如何提升 .net 应用程序权限? [英] How to elevate .net application permissions?

问题描述

我有一个应用程序，它会在启动时检查更新，如果找到更新，它会通过网络将一些文件复制到程序文件文件夹中.显然，在正常情况下，标准用户无法执行此类任务.

I have an application that would check for updates upon start and, if updates are found, it would copy some files over the network to the program files folder. Obviously such task can't be performed by Standard Users under normal scenarios.

我尝试创建一个服务来执行更新过程，但我遇到了一些安全问题并且我在超级用户中询问了这个问题.

I tried creating a service to do the update process but I had some security issues and I asked this question about it in superusers.

现在，考虑到大多数应用程序需要提升权限才能执行此类任务，我认为这可能是正确的方法.但是我如何在所有 Windows 版本(包括 XP)下请求提升更新程序.我发现了很多关于清单文件的主题，但是由于我需要它来与 XP 一起使用，因此我无法专门为 UAC.

Now, considering the fact that most applications require elevated privileges to perform such task I think that might be the right approach. But how do I request elevation for the updater under all Windows version as of XP, included. I've found many topics about a manifest file, but since I need this to work with XP I can't create a solution specifically for UAC.

推荐答案

权限只能在进程启动时提升；无法提升正在运行的进程的权限.为了提升现有应用程序，必须使用动词runas"创建应用程序进程的新实例:

Privileges can only be elevated at startup for a process; a running process' privileges cannot be elevated. In order to elevate an existing application, a new instance of the application process must be created, with the verb "runas":

private static string ElevatedExecute(NameValueCollection parameters)
{
    string tempFile = Path.GetTempFileName();
    File.WriteAllText(tempFile, ConstructQueryString(parameters));

    try
    {
        ProcessStartInfo startInfo = new ProcessStartInfo();
        startInfo.UseShellExecute = true;
        startInfo.WorkingDirectory = Environment.CurrentDirectory;
        Uri uri = new Uri(Assembly.GetExecutingAssembly().GetName().CodeBase);
        startInfo.FileName = uri.LocalPath;
        startInfo.Arguments = "\"" + tempFile + "\"";
        startInfo.Verb = "runas";
        Process p = Process.Start(startInfo);
        p.WaitForExit();
        return File.ReadAllText(tempFile);
    }
    catch (Win32Exception exception)
    {
        return exception.Message;
    }
    finally
    {
        File.Delete(tempFile);
    }
}

在用户以管理员身份确认执行程序后，同一个应用程序的另一个实例在没有UI的情况下被执行；一个可以显示在没有提升权限的情况下运行的 UI，另一个可以在后台以提升的权限运行.第一个进程等待，直到第二个进程完成执行.有关详细信息和工作示例，您可以查看 MSDN 存档.

After the user confirms the execution of the program as administrator, another instance of the same application is executed without a UI; one can display a UI running without elevated privileges, and another one running in the background with elevated privileges. The first process waits until the second finishes its execution. For more information and a working example you can check out the MSDN archive.

为了防止在一些冗长的过程中出现所有这些对话恶作剧，您需要通过 在您的应用程序中嵌入适当的清单以要求highestAvailable"执行级别:这将导致您的应用程序启动后立即出现 UAC 提示，并导致所有子进程都以提升的权限运行，无需额外提示.

To prevent all this dialog shenanigans in the middle of some lengthy process, you'll need to run your entire host process with elevated permissions by embedding the appropriate manifest in your application to require the 'highestAvailable' execution level: this will cause the UAC prompt to appear as soon as your app is started, and cause all child processes to run with elevated permissions without additional prompting.

这篇关于如何提升 .net 应用程序权限?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！