMon | |
{ | |
[DllImport("urlmon.dll")] | |
public static extern uint CoInternetCreateSecurityManager(IntPtr pSP, | |
[MarshalAs(UnmanagedType.IUnknown)] out object ppISM, uint dwReserved); | |
[DllImport("urlmon.dll")] | |
public static extern uint CoInternetCreateZoneManager(IntPtr pSP, | |
[MarshalAs(UnmanagedType.IUnknown)] out object ppIZM, uint dwReserved); | |
} | |
} | |
namespace UrlMon.InternetSecurityZones | |
{ | |
using System; | |
public static class InternetSecurityManager | |
{ | |
private static readonly IInternetSecurityManager iface; | |
static InternetSecurityManager() | |
{ | |
UrlMon.CoInternetCreateSecurityManager(IntPtr.Zero, out object pUnk, 0); | |
iface = (IInternetSecurityManager)pUnk; | |
} | |
public static uint CreateZoneMapping(URLZONE zone, string pattern) | |
{ | |
// ERROR_FILE_EXISTS (0x80070050) | |
return SetZoneMapping(zone, pattern, SZM_FLAGS.CREATE); | |
} | |
public static uint DeleteZoneMapping(URLZONE zone, string pattern) | |
{ | |
return SetZoneMapping(zone, pattern, SZM_FLAGS.DELETE); | |
} | |
public static uint SetZoneMapping(URLZONE zone, string pattern, SZM_FLAGS flags) | |
{ | |
return iface.SetZoneMapping((uint)zone, pattern, (uint)flags); | |
} | |
public static uint MapUrlToZone(string url, ref uint zone, uint flags) | |
{ | |
return iface.MapUrlToZone(url, out zone, flags); | |
} | |
public static bool IsIntranetSite(string url) | |
{ | |
uint zone = 0; | |
if (MapUrlToZone(url, ref zone, 0) != 0) | |
{ | |
return false; | |
} | |
return (zone == (uint)URLZONE.INTRANET); | |
} | |
public static bool EnsureIntranetSite(string url) | |
{ | |
if (!IsIntranetSite(url)) | |
{ | |
// returns true if intranet zone mapping was added | |
return CreateZoneMapping(URLZONE.INTRANET, url) == 0; | |
} | |
return false; // no zone mapping was added (already an intranet site) | |
} | |
public static string GetMappedSiteUrl(string url) | |
{ | |
Uri uri = new Uri(url); | |
return string.Format("{0}://{1}", uri.Scheme, uri.Host); | |
} | |
public static bool CanUseDefaultCredentials(string url) | |
{ | |
uint policy = 0; | |
bool canUse; | |
unsafe | |
{ | |
uint* ptrPolicy = (uint*)policy; | |
IntPtr pPolicy = new IntPtr(ptrPolicy); | |
uint cbPolicy = sizeof(uint); | |
var hr = iface.ProcessUrlAction(url, | |
(uint)URLACTION.CREDENTIALS_USE, | |
pPolicy, cbPolicy, | |
IntPtr.Zero, 0, | |
(uint)PUAF.NOUI, 0); | |
if (hr != 0) | |
{ | |
return false; | |
} | |
} | |
if (policy == (uint)URLPOLICY.CREDENTIALS_SILENT_LOGON_OK) | |
{ | |
canUse = true; | |
} | |
else if (policy == (uint)URLPOLICY.CREDENTIALS_CONDITIONAL_PROMPT) | |
{ | |
uint zone = 0; | |
if (MapUrlToZone(url, ref zone, 0) != 0) | |
{ | |
return false; | |
} | |
canUse = (zone <= (uint)URLZONE.INTRANET); | |
} | |
else if (policy == (uint)URLPOLICY.CREDENTIALS_MUST_PROMPT_USER) | |
{ | |
canUse = false; | |
} | |
else if (policy == (uint)URLPOLICY.CREDENTIALS_ANONYMOUS_ONLY) | |
{ | |
canUse = false; | |
} | |
else | |
{ | |
canUse = false; | |
} | |
return canUse; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment