Creating a Customized URL Security Manager

Creating a Customized URL Security Manager


A customized URL security manager can be created for applications that host either the WebBrowser control or IE4/MSHTML by implementing the IInternetSecurityManager interface. Most of the IInternetSecurityManager methods, except IInternetSecurityManager::ProcessUrlAction, would only need to return INET_E_DEFAULT_ACTION to defer the call to the default security manager.

The following example shows an implementation of the IInternetSecurityManager::ProcessUrlAction method for a customized security manager that wants to require that data be encrypted.

HRESULT MySecurityManager::ProcessUrlAction(
    LPWSTR pwszUrl, 
    DWORD dwAction,
    BYTE *pPolicy,
    DWORD cbPolicy,
    DWORD dwReserved
)
{
    DWORD dwPolicy = URLPOLICY_ENCRYPT_REQUIRED;

    if (dwAction == URLACTION_ENCRYPT_DATA)
    {
        if (cbPolicy >= sizeof (DWORD))
         {   
                *(DWORD *)pPolicy = dwPolicy;
                return S_OK;
        }
        else
            return S_FALSE;
    }      
    else
        return INET_E_DEFAULT_ACTION;
}

Note The Internet Exporer 4.0 default security manager cannot be replaced by a customized security manager.

© 1997 Microsoft Corporation. All rights reserved. Terms of Use.