Controlling Windows Firewall in C# for Windows 7 and Xp Sp3

Ankesh picture Ankesh · Mar 20, 2012 · Viewed 7.2k times · Source

I here have a code working perfect in Windows 7 i took help from this post....

The problem comes when that same code in compiled on Win Xp Sp3 PC. Its does not comile... says interface missing (error) ....

I cant seem to figure out. I have added reference again to hnetcfg.dll (COM APi reference) for windows xp (in windows 7 i have to add nother dll "FirewallAPi.dll") to project

using NATUPNPLib;
using NETCONLib;
using NetFwTypeLib;

But still the interfaces and other classes are not visible to VS

pardon for posting the whole code

Classes

Firewall manager

using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Runtime.InteropServices;
using NATUPNPLib;
using NETCONLib;
using NetFwTypeLib;

namespace WindowsFirewallManager
{
/// Allows basic access to the windows firewall API.
/// This can be used to add an exception to the windows firewall
/// exceptions list
public class FirewallHelper
{
    #region Variables

    /// Hooray! Singleton access.
    private static FirewallHelper instance;

    /// Interface to the firewall manager COM object
    private INetFwMgr fireWallManager = null;
    

    #endregion

    #region Properties

    /// Singleton access to the firewallhelper object.
    /// Threadsafe.
    public static FirewallHelper Instance
    {
        get
        {
            lock (typeof (FirewallHelper))
            {
                return instance ?? (instance = new FirewallHelper());
            }
        }
    }

    #endregion

    #region Constructivat0r

    /// Private Constructor.  
    /// If this fails, HasFirewall will return false
    private FirewallHelper()
    {
        // Get the type of HNetCfg.FwMgr, or null if an error occurred
        Type fwMgrType = Type.GetTypeFromProgID("HNetCfg.FwMgr", false);

        // Assume failed.
        fireWallManager = null;

        if (fwMgrType != null)
        {
            try
            {
                fireWallManager =
                    (INetFwMgr) Activator.CreateInstance(fwMgrType);
            }
                // In all other circumnstances, fireWallManager is null.
            catch (ArgumentException)
            {
            }
            catch (NotSupportedException)
            {
            }
            catch (TargetInvocationException)
            {
            }
            catch (MissingMethodException)
            {
            }
            catch (MethodAccessException)
            {
            }
            catch (MemberAccessException)
            {
            }
            catch (InvalidComObjectException)
            {
            }
            catch (COMException)
            {
            }
            catch (TypeLoadException)
            {
            }
        }
    }

    #endregion

    #region Helper Methods

    /// Gets whether or not the firewall is installed on this computer.
    public bool IsFirewallInstalled
    {
        get
        {
            return fireWallManager != null &&
                   fireWallManager.LocalPolicy != null &&
                   fireWallManager.LocalPolicy.CurrentProfile != null;
        }
    }

    /// Returns whether or not the firewall is enabled.
    /// If the firewall is not installed, this returns false.
    public bool IsFirewallEnabled
    {
        get
        {
            return IsFirewallInstalled &&
                   fireWallManager.LocalPolicy.CurrentProfile.
                       FirewallEnabled;
        }
    }

    /// Returns whether or not the firewall allows Application "Exceptions".
    /// If the firewall is not installed, this returns false.
    /// 
    /// 
    /// Added to allow access to this method
    public bool AppAuthorizationsAllowed
    {
        get
        {
            return IsFirewallInstalled &&
                   !fireWallManager.LocalPolicy.CurrentProfile.
                        ExceptionsNotAllowed;
        }
    }

    /// Adds an application to the list of authorized applications.
    /// If the application is already authorized, does nothing.
    /// 
    /// 
    /// The full path to the application executable.  This cannot
    /// be blank, and cannot be a relative path.
    /// 
    /// 
    /// This is the name of the application, purely for display
    /// puposes in the Microsoft Security Center.
    /// 
    /// 
    /// When applicationFullPath is null OR
    /// When appName is null.
    /// 
    /// 
    /// When applicationFullPath is blank OR
    /// When appName is blank OR
    /// applicationFullPath contains invalid path characters OR
    /// applicationFullPath is not an absolute path
    /// 
    /// 
    /// If the firewall is not installed OR
    /// If the firewall does not allow specific application 'exceptions' OR
    /// Due to an exception in COM this method could not create the
    /// necessary COM types
    /// 
    /// 
    /// If no file exists at the given applicationFullPath
    public void GrantAuthorization(string applicationFullPath,
                                   string appName,
                                   NET_FW_SCOPE_ scope,
                                   NET_FW_IP_VERSION_ ipVersion)
    {
        #region  Parameter checking

