一�、通過配置文件實(shí)現(xiàn)以管理員身份運(yùn)行程序
Vista 和 Windows 7 操作系統(tǒng)為了加強(qiáng)安全�����,增加了 UAC(用戶賬戶控制) 的機(jī)制����,如果 UAC 被打開,用戶即使是以管理員權(quán)限登錄�����,其應(yīng)用程序默認(rèn)情況下也無法對(duì)系統(tǒng)目錄��,系統(tǒng)注冊表等可能影響系統(tǒng)運(yùn)行的設(shè)置進(jìn)行寫操作����。這個(gè)機(jī)制大大增強(qiáng)了系統(tǒng)的安全性,但對(duì)應(yīng)用程序開發(fā)者來說���,我們不能強(qiáng)迫用戶去關(guān)閉UAC���,但有時(shí)我們開發(fā)的應(yīng)用程序又需要以 Administrator 的方式運(yùn)行���,即 Win7 中 以 as administrator 方式運(yùn)行,那么我們怎么來實(shí)現(xiàn)這樣的功能呢���?
我們在 win7 下運(yùn)行一些安裝程序時(shí)�,會(huì)發(fā)現(xiàn)首先彈出一個(gè)對(duì)話框�,讓用戶確認(rèn)是否同意允許這個(gè)程序改變你的計(jì)算機(jī)配置,但我們編寫的應(yīng)用程序默認(rèn)是不會(huì)彈出這個(gè)提示的�,也無法以管理員權(quán)限運(yùn)行。本文介紹了 C# 程序如何設(shè)置來提示用戶以管理員權(quán)限運(yùn)行�����。
首先在項(xiàng)目中增加一個(gè) Application Manifest File
201142211136465.png)
默認(rèn)的配置如下:
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1"
xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
If you want to utilize File and Registry Virtualization for backward
compatibility then delete the requestedExecutionLevel node.
-->
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</asmv1:assembly>
我們可以看到這個(gè)配置中有一個(gè) requestedExecutionLevel 項(xiàng)�����,這個(gè)項(xiàng)用于配置當(dāng)前應(yīng)用請(qǐng)求的執(zhí)行權(quán)限級(jí)別�。這個(gè)項(xiàng)有3個(gè)值可供選擇,如下表所示:
| Value | Description | Comment |
| asInvoker | The application runs with the same access token as the parent process. | Recommended for standard user applications. Do refractoring with internal elevation points, as per the guidance provided earlier in this document. |
| highestAvailable | The application runs with the highest privileges the current user can obtain. | Recommended for mixed-mode applications. Plan to refractor the application in a future release. |
| requireAdministrator | The application runs only for administrators and requires that the application be launched with the full access token of an administrator. | Recommended for administrator only applications. Internal elevation points are not needed. The application is already running elevated. |
asInvoker : 如果選這個(gè)��,應(yīng)用程序就是以當(dāng)前的權(quán)限運(yùn)行����。
highestAvailable: 這個(gè)是以當(dāng)前用戶可以獲得的最高權(quán)限運(yùn)行�����。
requireAdministrator: 這個(gè)是僅以系統(tǒng)管理員權(quán)限運(yùn)行。
默認(rèn)情況下是 asInvoker�。
highestAvailable 和 requireAdministrator 這兩個(gè)選項(xiàng)都可以提示用戶獲取系統(tǒng)管理員權(quán)限。那么這兩個(gè)選項(xiàng)的區(qū)別在哪里呢����?
他們的區(qū)別在于,如果我們不是以管理員帳號(hào)登錄�����,那么如果應(yīng)用程序設(shè)置為 requireAdministrator ����,那么應(yīng)用程序就直接運(yùn)行失敗,無法啟動(dòng)��。而如果設(shè)置為 highestAvailable,則應(yīng)用程序可以運(yùn)行成功��,但是是以當(dāng)前帳號(hào)的權(quán)限運(yùn)行而不是系統(tǒng)管理員權(quán)限運(yùn)行�。如果我們希望程序在非管理員帳號(hào)登錄時(shí)也可以運(yùn)行(這種情況下應(yīng)該某些功能受限制) ,那么建議采用 highestAvailable 來配置�。
關(guān)于requestedExecutionLevel 設(shè)置的權(quán)威文檔請(qǐng)參考下面鏈接:
Create and Embed an Application Manifest (UAC)
下面是修改后的配置文件:
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1"
xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
If you want to utilize File and Registry Virtualization for backward
compatibility then delete the requestedExecutionLevel node.
