有没有测试,看看是否该工艺具有计算机管理权限的规范呢?
我将要开始一个长期运行的进程,和许多在后面的过程一生它会尝试一些事情,需要管理员权限。
我希望能够测试前面如果进程有这些权利,而不是以后。
Answer 1:
这将检查用户是否是本地Administrators组中(假设你不检查域管理员权限)
using System.Security.Principal;
public bool IsUserAdministrator()
{
//bool value to hold our return value
bool isAdmin;
WindowsIdentity user = null;
try
{
//get the currently logged in user
user = WindowsIdentity.GetCurrent();
WindowsPrincipal principal = new WindowsPrincipal(user);
isAdmin = principal.IsInRole(WindowsBuiltInRole.Administrator);
}
catch (UnauthorizedAccessException ex)
{
isAdmin = false;
}
catch (Exception ex)
{
isAdmin = false;
}
finally
{
if (user != null)
user.Dispose();
}
return isAdmin;
}
Answer 2:
与Wadih M的代码开始,我已经得到了一些额外的P / Invoke的代码,试图处理当UAC是开的情况下。
http://www.davidmoore.info/blog/2011/06/20/how-to-check-if-the-current-user-is-an-administrator-even-if-uac-is-on/
首先,我们需要一些代码来支持GetTokenInformation API调用:
[DllImport("advapi32.dll", SetLastError = true)]
static extern bool GetTokenInformation(IntPtr tokenHandle, TokenInformationClass tokenInformationClass, IntPtr tokenInformation, int tokenInformationLength, out int returnLength);
/// <summary>
/// Passed to <see cref="GetTokenInformation"/> to specify what
/// information about the token to return.
/// </summary>
enum TokenInformationClass
{
TokenUser = 1,
TokenGroups,
TokenPrivileges,
TokenOwner,
TokenPrimaryGroup,
TokenDefaultDacl,
TokenSource,
TokenType,
TokenImpersonationLevel,
TokenStatistics,
TokenRestrictedSids,
TokenSessionId,
TokenGroupsAndPrivileges,
TokenSessionReference,
TokenSandBoxInert,
TokenAuditPolicy,
TokenOrigin,
TokenElevationType,
TokenLinkedToken,
TokenElevation,
TokenHasRestrictions,
TokenAccessInformation,
TokenVirtualizationAllowed,
TokenVirtualizationEnabled,
TokenIntegrityLevel,
TokenUiAccess,
TokenMandatoryPolicy,
TokenLogonSid,
MaxTokenInfoClass
}
/// <summary>
/// The elevation type for a user token.
/// </summary>
enum TokenElevationType
{
TokenElevationTypeDefault = 1,
TokenElevationTypeFull,
TokenElevationTypeLimited
}
然后,实际的代码来检测,如果用户是管理员(如果他们返回true,否则为false)。
var identity = WindowsIdentity.GetCurrent();
if (identity == null) throw new InvalidOperationException("Couldn't get the current user identity");
var principal = new WindowsPrincipal(identity);
// Check if this user has the Administrator role. If they do, return immediately.
// If UAC is on, and the process is not elevated, then this will actually return false.
if (principal.IsInRole(WindowsBuiltInRole.Administrator)) return true;
// If we're not running in Vista onwards, we don't have to worry about checking for UAC.
if (Environment.OSVersion.Platform != PlatformID.Win32NT || Environment.OSVersion.Version.Major < 6)
{
// Operating system does not support UAC; skipping elevation check.
return false;
}
int tokenInfLength = Marshal.SizeOf(typeof(int));
IntPtr tokenInformation = Marshal.AllocHGlobal(tokenInfLength);
try
{
var token = identity.Token;
var result = GetTokenInformation(token, TokenInformationClass.TokenElevationType, tokenInformation, tokenInfLength, out tokenInfLength);
if (!result)
{
var exception = Marshal.GetExceptionForHR( Marshal.GetHRForLastWin32Error() );
throw new InvalidOperationException("Couldn't get token information", exception);
}
var elevationType = (TokenElevationType)Marshal.ReadInt32(tokenInformation);
switch (elevationType)
{
case TokenElevationType.TokenElevationTypeDefault:
// TokenElevationTypeDefault - User is not using a split token, so they cannot elevate.
return false;
case TokenElevationType.TokenElevationTypeFull:
// TokenElevationTypeFull - User has a split token, and the process is running elevated. Assuming they're an administrator.
return true;
case TokenElevationType.TokenElevationTypeLimited:
// TokenElevationTypeLimited - User has a split token, but the process is not running elevated. Assuming they're an administrator.
return true;
default:
// Unknown token elevation type.
return false;
}
}
finally
{
if (tokenInformation != IntPtr.Zero) Marshal.FreeHGlobal(tokenInformation);
}
Answer 3:
如果你想确保你的解决方案在Vista UAC的作品,并有.NET Framework 3.5或更好的,你可能想使用System.DirectoryServices.AccountManagement命名空间。 您的代码看起来是这样的:
bool isAllowed = false;
using (PrincipalContext pc = new PrincipalContext(ContextType.Machine, null))
{
UserPrincipal up = UserPrincipal.Current;
GroupPrincipal gp = GroupPrincipal.FindByIdentity(pc, "Administrators");
if (up.IsMemberOf(gp))
isAllowed = true;
}
Answer 4:
试图欧文的代码,但它并没有编译。
心动不如行动,以这样的工作:
[DllImport("shell32.dll")] public static extern bool IsUserAnAdmin();
Answer 5:
使用.NET Framework 4.5,它似乎更容易检查,如果用户是管理员组:
WindowsPrincipal principal = WindowsPrincipal.Current;
bool canBeAdmin = principal.Claims.Any((c) => c.Value == "S-1-5-32-544");
Answer 6:
借力IsInRole方法其他答案只有当用户与提升令牌运行返回true,正如其他人的评论。 下面是只是在一个标准和高温情况下本地Administrators组成员身份检查潜在的替代品:
bool isAdmin = false;
using (var user = WindowsIdentity.GetCurrent())
{
var principal = new WindowsPrincipal(user);
// Check for token claim with well-known Administrators group SID
const string LOCAL_ADMININSTRATORS_GROUP_SID = "S-1-5-32-544";
if (principal.Claims.SingleOrDefault(x => x.Value == LOCAL_ADMININSTRATORS_GROUP_SID) != null)
{
isAdmin = true;
}
}
return isAdmin;
Answer 7:
使用可以使用WMI像这样的东西,以找出是否该帐户是管理员,和其它任何东西,你想知道有帐户
using System;
using System.Management;
using System.Windows.Forms;
namespace WMISample
{
public class MyWMIQuery
{
public static void Main()
{
try
{
ManagementObjectSearcher searcher =
new ManagementObjectSearcher("root\\CIMV2",
"SELECT * FROM Win32_UserAccount");
foreach (ManagementObject queryObj in searcher.Get())
{
Console.WriteLine("-----------------------------------");
Console.WriteLine("Win32_UserAccount instance");
Console.WriteLine("-----------------------------------");
Console.WriteLine("AccountType: {0}", queryObj["AccountType"]);
Console.WriteLine("FullName: {0}", queryObj["FullName"]);
Console.WriteLine("Name: {0}", queryObj["Name"]);
}
}
catch (ManagementException e)
{
MessageBox.Show("An error occurred while querying for WMI data: " + e.Message);
}
}
}
}
为了更容易上手下载WMI的创造者
你也可以使用这个它的访问活动目录(LDAP)或其他任何您的计算机/网络
Answer 8:
关于什么:
using System.Runtime.InteropServices;
internal static class Useful {
[DllImport("shell32.dll", EntryPoint = "IsUserAnAdmin")]
public static extern bool IsUserAnAdministrator();
}
Answer 9:
有4个可能的方法 - 我喜欢:
(new WindowsPrincipal(WindowsIdentity.GetCurrent())).IsInRole(WindowsBuiltInRole.Administrator);
这里是代码给你所有相关索赔数据列表是当前的用户的身份。
注意:有beween索赔清单一个很大的区别是WindowsPrincipal.Current .Claims和(新WindowsPrincipal(WindowsIdentity.GetCurrent())).Claims之间返回
Console.WriteLine("press the ENTER key to start listing user claims:");
Console.ReadLine();
Console.WriteLine("---------------------");
Console.WriteLine("---------------------");
bool canBeAdmin = (new WindowsPrincipal(WindowsIdentity.GetCurrent())).IsInRole(WindowsBuiltInRole.Administrator);
Console.WriteLine("GetCurrent IsInRole: canBeAdmin:{0}", canBeAdmin);
Console.WriteLine("---------------------");
Console.WriteLine("---------------------");
canBeAdmin = (new WindowsPrincipal(WindowsIdentity.GetCurrent())).Claims.Any((c) => c.Value == "S-1-5-32-544");
Console.WriteLine("GetCurrent Claim: canBeAdmin?:{0}", canBeAdmin);
Console.WriteLine("---------------------");
Console.WriteLine("---------------------");
canBeAdmin = (new WindowsPrincipal(WindowsIdentity.GetCurrent())).IsInRole("Administrator");
Console.WriteLine("GetCurrent IsInRole \"Administrator\": canBeAdmin?:{0}", canBeAdmin);
Console.WriteLine("---------------------");
Console.WriteLine("---------------------");
canBeAdmin = (new WindowsPrincipal(WindowsIdentity.GetCurrent())).IsInRole("Admin");
Console.WriteLine("GetCurrent IsInRole \"Admin\": canBeAdmin?:{0}", canBeAdmin);
Console.WriteLine("---------------------");
Console.WriteLine("---------------------");
canBeAdmin = WindowsPrincipal.Current.IsInRole("Admin");
Console.WriteLine("Current IsInRole \"Admin\": canBeAdmin:{0}", canBeAdmin);
Console.WriteLine("---------------------");
Console.WriteLine("---------------------");
canBeAdmin = WindowsPrincipal.Current.IsInRole("Administrator");
Console.WriteLine("Current IsInRole \"Administrator\": canBeAdmin:{0}", canBeAdmin);
Console.WriteLine("---------------------");
Console.WriteLine("---------------------");
canBeAdmin = WindowsPrincipal.Current.Claims.Any((c) => c.Value == "S-1-5-32-544");
Console.WriteLine("Current Claim: canBeAdmin?:{0}", canBeAdmin);
Console.WriteLine("---------------------");
Console.WriteLine("---------------------");
Console.WriteLine("WindowsPrincipal Claims:");
Console.WriteLine("---------------------");
var propertyCount = 0;
foreach (var claim in WindowsPrincipal.Current.Claims)
{
Console.WriteLine("{0}", propertyCount++);
Console.WriteLine("{0}", claim.ToString());
Console.WriteLine("Issuer:{0}", claim.Issuer);
Console.WriteLine("Subject:{0}", claim.Subject);
Console.WriteLine("Type:{0}", claim.Type);
Console.WriteLine("Value:{0}", claim.Value);
Console.WriteLine("ValueType:{0}", claim.ValueType);
}
Console.WriteLine("---------------------");
Console.WriteLine("---------------------");
Console.WriteLine("WindowsPrincipal Identities Claims");
Console.WriteLine("---------------------");
propertyCount = 0;
foreach (var identity in WindowsPrincipal.Current.Identities)
{
int subPropertyCount = 0;
foreach (var claim in identity.Claims)
{
Console.WriteLine("{0} {1}", propertyCount, subPropertyCount++);
Console.WriteLine("{0}", claim.ToString());
Console.WriteLine("Issuer:{0}", claim.Issuer);
Console.WriteLine("Subject:{0}", claim.Subject);
Console.WriteLine("Type:{0}", claim.Type);
Console.WriteLine("Value:{0}", claim.Value);
Console.WriteLine("ValueType:{0}", claim.ValueType);
}
Console.WriteLine();
propertyCount++;
}
Console.WriteLine("---------------------");
Console.WriteLine("---------------------");
Console.WriteLine("Principal Id Claims");
Console.WriteLine("---------------------");
var p = new WindowsPrincipal(WindowsIdentity.GetCurrent());
foreach (var claim in (new WindowsPrincipal(WindowsIdentity.GetCurrent())).Claims)
{
Console.WriteLine("{0}", propertyCount++);
Console.WriteLine("{0}", claim.ToString());
Console.WriteLine("Issuer:{0}", claim.Issuer);
Console.WriteLine("Subject:{0}", claim.Subject);
Console.WriteLine("Type:{0}", claim.Type);
Console.WriteLine("Value:{0}", claim.Value);
Console.WriteLine("ValueType:{0}", claim.ValueType);
}
Console.WriteLine("press the ENTER key to end");
Console.ReadLine();
文章来源: In .NET/C# test if process has administrative privileges
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 我命由我不由天 的文章《在.NET / C#测试进程是否具有管理权限在.NET / C#测试进程是否具有管理权限(In .N》','https://www.manongdao.com/article-847987.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}