如何阻止下载的.NET WebBrowser控件? [英] How to block downloads in .NET WebBrowser control?
问题描述
我需要prevent的.NET WebBrowser控件无法显示任何你想打开或保存此文件?和另存为对话框。相反,我想显示一个消息框,告诉用户该文件下载是出于安全原因关闭。
I need to prevent the .NET WebBrowser control from showing any "Do you want to open or save this file?" and "Save As" dialogs. Instead, I want to display a message box telling users that file downloads are disabled for security reasons.
我开始与 web浏览器的 FileDownload 事件,但它不允许取消。然后,我用的方法<一href="http://www.$c$cproject.com/KB/cpp/ExtendedWebBrowser.aspx?fid=285594&select=2560552">$c$cProject:扩展.NET 2.0 WebBrowser控件在原有基础上COM调用使用接口 DWebBrowserEvents2 来实现我自己的事件。当我按照
I started with the FileDownload event of WebBrowser, but it does not allow cancellation. Then, I used the approach from CodeProject: Extended .NET 2.0 WebBrowser Control to implement my own event based on the original COM call using the interface DWebBrowserEvents2. When I fixed the code according to an MS knowledge base entry about a bug with the FileDownload signature, the event handler was called and I was able to cancel the download.
这并不与所有的下载工作,虽然:下载指向包括URL网址的.exe 引发事件,因此可以取消出现的对话框之前 - 但对于其他人(如。做),该事件处理函数不是调用,直到用户点击打开,保存或取消在对话框中。
This does not work with all downloads, though: download URLs pointing to an URL including .exe raise the event and can be cancelled before the dialog appears - but for others (like .do), the event handler is not called until the user clicks Open, Save or Cancel in the dialog.
一个可能的解决方案可能是拦截 WH_CALLWNDPROCRET 面前的对话框显示给用户,但它听起来像很多努力,我也会preFER一个清洁的解决方案的信息和答案......
A possible solution might be to intercept WH_CALLWNDPROCRET messages and 'answer' the dialog before it is shown to the user, but it sounds like much effort and I also would prefer a cleaner solution...
是否有人知道如何可靠地阻止所有下载?
Does anybody know how to reliably block all downloads?
推荐答案
您可以使用导航事件,允许取消。
You could use Navigating event which allows cancellation.
在这个事件中,你可以尝试连接到URL,它正在被导航自己,检查HTTP响应头和取消导航如果检测到不适当的ContentType。
Inside of this event, you could try to connect to URL that's being navigated yourself, inspect http response headers and cancel navigating if inappropriate ContentType is detected.
System.Net.WebRequest request = System.Net.WebRequest.Create(e.Url);
// we need only header part of http response
request.Method = "HEAD";
System.Net.WebResponse response = request.GetResponse();
// only text/html, text/xml, text/plain are allowed... extend as required
if (!response.ContentType.StartsWith("text/"))
{
e.Cancel = true;
MessageBox.Show("Not allowed for security resons...");
}
显然,这不是防弹的解决方案,但可以给你一个想法如何开始(如果你不介意额外的微小往返只检索HTTP响应头)。
Obviously this is not bullet-proof solution but can give you an idea how to get started (if you don't mind extra tiny roundtrip just to retrieve http response headers).
延Bannmann写道:
这是不理想的,因为我处理 网络应用程序,其中所述额外 请求可能触发一个动作是 进行两次: - (
This is not ideal, as I'm dealing with web applications where the extra request might trigger an action being carried out twice :-(
然后,我会创建一些简单的代理服务器,它会检查所有接收到的数据,并会过滤掉所有的HTTP响应可能引发另存为在Web浏览器的控制对话框。
Then I would create some simple proxy server that would inspect all received data and would filter out all http responses that could trigger "Save as" dialog in your web-browser control.
简单地说,不要让你的网页浏览器控件直接访问互联网,但委托的所有HTTP请求到您特殊的代理服务器,将过滤掉所有不安全响应从网络。
Simply, don't let your web-browser control directly access the internet but delegate all http requests to your special proxy server that will filter out all unsafe responses from the web.
这篇关于如何阻止下载的.NET WebBrowser控件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
