I have IE run on my system , I would like to send it an url.
I would like to know how should I find the running IE proccess and how should I send it the Url
I will need to send the Url to the Running IE process
You can just do this:
System.Diagnostics.Process.Start(url);
It will open it up with the default browser.
Documentation.
Hello I'm trying to write a webserver in C#.
The server is going to dynamically create a website based on some templates I defined.
The problem I have is that you only can access the webpage if you enter a password.
So I decided to make the browser open up a keep-alive connection, passing every request through it.
Then I have control over logged in clients and not logged in clients. Now the problem is that Firefox and Google Chrome, when it comes to requesting the images on the website, they just open up another connection from the same ip but a different port.
My webserver thinks that its another client and sends the login http page instead of the requested image.
So every time the website loads only 1 - 4 images are getting actually sent.
Now my question: Is there any way to force the browser NOT to open up parallel connections?
Or if not possible how should I deal with the problem?
For those who like to see some code here is what the core of the server looks like, just to understand my problem:
void ThreadStart()
{
while (true)
{
RunClient(listener.AcceptTcpClient());
}
}
void RunClient(TcpClient c)
{
Thread tht = new Thread(new ParameterizedThreadStart(RunIt));
tht.IsBackground = true;
tht.Start(c);//The login page is getting sent...
thtt.Add(tht);
}
Thanks in advance, Alex
Authenticating a HTTP connection rather than individual requests is wrong, wrong, wrong. Even if you could make the browser reuse a single connection (which you can't, because that's not how HTTP works), you wouldn't be able to count on this being respected by proxies or transparent web caches.
This is (some of) what cookies were invented for. Use them, or some kind of session identifier built into the URLs.
I would like to open a website in a user's default web browser, however since the url is user-defined I would also like to prevent them from doing anything other than opening a website.
I have seen people use Process.Start(url); to open a site in the default browser, but since the url is user-defined I want to be sure they don't enter something like a script location and execute it.
I also don't want to use Process.Start("iexplore", url); since I would rather open the link in the user's default browser.
Is there a way I can open a website in the user's default browser, without letting them launch any other process or command?
EDIT
For example, I don't want users to be able to enter C:\Windows\Notepad.exe into the Customer's Website field and open Notepad when they click the Website link
EDIT #2
I am not looking for a way to filter user's access online or have this substitute for property security. I am simply looking for a way to prevent users from launching any other application by entering in a bad url. If they enter "google" for a Customer's website, it should not throw an Open With file dialog, but instead launch the user's default web browser with the word "google" in the URL
You could look up the default browser from the registry. It's in several different places, but I think HKEY_CURRENT_USER\Software\Classes\http\shell\open\command would be a good place to look.
Extract the executable name from that, then Process.Start it with the user-entered URL as a parameter.
I found a way to do it, however I haven't tested to see if this will work on other operating systems
I get the Path for the DefaultWebBrowser from the registry and then use Process.Start(defaultBrowserPath, url);
public static void OpenWebsite(string url)
{
Process.Start(GetDefaultBrowserPath(), url);
}
private static string GetDefaultBrowserPath()
{
string key = #"http\shell\open\command";
RegistryKey registryKey =
Registry.ClassesRoot.OpenSubKey(key, false);
return ((string)registryKey.GetValue(null, null)).Split('"')[1];
}
Well, not really. What you could do is check whether it's a HTTP(s) URL, and whether the URL returns a text/html content-type - but not even that will help if the browser uses content sniffing (ignores content-type, tries to determine it from file content - IIRC IE6 does this, not sure what others).
Also, various browsers are susceptible to various security holes in malformed URLs (why does IE come to mind again?), so you may want to check for things like null hacks, EOL hacks, etc etc.
In the end, there is no perfect URL check - old/unpatched browsers will always be susceptible to some exploits, and that's not really something you can fix. You can, however, filter out most of them - whether it will be 80%, 99%, or 99.99%, depends on the amount of time you are willing to invest.
If I'm understanding you right, then there is no solution to the problem you describe. You're saying: how can I filter user-entered data (hopefully in the form of a Uri, but even a Uri is a very broad concept) to ensure that it's not malicious content. The answer is that without doing it manually, you can't.
http://here.dowloadmyvirus.com is a perfectly valid site Uri but you can never ever guarantee the content that will be served from there.
