访问文件夹时,Webbrowser 控件身份验证不起作用
Posted
技术标签:
【中文标题】访问文件夹时,Webbrowser 控件身份验证不起作用【英文标题】:Webbrowser control authenticate not working when access file folder 【发布时间】:2011-07-06 04:13:49 【问题描述】:我有一个 .Net 2.0 WinForm 应用程序,它有一个 WebBrowser 控件,用于访问一个安全的网络驱动器,这个网络驱动器只授予少数特殊帐户的访问权限,应用程序需要模拟一个阅读器帐户来阅读PDF 文件。
我使用了 LogonUser 并且应用程序能够模拟读者帐户以查看文件夹下的文件名,但是当我使用 webBrowser1.Navigate(new Uri(filePath))m 时,我被拒绝访问。
所以经过研究,我知道我必须做我以前从未使用过的 COM 的东西。好的,经过几个小时的在线和试验/错误,我使用了 IAuthenticate、IOleClientSite、IServiceProvider,我得到了结构,它可以很好地使用提供的用户凭据访问安全网站,它不会弹出框询问输入用户名和密码,将正确打开网站。
但是,如果我将网站 URL 替换为安全文件路径,它根本不起作用。
Web 浏览器实际上不需要 LogOnUser 模拟内容来访问此处的安全网站。但是我不知道访问文件夹是否需要它。我尝试添加 LogOnUser 并包装 webbrowser.Navigate(path),它没有帮助。
为什么这适用于网站而不是文件夹?
我使用的完整测试代码粘贴在这里:
using System;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using System.Runtime.CompilerServices;
using System.Security.Principal; // WindowsImpersonationContext
using System.Security.Permissions; // PermissionSetAttribute
using Microsoft.Win32.SafeHandles;
using System.Runtime.ConstrainedExecution;
using System.Security;
namespace WebAuthenticateTest
#region COM Interfaces
[ComImport,
Guid("00000112-0000-0000-C000-000000000046"),
InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
public interface IOleObject
void SetClientSite(IOleClientSite pClientSite);
void GetClientSite(IOleClientSite ppClientSite);
void SetHostNames(object szContainerApp, object szContainerObj);
void Close(uint dwSaveOption);
void SetMoniker(uint dwWhichMoniker, object pmk);
void GetMoniker(uint dwAssign, uint dwWhichMoniker, object ppmk);
void InitFromData(IDataObject pDataObject, bool
fCreation, uint dwReserved);
void GetClipboardData(uint dwReserved, IDataObject ppDataObject);
void DoVerb(uint iVerb, uint lpmsg, object pActiveSite,
uint lindex, uint hwndParent, uint lprcPosRect);
void EnumVerbs(object ppEnumOleVerb);
void Update();
void IsUpToDate();
void GetUserClassID(uint pClsid);
void GetUserType(uint dwFormOfType, uint pszUserType);
void SetExtent(uint dwDrawAspect, uint psizel);
void GetExtent(uint dwDrawAspect, uint psizel);
void Advise(object pAdvSink, uint pdwConnection);
void Unadvise(uint dwConnection);
void EnumAdvise(object ppenumAdvise);
void GetMiscStatus(uint dwAspect, uint pdwStatus);
void SetColorScheme(object pLogpal);
[ComImport,
Guid("00000118-0000-0000-C000-000000000046"),
InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
public interface IOleClientSite
void SaveObject();
void GetMoniker(uint dwAssign, uint dwWhichMoniker, object ppmk);
void GetContainer(object ppContainer);
void ShowObject();
void OnShowWindow(bool fShow);
void RequestNewObjectLayout();
[ComImport,
GuidAttribute("6d5140c1-7436-11ce-8034-00aa006009fa"),
InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown),
ComVisible(false)]
public interface IServiceProvider
[return: MarshalAs(UnmanagedType.I4)]
[PreserveSig]
int QueryService(ref Guid guidService, ref Guid riid, out IntPtr
ppvObject);
[ComImport, GuidAttribute("79EAC9D0-BAF9-11CE-8C82-00AA004BA90B"),
InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown),
ComVisible(false)]
public interface IAuthenticate
[return: MarshalAs(UnmanagedType.I4)]
[PreserveSig]
int Authenticate(ref IntPtr phwnd,
ref IntPtr pszUsername,
ref IntPtr pszPassword
);
#endregion
public partial class Form1 : Form, IOleClientSite, IServiceProvider, IAuthenticate
public static Guid IID_IAuthenticate = new Guid("79eac9d0-baf9-11ce-8c82-00aa004ba90b");
public static Guid SID_IAuthenticate = new Guid("79eac9d0-baf9-11ce-8c82-00aa004ba90b");
public const int INET_E_DEFAULT_ACTION = unchecked((int)0x800C0011);
public const int S_OK = unchecked((int)0x00000000);
private WindowsIdentity impersonateID; //impersonate user to access Picis PDF file folder.
