How to mark the MFC ActiveX control as a secure script and initialization

In the status of http://support.microsoft.com/kb/161873/zh-cn, the MFC ActiveX control is not marked as Script Security and initialization security. When the control is running, the security level in Internet Explorer is set to medium or high, which becomes obvious. The data in any mode of the control is insecure or the control is not a secure script to be used, and a warning may be displayed.

Controls can be used to eliminate these errors. The first control involves implementing the IObjectSafety interface, which is useful for controls that want to change their behavior and become "secure. The second function involves modifying the control's DllRegisterServer function to mark the control's "security" in the registry ". This article introduces the second of these methods. The first method to implement the IObjectSafety interface is described in the Internet client SDK.

Remember that the control should only be marked as secure, if it is, actually, safe. For more information about the Internet client SDK documentation, see. In the component development section, see "Security Initialization and ActiveX control templates ".

Note:This article does not cover how to mark the control as secure download. For more information about code download and $ code signature, see Internet client SDK. Go back to the top. For more information, follow these steps to mark your MFC ActiveX control as a secure operation for Script Security and initialization:

1. Add the following cathelp. h and cathelp. cpp files to your project to implement the helper function of CreateComponentCategory and RegisterCLSIDInCategory.
   Back to Top Cathelp. h

         #include "comcat.h"      // Helper function to create a component category and associated      // description      HRESULT CreateComponentCategory(CATID catid, WCHAR* catDescription);      // Helper function to register a CLSID as belonging to a component      // category      HRESULT RegisterCLSIDInCategory(REFCLSID clsid, CATID catid);

   Back to Top Cathelp. cpp

         #include "comcat.h"      // Helper function to create a component category and associated      // description      HRESULT CreateComponentCategory(CATID catid, WCHAR* catDescription)      {         ICatRegister* pcr = NULL ;         HRESULT hr = S_OK ;         hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr,                               NULL,                               CLSCTX_INPROC_SERVER,                               IID_ICatRegister,                               (void**)&pcr);         if (FAILED(hr))            return hr;         // Make sure the HKCR/Component Categories/{..catid...}         // key is registered         CATEGORYINFO catinfo;         catinfo.catid = catid;         catinfo.lcid = 0x0409 ; // english         // Make sure the provided description is not too long.         // Only copy the first 127 characters if it is         int len = wcslen(catDescription);         if (len>127)            len = 127;         wcsncpy(catinfo.szDescription, catDescription, len);         // Make sure the description is null terminated         catinfo.szDescription[len] = '/0';         hr = pcr->RegisterCategories(1, &catinfo);         pcr->Release();         return hr;      }      // Helper function to register a CLSID as belonging to a component      // category      HRESULT RegisterCLSIDInCategory(REFCLSID clsid, CATID catid)      {         // Register your component categories information.         ICatRegister* pcr = NULL ;         HRESULT hr = S_OK ;         hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr,                               NULL,                               CLSCTX_INPROC_SERVER,                               IID_ICatRegister,                               (void**)&pcr);         if (SUCCEEDED(hr))         {            // Register this category as being "implemented" by            // the class.            CATID rgcatid[1] ;            rgcatid[0] = catid;            hr = pcr->RegisterClassImplCategories(clsid, 1, rgcatid);         }         if (pcr != NULL)            pcr->Release();         return hr;      }

2. Modify to be marked as the security control DllRegisterServer. Find the implementation of DllRegisterServer in the. cpp file in your project. You need to add several objects to this. cpp file. The files that implement CreateComponentCategory and RegisterCLSIDInCategory include:

         #include "CatHelp.h"

   Associate the definition GUID with the security component category:

         const CATID CATID_SafeForScripting     =      {0x7dd95801,0x9882,0x11cf,{0x9f,0xa9,0x00,0xaa,0x00,0x6c,0x42,0xc4}};      const CATID CATID_SafeForInitializing  =      {0x7dd95802,0x9882,0x11cf,{0x9f,0xa9,0x00,0xaa,0x00,0x6c,0x42,0xc4}};

   Define the GUID associated with your control. For simplicity, you can useIMPLEMENT_OLECREATE_EXMacro GUID to borrow. Slightly adjust the format so that the appearance is as follows:

         const GUID CDECL BASED_CODE _ctlid =      { 0x43bd9e45, 0x328f, 0x11d0,              { 0xa6, 0xb9, 0x0, 0xaa, 0x0, 0xa7, 0xf, 0xc2 } };

   The recipient marks your control as the two secure scripts and $ initialization, and modifies the DllRegisterServer function, as shown below:

         STDAPI DllRegisterServer(void)      {          AFX_MANAGE_STATE(_afxModuleAddrThis);          if (!AfxOleRegisterTypeLib(AfxGetInstanceHandle(), _tlid))              return ResultFromScode(SELFREG_E_TYPELIB);          if (!COleObjectFactoryEx::UpdateRegistryAll(TRUE))              return ResultFromScode(SELFREG_E_CLASS);          if (FAILED( CreateComponentCategory(                  CATID_SafeForScripting,                  L"Controls that are safely scriptable") ))                return ResultFromScode(SELFREG_E_CLASS);          if (FAILED( CreateComponentCategory(                  CATID_SafeForInitializing,                  L"Controls safely initializable from persistent data") ))                return ResultFromScode(SELFREG_E_CLASS);          if (FAILED( RegisterCLSIDInCategory(                  _ctlid, CATID_SafeForScripting) ))                return ResultFromScode(SELFREG_E_CLASS);          if (FAILED( RegisterCLSIDInCategory(                  _ctlid, CATID_SafeForInitializing) ))                return ResultFromScode(SELFREG_E_CLASS);          return NOERROR;      }

You cannot modify the DllUnregisterServer function for these two reasons:

• You do not want to delete a component category because other controls may be using it.
• Although the UnRegisterCLSIDInCategory function is defined, the entries controlled by DllUnregisterServer are completely deleted from the Registry by default. Therefore, it is seldom used to delete the registered category from the control.

After compiling and registering your control, you should find the following items in the registry:

   HKEY_CLASSES_ROOT/Component   Categories/{7DD95801-9882-11CF-9FA9-00AA006C42C4}   HKEY_CLASSES_ROOT/Component   Categories/{7DD95802-9882-11CF-9FA9-00AA006C42C4}   HKEY_CLASSES_ROOT/CLSID/{"your controls GUID"}/Implemented   Categories/{7DD95801-9882-11CF-9FA9-00AA006C42C4}   HKEY_CLASSES_ROOT/CLSID/{"your controls GUID"}/Implemented   Categories/{7DD95802-9882-11CF-9FA9-00AA006C42C4}

Back to Top