User Account Control

Previous page
Table of content
Next page

As a developer, user account control (UAC) is one of the features you can see immediately with Windows Vista. Although Windows guidelines have always mentioned this issue, many applications still need to run with the administrator account. For example, a normal user is not allowed to write data to the program files directory. administrative privileges are required. Because many applications don’t run without administrative privileges (although from the functionality of the program this wouldn’t be required), many users do log in to the system with the Administrator account. Of course, this leads to a high risk of installing Trojan horse programs.

Windows Vista avoids this problem in that the Administrator, by default, doesn’t have administrative privileges. The process has two security tokens associated with it, one with normal user privileges and one with admin privileges (in the case where the login is done to the Administrator account). With applications that require administrative privileges, the user can do an elevation to run the application as Administrator. This is either done from the context menu “Run as Administrator,” or an application can be configured to always require administrator privileges in the Compatibility properties of the application, as shown in Figure 44-1. This setting adds application compatibility flags to the registry at HKCU\Software\ Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers with a value for RUNASADMIN.

image from book
Figure 44-1

Applications Requiring Admin Privileges

For applications that require administrative privileges, you can also add an application manifest. You can do this either by adding a manifest file to the application or by embedding a Win32 resource file within the assembly.

An application manifest is an XML file similar to the application configuration file. While the application configuration file has the file extension .config, the manifest ends with .manifest. The name of the file must be set to the name of the application, including the exe file extension followed by .manifest. The manifest file contains XML data as shown here. The root element is <assembly>, which contains the child element <trustInfo>. The administrator requirement is defined with the level attribute of the <requestedExecutionLevel> element.

  <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">     <security>       <requestedPrivileges>         <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>       </requestedPrivileges>     </security>   </trustInfo> </assembly>

To automatically copy the manifest file with a build in Visual Studio, you can add the following copy command to the post-build commands of the project settings:

 copy $(ProjectDir)\$(TargetFileName).manifest $(TargetPath).manifest

When starting the application this way, you get an elevation prompt where the user is asked if she/he trusts the application to run with administrative privileges.

With the requestedExecutionLevel setting, you can specify the values requireAdministrator, highestAvailable, and asInvoker. highestAvailable means that the application gets the privileges the user has - but only after getting the consent from the user. requireAdministrator requires Administrator privileges. If the user is not logged on to the system as Administrator, a login dialog appears where the user can log in as Administrator for the application. asInvoker means that the application is running with the security token of the user.

The uiAccess attribute specifies if the application requires input to a higher-privilege-level window on the desktop. For example, an on-screen keyboard needs to drive input to other windows on the desktop, so the setting should be set to true for the application’s displaying the on-screen keyboard. Non-UI-accessibility applications should set this attribute to false.

Instead of adding a configuration file, you can also embed a resource in the assembly. Be aware that this resource is not a .NET resource but a Win32 resource. You can create a Win32 resource file with the file extension .rc. For an executable, the constant IDR_MANIFEST must be set to 1; for a DLL the value is 2.

  #include <winuser.h> #define IDR_MANIFEST 1 // 2 for a DLL IDR_MANIFEST RT_MANIFEST MOVEABLE PURE {     "<assembly xmlns=""urn:schemas-microsoft-com:asm.v1"" manifestVersion=""1.0"">        <trustInfo xmlns=""urn:schemas-microsoft-com:asm.v3"">          <security>            <requestedPrivileges>              <requestedExecutionLevel level=""requireAdministrator""                uiAccess=""false"" />            </requestedPrivileges>          </security>        </trustInfo>      </assembly>" }

The resource file must be compiled to a binary Win32 resource file. You can make this with the resource compiler rc that is part of the Windows SDK:

 rc UACManifest.rc

The resource compiler creates a binary Win32 resource file UACManifest.res. This resource file then needs to be embedded in the .NET assembly. The C# compiler csc.exe defines the option /win32res to embed Win32 resource files:

 csc /win32res:UACManifest.res /out:AdminRequired.exe program.cs assemblyinfo.cs

Starting the application, you can see the elevation prompt, looking the same as when it was shown in the manifest file.

Important 

Another option to get admin privileges to an application is by writing a Windows Service. Because UAC only applies to interactive processes, a Windows Service can get admin privileges. You can also write an unprivileged Windows application to communicate with the privileged Windows Service by using WCF or another communication technology.
Tip 

Windows services are covered in Chapter 22. WCF is covered in Chapter 40.

Shield Icon

If an application or a task from an application requires administrative privileges, the user is informed by an easily recognizable shield icon. The shield icon is attached to the controls that require elevation. The user expects to see an elevation prompt when clicking on an item with a shield. Figures 44-2 and 44-3 show the shield in use. The Task Manager requires elevation to see processes from all users. With User Accounts, changing the account type and giving other users access to the computer requires elevation.

image from book
Figure 44-2

image from book
Figure 44-3

You can create shield icons in your application by using the new command link control that is shown later in this chapter.

When the user clicks a control with a shield icon, an elevation prompt is shown. Elevation prompts are different, depending on the type of application that is elevated.

  • Windows needs your permission to continue. This prompt is shown for applications that are delivered with Windows.

  • A program needs your permission to continue. This prompt is shown with applications that contain a certificate to provide information about the publisher.

  • An unidentified program wants access to your computer. This prompt is shown with applications that don’t contain a certificate.



Previous page
Table of content
Next page
Professional C# 2005 with .NET 3.0
Professional C# 2005 with .NET 3.0
ISBN: 470124725
EAN: N/A
Year: 2007
Pages: 427
BUY ON AMAZON
Java I/O
CISSP Exam Cram 2
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Cisco Voice Gateways and Gatekeepers
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy