internal static int MapUrlToZoneWrapper(Uri uri)
{
int targetZone = NativeMethods.URLZONE_LOCAL_MACHINE; // fail securely this is the most priveleged zone
int hr = NativeMethods.S_OK;
object curSecMgr = null;
hr = NativeMethods.CoInternetCreateSecurityManager(
null,
out curSecMgr,
0);
if (NativeMethods.Failed(hr))
{
throw new Win32Exception(hr);
}
NativeMethods.IInternetSecurityManager pSec = (NativeMethods.IInternetSecurityManager)curSecMgr;
string uriString = BindUriHelper.UriToString(uri);
//
// special case the condition if file is on local machine or UNC to ensure that content with mark of the web
// does not yield with an internet zone result
//
if (uri.IsFile)
{
pSec.MapUrlToZone(uriString, out targetZone, NativeMethods.MUTZ_NOSAVEDFILECHECK);
}
else
{
pSec.MapUrlToZone(uriString, out targetZone, 0);
}
//
// This is the condition for Invalid zone
//
if (targetZone < 0)
{
throw new SecurityException("The URI specified is invalid.");
}
pSec = null;
curSecMgr = null;
return(targetZone);
}
internal static void DemandWebPermission(Uri uri)
{
// We do this first as a security measure since the call below
// checks for derivatives. Please note we need to extract the
// string to call into WebPermission anyways, the only thing that
// doing this early gains us is a defense in depth measure. The call
// is required nevertheless.
string finalUri = BindUriHelper.UriToString(uri);
if (uri.IsFile)
{
// If the scheme is file: demand file io
string toOpen = uri.LocalPath;
(new FileIOPermission(FileIOPermissionAccess.Read, toOpen)).Demand();
}
else
{
// else demand web permissions
new WebPermission(NetworkAccess.Connect, finalUri).Demand();
}
}
