Determining URL from ActiveX Control

This is a simple technique to determine the URL of the web page in which the ActiveX control is hosted.

Introduction

I had to develop ActiveX controls for web based applications. Some of these controls were manipulating the local resources. To disable malicious use of these control by others through scripting, I had to implement security check. I decided to implement a simple security scheme where I determine the url in which the control is hosted. If the url comes from our domain, I enabled its functionality.

I used GetMoniker method of IOleClientSite Interface.The IMoniker interface has GetDisplayName() method,
which returns a user-readable representation of the moniker.

Code:

 HRESULT hrResult	= S_FALSE;
 IOleClientSite *pClientSite = NULL;
 IMoniker* pMoniker	= NULL;
 LPOLESTR sDisplayName;

 // If using ATL to develop, use the m_spClientSite data
 // member of CComControl class.

 // If using MFC, use the following code: 
 // (member function of COleControl class 
 // - don't forget to call release)
 // pClientSite = GetClientSite();

 hrResult = m_spClientSite->GetMoniker(OLEGETMONIKER_TEMPFORUSER,
                                       OLEWHICHMK_CONTAINER,
                                       &pMoniker);
 if(SUCCEEDED(hrResult))
 {
  hrResult = pMoniker->GetDisplayName(NULL,
                                      NULL,
                                      &sDisplayName);
  pMoniker->Release();
 }

 //TODO : relevant processing with sDisplayName and
 //free sDisplayName using SysFreeString()


Comments

  • can you send me a demo plz

    Posted by fask_annexe on 06/12/2004 09:31am

    hi i want this source for my project , can you send me a demo plzz

    Reply
  • Good Idea !

    Posted by Legacy on 02/14/2004 12:00am

    Originally posted by: www.yamaoku.org/default.html

    This one is a good idea !

    Soon, I am glad to present You sone results of my research on COM related information processing using Microsoft windows driven computers ...

    Remember that website ID: YAMAOKU.ORG

    Connect to "http://www.yamaoku.org/default.html"; to access those results ...

    Reply
  • GetClientSite is null why

    Posted by Legacy on 01/09/2004 12:00am

    Originally posted by: Sax

    void CActiDiagCtrl::OnButton1() 
    
    {
    //MFC Control
    LPOLECLIENTSITE pClientSite = GetClientSite();
    if(pClientSite)
    {
    AfxMessageBox("Working");
    }else
    {
    AfxMessageBox("Not working");
    }
    }
    Why is this not working

    My control is in a web page. I click on my Page1.htm to open the file and I click button one of my activex and it is not working.

    Reply
  • Is there other alternative way? Thanks.

    Posted by Legacy on 12/06/2003 12:00am

    Originally posted by: AL

    Is there other alternative way? Thanks.

    Reply
  • does this work with Netscape on windows ?

    Posted by Legacy on 07/17/2003 12:00am

    Originally posted by: Hrishikesh Lele

    hi,

    Nice article !

    Could you pls let me know if this works with Netscape on Windows ?

    hrishi

    Reply
  • Cool work !

    Posted by Legacy on 07/16/2003 12:00am

    Originally posted by: Hrishikesh Lele

    Cool work !

    Reply
  • Good Idea

    Posted by Legacy on 05/03/2003 12:00am

    Originally posted by: www.ftr28i67.de

    This is a good idea ...

    Reply
  • bad work!

    Posted by Legacy on 09/18/2002 12:00am

    Originally posted by: waterwhu

    can not resolve all of problem!!!
    can you stop using flashget to get some bad files?
    No!!!

    Reply
  • eqwe

    Posted by Legacy on 03/01/2002 12:00am

    Originally posted by: erwe

    wqe

    Reply
Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Live Event Date: February 11, 2015 @ 1:00 p.m. ET / 10:00 a.m. PT New computing platforms, expanding information environments, recurrent security breaches and evolving regulatory frameworks are factors that security executives must contend with and address when developing their security strategy. In response to these dynamics, security executives are seeking stronger, more nimble and more pervasive security technologies to help protect business-critical information from unauthorized disclosure, loss or …

  • Live Event Date: February 25, 2015 @ 2:00 p.m. ET / 11:00 a.m. PT Secure Shell (SSH) keys provide unmitigated access for privileged users and applications. However, managing and securing these critical privileged credentials poses a real challenge for organizations, putting sensitive data at risk. In fact, more than 50% of organizations report experiencing an SSH Key related compromise. Check out this upcoming eSeminar and join Adam Bosnian, EVP of Global Business Development at CyberArk, as he discusses the …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date