Security Level for WebBrowser control

jaywon picture jaywon · Apr 5, 2010 · Viewed 11.3k times · Source

I am trying to migrate an .hta application to a C# executable. Of course, since it's an .hta the code is all HTML and Jscript, with calls to local ActiveX objects.

I created a C# executable project and am just using the WebBrowser control to display the HTML content. Simply renamed the .hta to an .html and took out the HTA declarations.

Everything works great, except that when I make calls to the ActiveX objects, I get a security popup warning of running an ActiveX control on the page.

I understand why this is happening since the WebBrowser control is essentially IE and uses the Internet Options security settings, but is there any way to get the WebBrowser control to bypass security popups, or a way to register the executable or DLLs as being trusted without having to change settings in Internet Options? Even a way to do on a deployment package would work as well.

Answer

KMån picture KMån · Apr 5, 2010

WebBrowser is an instance of Internet Explorer, and inherits security settings from IE.

One way could be to change the security settings defined in IE.

The other way could be to add a Custom Security Manager by implementing IInternetSecurityManager interface.

The WebBrowser Control or MSHTML hosts could create a security manager (by implementing the IInternetSecurityManager interface) that handles the URL actions and policies that are important to the host. Other URL actions and policies would be passed to the default security manager so it could handle them appropriately. The IInternetSecurityMgrSite interface would be used to handle Windows-related information from the component so that the customized security manager could handle any user interface it required. -