ActiveX控件localhost可以调用，内外网IP不可以的解决办法_调能active 插件是不是能用本地ip-CSDN博客

本文链接：https://blog.csdn.net/passionkk/article/details/51700230

开发ActiveX控件过程中遇到这样的问题：

本机上开发完成后，用TstCon测试接口没问题。js写静态页面测试调用没问题。但是给到web端开发，他们使用内网IP或者外网地址时，会报错。如图：

开始以为是IE本地设置的问题，把对ActiveX限制的都改为允许，但是试了之后还是不行。后来联想到是否是因为本地调试IE用的Intranet策略，而以IP方式访问IE采用的是Internet策略。所以果断去设置Internet选项，如图，。

点开自定义级别，

把上图中『对未标记为可安全执行脚本的ActiveX控件初始化并执行脚本』改为启用后，发现有的机器可以，有的不成，而且设置后IE会提示不安全之类的。看起来很不优雅。果断放弃修改IE设置。

仔细想想，自己写的跟官方提供的一些控件理论上除了没有数字签名外，应该没别的不同，于是尝试增加数字签名，当然这个是没有认证的。尝试后这个方案也失败了。

找资料看到这样一篇文章：http://www.xuebuyuan.com/758961.html

里面讲到，在IE的中级安全设置上，是允许脚本安全的ActiveX创建并且不予警告的。那么IE怎么知道一个插件式脚本安全的呢？

①通过查询ActiveX是否实现了IObjectSafety接口，并且返回脚本安全；

②查询ActiveX是否在注册表Component Category Manager里表明自己实现了 CATID_SafeForInitializing 和 CATID_SafeForScripting。此方法修改DllRegisterServer函数

所以，问题的关键是我们自己的ActiveX控件实现CATID_SafeForInitializing 和 CATID_SafeForScripting，以及IObjectSafety接口。

那就来吧。

①实现CATID_SafeForInitializing 和 CATID_Safeforscripting

XXX.h中声明（以下XXX代表你的工程名，比如MyActiveX，则XXX.h表示MyActiveX.h）

包含头文件文件 #include "comcat.h"

HRESULT CreateComponentCategory(CATID catid, WCHAR* catDescription);
HRESULT RegisterCLSIDInCategory(REFCLSID clsid, CATID catid);

①xxxCtrl.h中声明：

//ObjSafe
	DECLARE_INTERFACE_MAP()

	BEGIN_INTERFACE_PART(ObjSafe, IObjectSafety)
	STDMETHOD_(HRESULT, GetInterfaceSafetyOptions)   (
		/*   [in]   */   REFIID   riid,
		/*   [out]   */   DWORD   __RPC_FAR   *pdwSupportedOptions,
		/*   [out]   */   DWORD   __RPC_FAR   *pdwEnabledOptions
	);

	STDMETHOD_(HRESULT, SetInterfaceSafetyOptions)   (
		/*   [in]   */   REFIID   riid,
		/*   [in]   */   DWORD   dwOptionSetMask,
		/*   [in]   */   DWORD   dwEnabledOptions
	);
	END_INTERFACE_PART(ObjSafe);

②xxxCtrl.cpp中实现：

const CATID CATID_SafeForScripting =
{ 0x7dd95801, 0x9882, 0x11cf, { 0x9f, 0xa9, 0x00, 0xaa, 0x00, 0x6c, 0x42, 0xc4 } };
const CATID CATID_SafeForInitializing =
{ 0x7dd95802, 0x9882, 0x11cf, { 0x9f, 0xa9, 0x00, 0xaa, 0x00, 0x6c, 0x42, 0xc4 } };

// 创建组件种类     
HRESULT CreateComponentCategory(CATID catid, WCHAR* catDescription)
{
	ICatRegister* pcr = NULL;
	HRESULT hr = S_OK;
	hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr, NULL, CLSCTX_INPROC_SERVER, IID_ICatRegister, (void**)&pcr);
	if (FAILED(hr)) return hr;
	// Make sure the HKCR\Component Categories\{..catid...}      
	// key is registered.      
	CATEGORYINFO catinfo;
	catinfo.catid = catid;
	catinfo.lcid = 0x0409; // english      
	// Make sure the provided description is not too long.      
	// Only copy the first 127 characters if it is.      
	int len = wcslen(catDescription);
	if (len>127) len = 127;
	wcsncpy(catinfo.szDescription, catDescription, len);
	// Make sure the description is null terminated.      
	catinfo.szDescription[len] = '\0';
	hr = pcr->RegisterCategories(1, &catinfo);
	pcr->Release();
	return hr;
}

// 注册组件种类     
HRESULT RegisterCLSIDInCategory(REFCLSID clsid, CATID catid)
{
	// Register your component categories information.      
	ICatRegister* pcr = NULL;
	HRESULT hr = S_OK;
	hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr, NULL, CLSCTX_INPROC_SERVER, IID_ICatRegister, (void**)&pcr);
	if (SUCCEEDED(hr)) {
		// Register this category as being "implemented" by the class.      
		CATID rgcatid[1];
		rgcatid[0] = catid;
		hr = pcr->RegisterClassImplCategories(clsid, 1, rgcatid);
	}
	if (pcr != NULL) pcr->Release();
	return hr;
}

STDAPI DllRegisterServer(void) 函数中，添加：

// 标记控件初始化安全.      
	// 创建初始化安全组件种类     
	HRESULT hr = CreateComponentCategory(CATID_SafeForInitializing, L"Controls safely initializable from persistent data!");
	if (FAILED(hr)) return hr;
	// 注册初始化安全     
	hr = RegisterCLSIDInCategory(BASED_CODE _tlid, CATID_SafeForInitializing);
	if (FAILED(hr)) return hr;
	// 标记控件脚本安全     
	// 创建脚本安全组件种类     
	hr = CreateComponentCategory(CATID_SafeForScripting, L"Controls safely scriptable!");
	if (FAILED(hr)) return hr;
	// 注册脚本安全组件种类     
	hr = RegisterCLSIDInCategory(BASED_CODE _tlid, CATID_SafeForScripting);
	if (FAILED(hr)) return hr;