private bool logonFail = false;
public Form1()
InitializeComponent();
GetImpersonateID();
string oURL = "about:blank";
webBrowser1.Navigate(oURL);
object obj = webBrowser1.ActiveXInstance;
IOleObject oc = obj as IOleObject;
oc.SetClientSite(this as IOleClientSite);
System.IntPtr ppvServiceProvider;
IServiceProvider sp = obj as IServiceProvider;
sp.QueryService(ref SID_IAuthenticate, ref IID_IAuthenticate, out ppvServiceProvider);
private void button1_Click(object sender, EventArgs e)
using (WindowsImpersonationContext impersonatedUser = impersonateID.Impersonate())
string oURL = "\\\\mydrive\\Reports\\Test\\Test.PDF";
webBrowser1.Navigate(new Uri(oURL));
#region IOleClientSite Members
public void SaveObject()
// TODO: Add Form1.SaveObject implementation
public void GetMoniker(uint dwAssign, uint dwWhichMoniker, object
ppmk)
// TODO: Add Form1.GetMoniker implementation
public void GetContainer(object ppContainer)
ppContainer = this;
public void ShowObject()
// TODO: Add Form1.ShowObject implementation
public void OnShowWindow(bool fShow)
// TODO: Add Form1.OnShowWindow implementation
public void RequestNewObjectLayout()
// TODO: Add Form1.RequestNewObjectLayout implementation
#endregion
#region IServiceProvider Members
public int QueryService(ref Guid guidService, ref Guid riid, out IntPtr ppvObject)
int nRet = guidService.CompareTo(IID_IAuthenticate); // Zero returned if the compared objects are equal
if (nRet == 0)
nRet = riid.CompareTo(IID_IAuthenticate); // Zero returned if the compared objects are equal
if (nRet == 0)
ppvObject = Marshal.GetComInterfaceForObject(this,
typeof(IAuthenticate));
return S_OK;
ppvObject = new IntPtr();
return INET_E_DEFAULT_ACTION;
#endregion
#region IAuthenticate Members
public int Authenticate(ref IntPtr phwnd, ref IntPtr pszUsername, ref IntPtr pszPassword)
IntPtr sUser = Marshal.StringToCoTaskMemAuto("Read");
IntPtr sPassword = Marshal.StringToCoTaskMemAuto("mypwd");
pszUsername = sUser;
pszPassword = sPassword;
return S_OK;
#endregion
#region Impersonate code
//create a impersonate context
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
int dwLogonType, int dwLogonProvider, out SafeTokenHandle phToken);
/* [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);*/
/// <summary>
/// Prepare a WindowsIdentity that has read access to the PDF file folder
/// </summary>
private void GetImpersonateID()
SafeTokenHandle safeTokenHandle = null;
string user = "Read";
string domainName = "mydomain";
string pwd = "mypwd";
try
const int LOGON32_PROVIDER_DEFAULT = 0;
//This parameter causes LogonUser to create a primary token.
const int LOGON32_LOGON_INTERACTIVE = 2;
// Call LogonUser to obtain a handle to an access token.
bool returnValue = LogonUser(user, domainName, pwd,
LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
out safeTokenHandle);
if (returnValue)//user successfully logon
impersonateID = new WindowsIdentity(safeTokenHandle.DangerousGetHandle());
else //error impersonate identity
int ret = Marshal.GetLastWin32Error();
throw new System.ComponentModel.Win32Exception(ret);
catch (Exception ex)
logonFail = true;
finally
if (safeTokenHandle != null)
//safeTokenHandle.Dispose();
int i = 1;
#endregion
public sealed class SafeTokenHandle : SafeHandleZeroOrMinusOneIsInvalid
private SafeTokenHandle()
: base(true)
[DllImport("kernel32.dll")]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
[SuppressUnmanagedCodeSecurity]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CloseHandle(IntPtr handle);
protected override bool ReleaseHandle()
return CloseHandle(handle);
【问题讨论】:
【参考方案1】:网页浏览器仅在托管 MShtml 文档时查询 IAuthenticate。如果文档是 defview,请尝试使用显式用户凭据的 WNetAddConnection3
【讨论】:
以上是关于访问文件夹时,Webbrowser 控件身份验证不起作用的主要内容,如果未能解决你的问题,请参考以下文章
C#webbrowser 跨域访问时 如何获得对此网页的绝对权限
WPF使用webbrowser控件时,每次打开都显示“Web浏览器已经限制此文件显示可能访问您的计算机的活动内容“,解决办法