Click here to Skip to main content
Click here to Skip to main content

Internet Explorer Watchdog

, 18 Apr 2005
Rate this:
Please Sign up or sign in to vote.
Control Internet Explorer processes and clean windows password protected stores for a specific site

Introduction

I'm currently working in a university, and we bought a web solution to a third party company in Windows SharePoint. Basically the site runs on IIS with Basic Authentication and SSL.

After we deployed the solution, we encountered a problem... every student has to input his login/password on the authentication window several times, because the solution always keeps asking for the login/password when someone creates Word, Excel, PDF, etc. documents.

Note: There is only one profile for every computer in the labs, for student usage.

Solution

The solution was to develop a software solution that stays in the icon tray, and monitors all Internet Explorer processes that access the site XXX.
The software could only be disabled by a user with administrator profile.

Note: I used the HansBlomme.Windows.Forms.NotifyIcon.dll to develop the solution.

Watchdog is responsible for resetting the login/password saved in the site XXX after the user has terminated all Internet Explorer windows navigation on the site XXX.

How Do We Do This?

Using WMI to trap all start/terminated processes.

EventArrivedEventHandler
eventArrivedEventHandlerStart = new EventArrivedEventHandler(this.Win32ProcArrived);
            watcherStart =this.GetWatcher("__InstanceCreationEvent");
            watcherStart.EventArrived += eventArrivedEventHandlerStart;
            watcherStart.Start();

After we've trapped an event, we must filter all Internet Explorer browser windows from the process list, and trap all Browser.DocumentComplete events to monitor all URLS entered by the user.

Finally, when someone kills the last Internet Explorer window using the site XXX, watchdog will just erase the login/password entered from the system protected store.

Watchdog erases the credentials by calling cia.exe -dXXXX where XXXX is the site to remove the credentials from.

For erasing the password from the protected store, I’ve developed another application in C++ (CIA) that loads the pstorec.dll from the operating system, searches all keys that match the site XXX, and removes the entered authentication.

There is very little documentation on the protected store subject, but we can get all that we need from the Microsoft site.

Here is the source code to remove the credentials:

#import "pstorec.dll" no_namespace

// http://msdn.microsoft.com/library/default.asp?
//	url=/library/en-us/devnotes/winprog/pstore.asp
typedef HRESULT (WINAPI *PStoreCreateInstancePtr)(IPStore **, DWORD, DWORD, DWORD);

void removeSignature(char *site){

    USES_CONVERSION;
    HRESULT hRes;

    HMODULE hPstoreDLL = LoadLibrary("pstorec.dll"); 
    PStoreCreateInstancePtr PStoreCreateInstance = 
	(PStoreCreateInstancePtr)GetProcAddress(hPstoreDLL, "PStoreCreateInstance");

    IPStorePtr spPStore; 
    hRes = PStoreCreateInstance(&spPStore, 0, 0, 0);    

    IEnumPStoreTypesPtr spEnumTypes;
    hRes = spPStore->EnumTypes(0, 0, &spEnumTypes);

    GUID typeGUID;
    while(spEnumTypes->raw_Next(1,&typeGUID,0) == S_OK){            
        IEnumPStoreTypesPtr spEnumSubTypes;
        hRes = spPStore->EnumSubtypes(0, &typeGUID, 0, &spEnumSubTypes);
        GUID subtypeGUID;
        while(spEnumSubTypes->raw_Next(1,&subtypeGUID,0) == S_OK){
            IEnumPStoreItemsPtr spEnumItems;
            HRESULT hRes = spPStore->EnumItems(0, &typeGUID, 
				&subtypeGUID, 0, &spEnumItems);

            LPWSTR itemName;
            while(spEnumItems->raw_Next(1,&itemName,0) == S_OK){                
                _PST_PROMPTINFO *pi = NULL;                                    
                if (strstr(W2A((LPWSTR) itemName),site))
                    spPStore->WriteItem (0,&typeGUID,&subtypeGUID,itemName,9,
					(unsigned char *)"LOGIN?:",pi,0,0);   
            }
        }
    }
}

Explanation of Some Pieces of Code

_Handlers is the heart of watchdog, this class is responsible for all trapping/monitoring processes/events.

I will explain some of the methods of this class:

isAdministrator() 

This function verifies if the current user has administrative privileges.

public bool isAdministrator()
{
    AppDomain ad = Thread.GetDomain();
    ad.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
    WindowsPrincipal user = (WindowsPrincipal)Thread.CurrentPrincipal;
    if(user.IsInRole(WindowsBuiltInRole.Administrator) || 
		user.IsInRole(WindowsBuiltInRole.Administrator))
        return true;
    return false;
} 

runPasswordCleaner() 

This function is responsible for running the CIA.EXE.

private void runPasswordCleaner(){                
    if (enabled){                
        string wd = System.IO.Path.GetDirectoryName
		( System.Reflection.Assembly.GetExecutingAssembly().
		GetName().CodeBase ).Replace (@"file:\","");
        System.Diagnostics.Process P= new Process();                        
        P.StartInfo.UseShellExecute = false;
        string site=this.URL.TrimStart ("http://".ToCharArray ());
        site=this.URL.TrimStart ("https://".ToCharArray ());
        P.StartInfo.Arguments = "-d"+site;
        P.StartInfo.RedirectStandardOutput = false;
        P.StartInfo.CreateNoWindow = true;
        P.StartInfo.RedirectStandardError = false;
        P.StartInfo.WorkingDirectory = wd+"\\";
        P.StartInfo.FileName = "cia.exe";
        P.Start();                                    
        P.WaitForExit ();            
        P.Close ();                

        this.siteActive =false;
    }
}

Conclusion

This is of course an application that serves my goals, but the source code can be easily altered to satisfy other purposes.

History

  • 18th April, 2005: Initial post

License

This article, along with any associated source code and files, is licensed under The GNU General Public License (GPLv3)

About the Author

inginheiiro
Web Developer
Portugal Portugal
I first started in 1982, teaching myself Z80 assembler and BASIC.
 
I'm a customer engineer, working in software development industry.
 
I live in a small town in Portugal called BRAGA.
 
My favourite programming language is Perl.
 
I've a strong background in ANSI C, Java, C#,VB.NET, Linux, Mysql, Oracle, SQL Server, Web Development (JSP, ASP, CGI, PHP), ... and of course PERL Smile | :)
 
I'm always interested in solve complex problems, but unfortunely I don’t have much time to spent on research of what I consider interesting … maybe some day …

Comments and Discussions

 
GeneralHansBlomme.Windows.Forms.NotifyIcon Pinmemberlogan133722-Mar-08 9:21 
GeneralRe: HansBlomme.Windows.Forms.NotifyIcon Pinmemberlogan133722-Mar-08 10:51 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Mobile
Web04 | 2.8.140709.1 | Last Updated 18 Apr 2005
Article Copyright 2005 by inginheiiro
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid