UnauthorizedAccessException:拒绝访问路径 [英] UnauthorizedAccessException: Access to the path is denied
问题描述
作为使用 Wix 3.XX 的服务安装程序的一部分,我们一直在尝试加密连接字符串. 在访问了Stackoverflow和其他一些社区的几个选项之后,我们选择分三部分来完成.
As a part of service installer using Wix 3.XX, we have been trying to encrypt the connection string. After visiting couple of option on Stackoverflow and some other communities, we have opted to do it in three parts.
- 在第一部分中安装服务的安装程序
- 在安装结束时,它会调用小型可执行文件,该可执行文件选择现有配置的连接位置,对安装文件夹中的连接字符串进行加密,然后保存该配置.
- 一个
.bat文件,清除了用于加密的可执行文件(基本上不留痕迹)
- Installer that installs the service in the first part
- At the end of installation it invokes the small executable that picks the location of connection of existing config, encrypts the connection string inside the installation folder and save that config.
- A
.batfile that clears out the executable for the encryption (basically leaving no traces behind)
这三个部分都能很好地配合使用,但是当我尝试将加密可执行文件安装在"程序文件"或"程序文件(x86)"中时,加密可执行文件失败"使用非提升的权限(非管理员模式).
All three parts works well with co-ordination, but the encryption executable fails when I try to install that in "Program Files" or "Program Files (x86)" using non-elevated permission (non-admin mode).
调试给了我一些痕迹,这意味着安装程序未经授权可用于任何此类进程.
Debugging that has given me traces which means that Installer is unauthorized for any such processes.
这是执行此操作的代码段:
Here is the code snippet that does it:
1. var fileMap = new ExeConfigurationFileMap { ExeConfigFilename = configPath };
2. var configuration = ConfigurationManager.OpenMappedExeConfiguration(fileMap, ConfigurationUserLevel.None);
3. var section = configuration.GetSection(sectionToEncrypt);
4. section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
5. section.SectionInformation.ForceSave = true;
6. configuration.Save(ConfigurationSaveMode.Modified);
到达第6行会返回一个错误:
Reaching at line 6 it returns me with an error:
System.Configuration.ConfigurationErrorsException
HResult=0x80131902
Inner Exception 1:
UnauthorizedAccessException:
Access to the path 'C:\Program Files (x86)\<AppDirectory>\5tkbxj1v.tmp' is denied.
对此的任何投入都会很亲切.
Any inputs for this will be gracious.
提前感谢您的帮助!
推荐答案
仅 InstallExecuteSequence 中 InstallInitialize 和 InstallFinalize 升高.除非已经从已经提升的 cmd.exe 提示符下启动了整个MSI,否则其余的设置都具有正常的用户权限.
Only the sub-section of the InstallExecuteSequence between InstallInitialize and InstallFinalize runs elevated. The rest of the setup has normal user rights, unless the whole MSI has been launched from an already elevated cmd.exe prompt.
MSI中的标准操作运行较高,但是对于自定义操作,仅在没有权限的情况下运行的延迟模式自定义操作在具有提升权限的系统上下文中运行.它们只能存在于InstallInitialize和InstallFinalize之间.
Standard actions in the MSI run elevated, but with regards to custom actions only deferred mode custom actions running without impersonation run in system context with elevated rights. They can only exist between InstallInitialize and InstallFinalize.
在InstallFinalize之后插入立即模式自定义操作,这是一个非常常见的错误,该操作试图在特权位置"中调整"系统.在安全环境中或在没有完全管理员权限的情况下运行安装程序时,这将始终失败.即使您将有问题的文件的ACL设置为可由标准用户写入,但由于一些非常技术性的原因,在企业部署过程中它也往往会失败.
It is a very common error to insert immediate mode custom actions after InstallFinalize that try to "tweak" the system in "privileged locations". This will always fail in secure environments or when the setup is run without full admin rights. Even if you set the ACL for the file in question to be writable by standard users, it tends to fail during corporate deployment for several very technical reasons.
您是否在GUI中从用户检索连接字符串?您应该能够在即时模式下使用DLL自定义操作对从用户检索到的数据进行加密,然后在拥有提升权限的情况下使用延迟模式自定义操作写入配置文件.一点也不微不足道,但有可能.
Are you retrieving the connection string from the user in the GUI? You should be able to encrypt the data retrieved from the user with a DLL custom action in immediate mode, and then use a deferred mode custom action to write to the config file - when you have elevated rights. Not at all trivial, but possible.
请提供一些评论,以便我们对您的工作有所了解,我将看看是否可以找到有关延迟模式自定义操作的良好链接.
Please provide some comments so we know a bit more about what you are doing, and I will see if I can find a good link for deferred mode custom actions.
一些相关链接 :
Some Relevant Links:
这篇关于UnauthorizedAccessException:拒绝访问路径的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
