How to elevate privileges only when required?

2019-01-01 02:31发布

This question applies to Windows Vista!

I have an application which normally works without administrative privileges. There is one activity which does need administrative privilege but I don't want to start the application itself with higher privileges when I know most of time user wont even be using that feature.

I am thinking about certain method by which I can elevate the privileges of application on some event (such as press of a button). Example:

If user clicks this button then he is prompted with UAC dialog or consent. How can I do this?

6条回答
余生请多指教
2楼-- · 2019-01-01 02:44

You need a UAC moniker and the code to run elevated as a COM object.

See this question.

Documentation on MSDN.

查看更多
无与为乐者.
3楼-- · 2019-01-01 02:47

The following MSDN KB article 981778 describes how to 'self-elevate' an application:

http://support.microsoft.com/kb/981778

It contains downloadable samples in Visual C++, Visual C#, Visual Basic.NET.

This approach gets around the need to start a separate process, but in fact it is the original application that is restarted, running as an elevated user. Nevertheless this may still be very useful in some contexts where it is not practical to duplicate code in a separate executable.

To remove the elevation, you need to quit the application.

查看更多
裙下三千臣
4楼-- · 2019-01-01 02:52

As it was said there:

Process.StartInfo.UseShellExecute = true;
Process.StartInfo.Verb = "runas";

will run the process as admin to do whatever you need with the registry, but return to your app with the normal privileges.

查看更多
君临天下
5楼-- · 2019-01-01 02:56

I know this is an old post, but this is in response to anyone else who comes across MarcP's suggestion. The msdn post he referenced indeed does restart the applications in all of the code examples. The code samples use the runas verb proposed already in other suggestions.

I downloaded the code to make sure, but this is from the original msdn article:

4. Click Yes to approve the elevation. Then, the original application restarts, running as an elevated administrator.
5. Close the application.

查看更多
无与为乐者.
6楼-- · 2019-01-01 02:57

I don't believe that it is possible to elevate the currently running process. It is built into Windows Vista that administrator privileges are given to a process upon startup, as I understand. If you look at various programs that utilise UAC, you should see that they actually launch a separate process each time an administrative action needs to be performed (Task Manager is one, Paint.NET is another, the latter being a .NET application in fact).

The typical solution to this problem is to specify command line arguments when launching an elevated process (abatishchev's suggestion is one way to do this), so that the launched process knows only to display a certain dialog box, and then quit after this action has been completed. Thus it should hardly be noticeable to the user that a new process has been launched and then exited, and would rather appear as if a new dialog box within the same app has been opened (especially if you some hackery to make the main window of the elevated process a child of the parent process). If you don't need UI for the elevated access, even better.

For a full discussion of UAC on Vista, I recommend you see this very through article on the subject (code examples are in C++, but I suspect you'll need to use the WinAPI and P/Invoke to do most of the things in C# anyway). Hopefully you now at least see the right approach to take, though designing a UAC compliant program is far from trivial...

查看更多
呛了眼睛熬了心
7楼-- · 2019-01-01 03:06

Perhaps someone comes in handy this simple example:

using System;
using System.Linq;
using System.Reflection;
using System.Diagnostics;
using System.Security.Principal;
using System.Windows.Forms;

namespace WindowsFormsApp1
{
    internal static class Program
    {
        private class Form1 : Form
        {
            internal Form1()
            {
                var button = new Button{ Dock = DockStyle.Fill };
                button.Click += (sender, args) => RunAsAdmin();
                Controls.Add(button);

                ElevatedAction();
            }
        }

        [STAThread]
        internal static void Main(string[] arguments)
        {
            if (arguments?.Contains("/run_elevated_action") == true)
            {
                ElevatedAction();
                return;
            }

            Application.Run(new Form1());
        }

        private static void RunAsAdmin()
        {
            var path = Assembly.GetExecutingAssembly().Location;
            using (var process = Process.Start(new ProcessStartInfo(path, "/run_elevated_action")
            {
                Verb = "runas"
            }))
            {
                process?.WaitForExit();
            }
        }

        private static void ElevatedAction()
        {
            MessageBox.Show($@"IsElevated: {IsElevated()}");
        }

        private static bool IsElevated()
        {
            using (var identity = WindowsIdentity.GetCurrent())
            {
                var principal = new WindowsPrincipal(identity);

                return principal.IsInRole(WindowsBuiltInRole.Administrator);
            }
        }

    }
}
查看更多
登录 后发表回答