SAMPLE: Secumgr.exe Overrides Security Manager for WebBrowser Host

Article translations Article translations
Article ID: 246227
Expand all | Collapse all

Summary

Secumgr.exe is a sample that demonstrates how to override the default security manager in a Microsoft Foundation Classes-based WebBrowser control host.

More information

The following file is available for download from the Microsoft Download Center:
Secumgr.exe
Release Date: Nov-15-1999

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. SECUMGR is an MFC dialog-based application that hosts the WebBrowser control. It exposes an implementation of the IInternetSecurityManager interface from the control site, which is used by the WebBrowser to override traditional security decisions. The highlighted function in this sample is ProcessUrlAction in the Custsite.cpp.

The sample provides a handful of check boxes to the user for disabling security-related functionality. These buttons map to URLACTIONs that are passed in to ProcessUrlAction. SECUMGR passes back the correct URLPOLICY to enable or disable these features (ActiveX, Script, Java) as requested. Note that most security decisions are made during page load and are not modifiable on the fly.

Not all URLACTIONs can be set to a lower security policy. For example, in Internet Explorer 5.0, you cannot change the action for URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX from URLPOLICY_QUERY to URLPOLICY_ALLOW.

NOTE: In order to implement the IInternetSecurityManager interface on the control site, SECUMGR uses an unofficial technique that may not work correctly in future MFC versions. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
196835 HOWTO: Override the MFC Default Control Containment

References

For more information, see the following Microsoft Web site:
URL Security Zones Overview
http://msdn2.microsoft.com/library/ms537183.aspx

Properties

Article ID: 246227 - Last Review: June 19, 2014 - Revision: 4.0
Keywords: 
kbdownload kbfile kbinfo kbsample kbsecurity kburlmon kbwebbrowser KB246227
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com