        if (applicationFullPath == null)
            throw new ArgumentNullException("applicationFullPath");
        if (appName == null)
            throw new ArgumentNullException("appName");
        if (applicationFullPath.Trim().Length == 0)
            throw new ArgumentException(
                "applicationFullPath must not be blank");
        if (applicationFullPath.Trim().Length == 0)
            throw new ArgumentException("appName must not be blank");
        if (applicationFullPath.IndexOfAny(Path.InvalidPathChars) >= 0)
            throw new ArgumentException(
                "applicationFullPath must not contain invalid path characters");
        if (!Path.IsPathRooted(applicationFullPath))
            throw new ArgumentException(
                "applicationFullPath is not an absolute path");
        if (!File.Exists(applicationFullPath))
            throw new FileNotFoundException("File does not exist",
                                            applicationFullPath);

        // State checking
        if (!IsFirewallInstalled)
            throw new FirewallHelperException(
                "Cannot grant authorization: Firewall is not installed.");
        if (!AppAuthorizationsAllowed)
            throw new FirewallHelperException(
                "Application exemptions are not allowed.");

        #endregion

        if (!HasAuthorization(applicationFullPath))
        {
            // Get the type of HNetCfg.FwMgr, or null if an error occurred
            Type authAppType =
                Type.GetTypeFromProgID("HNetCfg.FwAuthorizedApplication",
                                       false);

            // Assume failed.
            INetFwAuthorizedApplication appInfo = null;

            if (authAppType != null)
            {
                try
                {
                    appInfo =
                        (INetFwAuthorizedApplication)
                        Activator.CreateInstance(authAppType);
                }
                    // In all other circumnstances, appInfo is null.
                catch (ArgumentException)
                {
                }
                catch (NotSupportedException)
                {
                }
                catch (TargetInvocationException)
                {
                }
                catch (MissingMethodException)
                {
                }
                catch (MethodAccessException)
                {
                }
                catch (MemberAccessException)
                {
                }
                catch (InvalidComObjectException)
                {
                }
                catch (COMException)
                {
                }
                catch (TypeLoadException)
                {
                }
            }

            if (appInfo == null)
                throw new FirewallHelperException(
                    "Could not grant authorization: can't create INetFwAuthorizedApplication instance.");

            appInfo.Name = appName;
            appInfo.ProcessImageFileName = applicationFullPath;
            appInfo.Scope = scope;
            appInfo.IpVersion = ipVersion;
            appInfo.Enabled = true;
            // ...
            // Use defaults for other properties of the AuthorizedApplication COM object

            // Authorize this application
            fireWallManager.LocalPolicy.CurrentProfile.
                AuthorizedApplications.Add(appInfo);
        }
        // otherwise it already has authorization so do nothing
    }

    /// Removes an application to the list of authorized applications.
    /// Note that the specified application must exist or a FileNotFound
    /// exception will be thrown.
    /// If the specified application exists but does not current have
    /// authorization, this method will do nothing.
    /// 
    /// 
    /// The full path to the application executable.  This cannot
    /// be blank, and cannot be a relative path.
    /// 
    /// 
    /// When applicationFullPath is null
    /// 
    /// 
    /// When applicationFullPath is blank OR
    /// applicationFullPath contains invalid path characters OR
    /// applicationFullPath is not an absolute path
    /// 
    /// 
    /// If the firewall is not installed.
    /// 
    /// 
    /// If the specified application does not exist.
    public void RemoveAuthorization(string applicationFullPath)
    {
        #region  Parameter checking

        if (applicationFullPath == null)
            throw new ArgumentNullException("applicationFullPath");
        if (applicationFullPath.Trim().Length == 0)
            throw new ArgumentException(
                "applicationFullPath must not be blank");
        if (applicationFullPath.IndexOfAny(Path.InvalidPathChars) >= 0)
            throw new ArgumentException(
                "applicationFullPath must not contain invalid path characters");
        if (!Path.IsPathRooted(applicationFullPath))
            throw new ArgumentException(
                "applicationFullPath is not an absolute path");
        if (!File.Exists(applicationFullPath))
            throw new FileNotFoundException("File does not exist",
                                            applicationFullPath);
        // State checking
        if (!IsFirewallInstalled)
            throw new FirewallHelperException(
                "Cannot remove authorization: Firewall is not installed.");

