Welcome  |  Sign in
Skip Navigation Links
Internet Explorer Developer Center
Click to Rate and Give Feedback
MSDN
MSDN Library
Web Development
Security Zones
Reference
Interfaces
 MapUrlToZone Method
IInternetSecurityManager::MapUrlToZone Method

Gets the zone index for the specified URL.

Syntax

HRESULT MapUrlToZone(      
    LPCWSTR pwszUrl,
    DWORD *pdwZone,
    DWORD dwFlags
);

Parameters

pwszUrl
[in] A string value that contains the URL.
pdwZone
[out] An unsigned long integer variable that specifies the zone index.
dwFlags
[in] An unsigned long integer value that specifies flags that control this method. If the value is set to ISECMGR_PREPEND_FILE, IInternetSecurityManager::MapUrlToZone adds "file:" to the beginning of the URL stored in pwszUrl.
MUTZ_NOSAVEDFILECHECK
Indicates that "file:" should not be checked for a saved file comment.
MUTZ_ISFILE
Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2 (SP2) and later. Indicates that the URL is a file and "file:" does not have to be prepended.
MUTZ_ACCEPT_WILDCARD_SCHEME
Internet Explorer 6 for Windows XP SP2 and later. Indicates that wildcard characters can be used.
MUTZ_ENFORCERESTRICTED
Indicates that the URL should be treated as if it were in the Restricted sites zone.
MUTZ_REQUIRESAVEDFILECHECK
Internet Explorer 6 for Windows XP SP2 and later. Always evaluate the "saved from url" information in the file. Setting this flag overrides the FEATURE_UNC_SAVEDFILECHECK feature control setting.
MUTZ_DONT_UNESCAPE
Internet Explorer 6 for Windows XP SP2 and later. Do not unescape the URL.

Return Value

Returns E_INVALIDARG if pdwZone is set to NULL, or S_OK otherwise.

Remarks

security note Security Alert  Incorrect implementation of this method can compromise the security of your application. A custom implementation of IInternetSecurityManager::MapUrlToZone should return only zones for URLs that the default application cannot or should not handle. For all other URLs, this method should return INET_E_DEFAULT_ACTION. Attempting to duplicate the default implementation can result in the incorrect mapping of zones and might leave users susceptible to spoofing or elevation of privilege attacks. Review Security Considerations: URL Security Zones API before you contine.

Example

The following example instantiates the default security manager to determine the correct zone for the input URL, szUrl. 

const char *rgZoneNames[] = { "Local", "Intranet", "Trusted", "Internet", "Restricted" };

IInternetSecurityManager* pInetSecMgr;
HRESULT hr = CoCreateInstance(CLSID_InternetSecurityManager, NULL, CLSCTX_ALL,
                        IID_IInternetSecurityManager, (void **)&pInetSecMgr);   
if (SUCCEEDED(hr))
{
    DWORD dwZone;
    hr = spInetSecMgr->MapUrlToZone(szUrl, &dwZone, 0);
    if (hr == S_OK)
    {
        if (dwZone < 5)
            printf("ZONE: %s (%d)\n", rgZoneNames[dwZone], dwZone);
        else
            printf("ZONE: Unknown (%d)\n", dwZone);
    }
    else
        printf("ZONE: Error %08x\n", hr);
        
    pInetSecMgr->Release();
}

See Also

IInternetSecurityManagerEx2::MapUrlToZoneEx2
Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Processing
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker