获取我的WPF应用程序的权利 [英] Get rights for my WPF application

问题描述

大家好，
我有一个问题要问你:
我已经开发了WPF应用程序并创建了它的安装文件(使用Visual Studio安装程序工具).
现在我有一个问题:
我的应用程序需要使用(读取和写入)一些文件.
每次访问这些文件的尝试都会失败(访问被拒绝).
这些文件保留在应用程序文件夹(C:\\ Programs files \ Application Folder ...)中，但可以保留在其他路径(桌面或用户文件夹)中.
如果我以管理员权限启动应用程序，则只能访问C:\\ program files \ application文件夹中的文件...
应用程序如何获得其他文件访问的权限?
对不起，我的英语不好:(
非常感谢，
Alessio.

Hi all,
I''ve a question for you:
I''ve developed a WPF Application and created it''s setup file (with the visual studio installer tool).
Now i''ve a problem:
My application needs to use (read and write) some files.
Every attempt to access to these files fails (Access denied).
These files stay in the application folder (C:\\Programs files\Application Folder...) but can stay in other paths (Desktop or User folder).
If I start application with administrator rights i have access only at files in C:\\program files\application folder ...
How the application gets the rights for the other files access?
Sorry for my poor english :(
Thanks a lot,
Alessio.

推荐答案

您可以简单地充当管理员并修改相关文件系统对象的权限，使应用程序能够以其默认权限访问它们. .但是这样做会很好吗?我会回答:这根本没有好处.因此，您还可以如何添加额外的权限?

该应用程序不能获得比启动该应用程序的用户更多的权限.要获得更多权限，最好的办法就是假设用户帐户已经具有管理权限，并由应用程序本身请求管理权限.在Windows 7中，仅以管理员身份登录不足以授予任何应用程序管理权限.此外，当操作系统给UAC您要允许..."消息框时，此类用户应要求仅确认此信息，以将权限提升到管理级别.解释如下:
http://en.wikipedia.org/wiki/User_Account_Control [ http://www.sevenforums.com/tutorials/11841-run-administrator.html [ ^ ].

应用程序所能做的就是从一开始就请求提升的权限.在这种情况下，用户将立即看到UAC对话框，并在最终要加载应用程序以供执行时确认或拒绝该请求.该选项在应用程序清单中规定. 无论做什么，除非您总体上降低了系统的安全级别，否则都无法绕过UAC对话框的用户确认.

请查看如何使用清单来请求海拔高度:
http://www.gregcons.com/KateBlog/AddingAManifestToAVistaApplication.aspx [ Abhinav 致谢，但不幸的是，它没有正确解释其作用；它确实真正提升了特权，只有请求.)

这是在Windows 7中禁用或关闭UAC的方法:
http://www.mydigitallife.info /how-to-disable-and-turn-off-uac-in-windows-7/ [ http://www.wintuts.com/Disable-UAC-for-certain-applications [ ^ ].

我的最终建议是:最好避免这种情况.对于应用程序而言，最好仅使用放置在预定义合法目录中的文件系统对象.对于只读访问，它可以是可执行目录或其子目录，但是对于读写访问，它应该是每个用户帐户预定义的特殊目录"之一，或者是所有用户"的目录. .NET库提供确定这些目录位置的标准方法.

我在过去的答案中提供了完整的代码以及如何找到这些目录的说明.请参阅:
如何找到我的程序目录 [如何找到我的程序目录 [
同样，最佳安全性是避免违反最佳安全实践原则.

—SA

You can simply act as an administrator and modify permissions of the file system objects in question, that the application will be able to access them with its default permissions. But would it be good to do so? I would answer: it''s no good at all. So, how else you can add extra permissions?

The application cannot possible get more rights than the user who starts the application. The best you can do to get more rights is to request administrative privileges by the application itself, assuming that the user account already has administrative rights. With Windows 7, just logging as Administrator is not enough to give any application administrative permission. Additionally, such user should request of just confirm this when given a UAC "Do you want to allow…" message box by the OS, to elevate the application permission to administrative level. This is explained here:
http://en.wikipedia.org/wiki/User_Account_Control[^].

From the user standpoint, there are different ways to do it:
http://www.sevenforums.com/tutorials/11841-run-administrator.html[^].

All the application can do is to request the elevated permission from the very beginning. In this case, the user will see the UAC dialog immediately and will be confirm or deny the request when the application is about to be finally loaded for execution. This option be prescribed in the application manifest. Whatever you do, there is no a way to bypass the user confirmation with the UAC dialog, unless you reduce the safety level of the system in general.

Please see how can you request the elevation using the manifest:
http://www.gregcons.com/KateBlog/AddingAManifestToAVistaApplication.aspx[^].

(Credit to Abhinav who provided the reference above, but unfortunately did not interpret its effect correctly; it does really elevate the privileges, only requests.)

Here is how you can disable or turn off UAC in Windows 7:
http://www.mydigitallife.info/how-to-disable-and-turn-off-uac-in-windows-7/[^].

I strongly recommend to avoid doing it.

However, instructions to "disable UAC for certain applications" circulate. Please see:
http://www.wintuts.com/Disable-UAC-for-certain-applications[^].

And my final advice is: better avoid it. It''s the best for the application to use only file system object placed in predefined legitimate directories. For read-only access, it could be the executable directory, or its sub-directory, but for read-write access, it should be one of the "special directories" predefined per user account, or the one for "all users". The .NET libraries provides standard ways to determine the location of these directories.

I provide complete code and explanation of how to find these directories in my past answers. Please see:
How to find my programs directory[^] (executable directory),
How to find my programs directory[^] ("special" directories).

Again, best security is to avoid violation of the principles of best safety practices.

—SA

这篇关于获取我的WPF应用程序的权利的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！