对Program Files文件夹的写访问权限 [英] Write Access to Program Files folder

问题描述

我的应用程序包括一个用于更新应用程序的自更新程序可执行文件。

my application include a self-updater executable that is used to update the application.

更新程序执行的第一步就是检查它是否具有对应用程序文件夹的写权限

One of the first steps the updater is performing is to check that it does have write permission to the application folder


IPermission perm = new FileIOPermission（FileIOPermissionAccess.AllAccess，_localApplicationCodebase）;

IPermission perm = new FileIOPermission(FileIOPermissionAccess.AllAccess, _localApplicationCodebase);

        if (!SecurityManager.IsGranted(perm))
        {
            OnProgressChanged("Security Permission Not Granted \n The updater does not have read/write access to the application's files (" +
                              _localApplicationCodebase + ")",MessageTypes.Error);
            return false;
        }

        OnProgressChanged("Updater have read/write access to local application files at " + _localApplicationCodebase);
        return true;

在Win7 / Vista下执行时，此代码通过（根据CAS的说法，该代码确实具有写访问权），但是，当我尝试写文件时，我获得了访问被拒绝（并且我确认文件未在使用中） ）

When executing under Win7/Vista, this code pass (meaning that according to CAS, the code does have write access), however when I try to write files, I got an Access Denied (and I confirmed that the files are NOT in use)

我了解Vista / Win7 UAC阻止用户将文件写入程序文件文件夹中。但是，我不明白的是为什么在实际上不授予许可的原因

I understand that Vista/Win7 UAC is preventing users from writing files in the program files folders. However, what I don't understand is why the permission is granted if in reality it is not

问候

Eric Girard

Eric Girard

PS：如果我使用以管理员身份运行运行相同的代码，则可以正常运行

PS : If I run the same code using 'Run As Administrator', it works fine

推荐答案

有关UAC的重要信息是，默认情况下，没有代码以管理员权限运行，因此无法将其写入Program Files目录。即使您以管理员身份登录，应用程序也将使用标准用户权限启动。

The important thing to know about UAC is that by default, no code runs with Administrator privileges and thus cannot write to the Program Files directory. Even if you are logged in as an administrator, the apps are launched with standard user privliges.

有两种解决方法。您可以让用户使用以管理员身份运行菜单项启动应用程序。但这依赖于用户记住一些东西。更好的方法是将嵌入清单到您的请求管理员特权的可执行文件。在清单中，将requestedExecutionLevel设置为requireAdministrator。应用程序启动后，这将导致UAC提示用户输入管理员凭据。

There are two ways around this. You can have the user start the app with the Run As Administrator menu item. But this relies on the user to remember something. The better was is to embed a manifest into your executable that requests administrator privileges. In the manifest, set requestedExecutionLevel to requireAdministrator. This will cause UAC to prompt the user for admin credentials as soon as the app starts.

如丹尼尔所说，最好的解决方案是将更新功能放在单独的应用程序中。您的主应用程序将具有一个清单，该清单将requestedExecutionLevel设置为 asInvoker，而更新器应用程序将其请求设置为 requireAdministrator。您的主应用程序可以标准权限运行。但是，当需要进行更新时，请使用Process.Start启动需要用户输入管理员凭据的更新程序应用程序。

As Daniel said, the best solution is to put the updating functionality in a separate application. Your primary app will have an manifest that sets the requestedExecutionLevel to "asInvoker" and your updater app with request "requireAdministrator". Your primary app can run with standard privileges. But when the update needs to happen, use Process.Start to launch the updater application that requires the user to enter the admin credentials.

这篇关于对Program Files文件夹的写访问权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！