        #endregion

        if (HasAuthorization(applicationFullPath))
        {
            // Remove Authorization for this application
            fireWallManager.LocalPolicy.CurrentProfile.
                AuthorizedApplications.Remove(applicationFullPath);
        }
        // otherwise it does not have authorization so do nothing
    }

    /// Returns whether an application is in the list of authorized applications.
    /// Note if the file does not exist, this throws a FileNotFound exception.
    /// 
    /// 
    /// The full path to the application executable.  This cannot
    /// be blank, and cannot be a relative path.
    /// 
    /// 
    /// The full path to the application executable.  This cannot
    /// be blank, and cannot be a relative path.
    /// 
    /// 
    /// When applicationFullPath is null
    /// 
    /// 
    /// When applicationFullPath is blank OR
    /// applicationFullPath contains invalid path characters OR
    /// applicationFullPath is not an absolute path
    /// 
    /// 
    /// If the firewall is not installed.
    /// 
    /// 
    /// If the specified application does not exist.
    public bool HasAuthorization(string applicationFullPath)
    {
        #region  Parameter checking

        if (applicationFullPath == null)
            throw new ArgumentNullException("applicationFullPath");
        if (applicationFullPath.Trim().Length == 0)
            throw new ArgumentException(
                "applicationFullPath must not be blank");
        if (applicationFullPath.IndexOfAny(Path.InvalidPathChars) >= 0)
            throw new ArgumentException(
                "applicationFullPath must not contain invalid path characters");
        if (!Path.IsPathRooted(applicationFullPath))
            throw new ArgumentException(
                "applicationFullPath is not an absolute path");
        if (!File.Exists(applicationFullPath))
            throw new FileNotFoundException("File does not exist.",
                                            applicationFullPath);
        // State checking
        if (!IsFirewallInstalled)
            throw new FirewallHelperException(
                "Cannot remove authorization: Firewall is not installed.");

        #endregion

        // Locate Authorization for this application
        return
            GetAuthorizedAppPaths().Cast<string>().Any(
                appName =>
                appName.ToLower() == applicationFullPath.ToLower());

        // Failed to locate the given app.
    }

    /// Retrieves a collection of paths to applications that are authorized.
    /// 
    /// 
    /// 
    /// If the Firewall is not installed.
    public ICollection GetAuthorizedAppPaths()
    {
        // State checking
        if (!IsFirewallInstalled)
            throw new FirewallHelperException(
                "Cannot remove authorization: Firewall is not installed.");

        ArrayList list = new ArrayList();
        //  Collect the paths of all authorized applications
        foreach (
            INetFwAuthorizedApplication app in
                fireWallManager.LocalPolicy.CurrentProfile.
                    AuthorizedApplications)
            list.Add(app.ProcessImageFileName);

        return list;
    }

    #endregion
}
}

Exception

using System;

namespace WindowsFirewallManager
{
/// 
/// Describes a FirewallHelperException.
/// 
public class FirewallHelperException : Exception
{
    /// 
    /// Construct a new FirewallHelperException
    /// 
    /// 
    public FirewallHelperException(string message)
        : base(message)
    { }
}
}

How can i make the FirewallManager Compatibel with both OS Versions or anyother way if possible

thanks for the help....

Answer

Hans Passant picture Hans Passant · Mar 20, 2012

It is explicitly mentioned in the Remarks section of the MSDN article for INetFwMgr:

Windows Vista: Windows Vista users must use applications developed in Windows Vista for all methods and properties of this interface.

Which is a somewhat crummy way to say that the INetFwMgr interface implementation was replaced in Vista. It got a new IID so if you built your program on a machine that runs Vista or higher then your program will fall over on XP. You'll need to create a special build of your program for XP users. You'll need to do so by using the type library that's embedded in the XP version of c:\windows\system32\firewallapi.dll. Get the interop library by running tlbimp.exe on that DLL. Having a machine or VM that boots XP will of course be a good way to get a copy of that DLL and to test your build.