-->
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</asmv1:assembly>
配置文件修改后�����,我們運(yùn)行應(yīng)用程序����,就會(huì)首先彈出這樣一個(gè)提示框,點(diǎn) Yes 后����,程序才可以繼續(xù)運(yùn)行,并且獲得系統(tǒng)管理員的權(quán)限��。
.csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; }
640.png)
下面再來看看程序如何知道當(dāng)前運(yùn)行在系統(tǒng)管理員權(quán)限還是非系統(tǒng)管理員權(quán)限:
public static bool IsAdministrator()
{
WindowsIdentity identity = WindowsIdentity.GetCurrent();
WindowsPrincipal principal = new WindowsPrincipal(identity);
return principal.IsInRole(WindowsBuiltInRole.Administrator);
}.csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; }
這段代碼可以用于判斷當(dāng)前程序是否運(yùn)行在系統(tǒng)管理員權(quán)限下�����。如果配置為 asInvoker�����,在win7 下��,這個(gè)函數(shù)會(huì)返回 false �,如果是 requireAdministrator 則返回 true。
二���、通過編程以管理員身份運(yùn)行程序
在讀寫注冊表“HKEY_LOCAL_MACHINE\SOFTWARE\”下的項(xiàng)時(shí)��,明明注冊表中有�,但程序OpenSubKey始終返回Null,考慮到可能是因?yàn)闄?quán)限的原因��,于是我以管理員身份運(yùn)行了一次��,結(jié)果測試成功�����!原來真的是權(quán)限的問題�,于是就在程序里面加入了默認(rèn)以管理員身份運(yùn)行的代碼�。下面讓我們看看是怎么實(shí)現(xiàn)的吧!
程序默認(rèn)以管理員身份運(yùn)行
static void Main(string[] Args)
{
/**
* 當(dāng)前用戶是管理員的時(shí)候���,直接啟動(dòng)應(yīng)用程序
* 如果不是管理員���,則使用啟動(dòng)對(duì)象啟動(dòng)程序,以確保使用管理員身份運(yùn)行
*/
//獲得當(dāng)前登錄的Windows用戶標(biāo)示
System.Security.Principal.WindowsIdentity identity = System.Security.Principal.WindowsIdentity.GetCurrent();
//創(chuàng)建Windows用戶主題
Application.EnableVisualStyles();
System.Security.Principal.WindowsPrincipal principal = new System.Security.Principal.WindowsPrincipal(identity);
//判斷當(dāng)前登錄用戶是否為管理員
if (principal.IsInRole(System.Security.Principal.WindowsBuiltInRole.Administrator))
{
//如果是管理員�,則直接運(yùn)行
Application.EnableVisualStyles();
Application.Run(new Form1());
}
else
{
//創(chuàng)建啟動(dòng)對(duì)象
System.Diagnostics.ProcessStartInfo startInfo = new System.Diagnostics.ProcessStartInfo();
//設(shè)置運(yùn)行文件
startInfo.FileName = System.Windows.Forms.Application.ExecutablePath;
//設(shè)置啟動(dòng)參數(shù)
startInfo.Arguments = String.Join(" ", Args);
//設(shè)置啟動(dòng)動(dòng)作,確保以管理員身份運(yùn)行
startInfo.Verb = "runas";
//如果不是管理員,則啟動(dòng)UAC
System.Diagnostics.Process.Start(startInfo);
//退出
System.Windows.Forms.Application.Exit();
}
}
該文章在 2018/9/8 15:26:27 編輯過
400 186 1886