STDAPI DllUnregisterServer(void) 中添加：

// 删除控件初始化安全入口. 
HRESULT hr = UnRegisterCLSIDInCategory(BASED_CODE _tlid, CATID_SafeForInitializing);
	if (FAILED(hr)) return hr;
	// 删除控件脚本安全入口     
	hr = UnRegisterCLSIDInCategory(BASED_CODE _tlid, CATID_SafeForScripting);
	if (FAILED(hr)) return hr;

xxxCtrl.h中添加：

//ObjSafe
	DECLARE_INTERFACE_MAP()

	BEGIN_INTERFACE_PART(ObjSafe, IObjectSafety)
	STDMETHOD_(HRESULT, GetInterfaceSafetyOptions)   (
		/*   [in]   */   REFIID   riid,
		/*   [out]   */   DWORD   __RPC_FAR   *pdwSupportedOptions,
		/*   [out]   */   DWORD   __RPC_FAR   *pdwEnabledOptions
	);

	STDMETHOD_(HRESULT, SetInterfaceSafetyOptions)   (
		/*   [in]   */   REFIID   riid,
		/*   [in]   */   DWORD   dwOptionSetMask,
		/*   [in]   */   DWORD   dwEnabledOptions
	);
	END_INTERFACE_PART(ObjSafe);

xxxCtrl.cpp中添加：

//接口映射
BEGIN_INTERFACE_MAP(CRtmpDumpCtrlCtrl, COleControl)
	INTERFACE_PART(CRtmpDumpCtrlCtrl, IID_IObjectSafety, ObjSafe)
END_INTERFACE_MAP()

ULONG FAR EXPORT CRtmpDumpCtrlCtrl::XObjSafe::AddRef()
{
	METHOD_PROLOGUE(CRtmpDumpCtrlCtrl, ObjSafe)
	return pThis->ExternalAddRef();
}

ULONG FAR EXPORT CRtmpDumpCtrlCtrl::XObjSafe::Release()
{
	METHOD_PROLOGUE(CRtmpDumpCtrlCtrl, ObjSafe)
		return pThis->ExternalRelease();
}

HRESULT FAR EXPORT CRtmpDumpCtrlCtrl::XObjSafe::QueryInterface(REFIID iid, void FAR* FAR* ppvObj)
{
	METHOD_PROLOGUE(CRtmpDumpCtrlCtrl, ObjSafe)
	return (HRESULT)pThis->ExternalQueryInterface(&iid, ppvObj);
}

const DWORD dwSupportedBits = INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA;
const DWORD dwNotSupportedBits = ~dwSupportedBits;

HRESULT   STDMETHODCALLTYPE
CRtmpDumpCtrlCtrl::XObjSafe::GetInterfaceSafetyOptions(
/* [in] */ REFIID riid,
/* [out] */ DWORD __RPC_FAR *pdwSupportedOptions,
/* [out] */ DWORD __RPC_FAR *pdwEnabledOptions)
{
	METHOD_PROLOGUE(CRtmpDumpCtrlCtrl, ObjSafe)
	HRESULT retval = ResultFromScode(S_OK);
	// does interface exist?   
	IUnknown FAR* punkInterface;
	retval = pThis->ExternalQueryInterface(&riid, (void **)&punkInterface);
	if (retval != E_NOINTERFACE)
	{ // interface exists   
		punkInterface->Release(); // release it--just checking!   
	}
	// we support both kinds of safety and have always both set, regardless of interface   
	*pdwSupportedOptions = *pdwEnabledOptions = dwSupportedBits;
	return retval; // E_NOINTERFACE if QI failed   
}

HRESULT STDMETHODCALLTYPE
CRtmpDumpCtrlCtrl::XObjSafe::SetInterfaceSafetyOptions(
/* [in] */ REFIID riid,
/* [in] */ DWORD dwOptionSetMask,
/* [in] */ DWORD dwEnabledOptions)
{
	METHOD_PROLOGUE(CRtmpDumpCtrlCtrl, ObjSafe)
		// does interface exist? 
	IUnknown FAR* punkInterface;
	pThis->ExternalQueryInterface(&riid, (void**)&punkInterface);
	if (punkInterface)
	{ // interface exists 
		punkInterface->Release(); // release it--just checking! 
	}
	else
	{ // interface doesn't exist 
		return ResultFromScode(E_NOINTERFACE);
	}

	// can't set bits we don't support 
	if (dwOptionSetMask & dwNotSupportedBits)
	{
		return ResultFromScode(E_FAIL);
	}

	// can't set bits we do support to zero 
	dwEnabledOptions &= dwSupportedBits;
	// (we already know there are no extra bits   in   mask   )   
	if ((dwOptionSetMask&dwEnabledOptions) != dwOptionSetMask)
	{
		return ResultFromScode(E_FAIL);
	}
	//don't need to change anything since we're always safe 
	return ResultFromScode(S_OK);
}

参考文章：

https://support.microsoft.com/zh-cn/kb/161873

https://msdn.microsoft.com/zh-cn/library/aa751977(v=vs.85).aspx

http://blog.sina.com.cn/s/blog_4f9fc08e01014ipt.html

http://www.xuebuyuan.com/758961.html

http://blog.csdn.net/aasmfox/article/details/38616997

乌云的两篇好文：

http://drops.wooyun.org/papers/5673

http://drops.wooyun.org/papers/7521