It needn't even be a Uri: if you hit Start/Run and type "iexplore c:\windows\notepad.exe" then (with IE9 RTM) I get my own local notepad.exe launched as a download. There's nothing to stop you pointing at a malicious script hosted online.
I'd suggest that you either need to limit access so that only a few trusted users can edit whatever data it is you're managing, or have an audit process in place to ensure that such content is validated before it's published.
I've worked out a way, which takes advantage of the fact that javascript runs in a sandbox.
Have a web-page (e.g. http://mydomain/LaunchPage.html) that is accessibly to your desktop application. Call it by putting your URL on the query string (so http://mydomain/LaunchPage.html?URL=http://www.google.com).
All the LaunchPage does is to use JavaScript to set the document.location.
<script>
/*
* Retrieve names values from the query string.
* Based on an idea from
* http://ilovethecode.com/Javascript/Javascript-Tutorials-How_To-Easy/Get_Query_String_Using_Javascript.shtml
*/
function queryString(key) {
args = window.location.search.substring(1).split("&");
for (i = 0; i < args.length; i++) {
keyValuePair = args[i].split("=");
if (keyValuePair[0].toUpperCase() == key.toUpperCase()) {
return keyValuePair[1];
}
}
return null;
}
document.Location = queryString("URL");
</script>
If the URL is set to a local file or something, then the JavaScript sandbox will prevent it being used.
You can now use the following code in perfect safety.
Process.Start("http://mydomain/LaunchPage.html?URL=C:\Windows\Notepad.exe")
EDIT Note that the HTML file could be installed alongside your application. If you have done this, the code to launch it would be something like:
Process.Start("c:\<InstallRoot>\LaunchPage.html?URL=C:\Windows\Notepad.exe")
I think you can check the url to confirm that it is a valid URL not a path of an executable file.
You can use regular expressions to validate the url, have a look here here.
Good luck!
It seems to me that you are worrying about something that is not in fact a problem. If the user could run a program rather than a URL from your app, then they could just as well run a program themselves. It's only a security concern if you accept input from some entity other than the logged on user.
I need to access simultaniously multiple instances of a web services with the following Url. The web services is hosted in IIS and has SSL enabled.
https://services.mysite.com/data/data.asmx
Usually, when we do this process manually, we go one by one and update the Windows host file (c:\Windows\System32\drivers\etc\hosts) like this :
192.1.1.100 services.mysite.com
I would like to automate the process and do it with some multithreading. So I cannot change the Host file. Is there a way to simulate a host file when we do a HTTP request in C#?
Thanks!
If you know the IP address of the server's SSL endpoint (which isn't necessarily the same as the server's default IP address), then you could just aim you web-service at that? Obviously the SSL check will fail, but you can disable that through code...
ServicePointManager.ServerCertificateValidationCallback += delegate
{
return true; // you might want to check some of the certificate detials...
};
I think you get the same effect by setting the proxy server of that specific request to the IP address of the actual Web server you want to send the request to.
You can change the URL that your request is hitting at runtime, something like this:
svc.Url = "http://firstServer.com";
So if you create a program that loops through each of your desired servers, just update the URL property directly (that example is taken from WSE 3 based web services).
Problem:
How to inject my own response stream to currently running iexplore.exe window..
Explation:
While user typing "www.google.com" in address bar of Ie.., Instead of showing response from
Google Webserver...I want to show my own stream which contains text like "
"The site blocked."
The important thing is I need all stuffs in Client Machine - C# Windows Service.
So how can I dynamically inject my own response to web client..?
Web filtering software.
Either control each explorer instance via COM interfaces (works for Internet Explorer only). Maybe there is a way to do so with other browsers using DDE.
or to set up a local proxy and implement filtering there.
In this case each browser should be configured to use the proxy.
For the simple reason of blocking sites you can edit %WINNT%\system32\drivers\etc\hosts file and set the site's url to point to 127.0.0.1 (localhost)
In this case local machine just won't resolve, e.g. www.google.com correctly.
Or, ...