Introduce app.manifest administrator privileges to run in C# project

Original address: https://blog.csdn.net/qq395537505/article/details/51010962

参考UAC：User Account Control

Refer to IE protected mode: https://blog.csdn.net/xt_xiaotian/article/details/5336809

Open VS2005, VS2008, VS2010, VS2012, VS2013, VS2015 projects, and check whether there is app.manifest in the Properties folder in the project folder; if not, create it as follows: Right-click the project and select "Properties" in the menu. ", click the "Security" tab of the project properties, check "Enable ClickOnce security settings" in the Security tab, and select "This is a fully trusted application", save the project, and it has been automatically under Properties. The app.manifest file is generated.

Modify the default app.manifest file to

[html] view plain copy

1. <?xml version="1.0" encoding="utf-8"?>  
2. <asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">  
3.   <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>  
4.   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">  
5.     <security>  
6.       <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">  
7.         <!-- UAC manifest options  
8.             If you want to change the Windows User Account Control level, replace with one of the following nodes   
9.             requestedExecutionLevel node.  
10.   
11.         <requestedExecutionLevel  level="asInvoker" uiAccess="false" />  
12.         <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />  
13.         <requestedExecutionLevel  level="highestAvailable" uiAccess="false" />  
14.   
15.             Specifying the requestedExecutionLevel node will disable file and registry virtualization.  
16.             If you want to take advantage of file and registry virtualization to achieve backwards   
17.             compatibility, delete the requestedExecutionLevel node.  
18.         -->  
19.         <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />  
20.       </requestedPrivileges>  
21.     </security>  
22.   </trustInfo>  
23.   
24.   <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">  
25.     <application>  
26.       <!-- A list of all versions of Windows for which this application is designed. Windows will automatically choose the most compatible environment. -->  
27.   
28.       <!-- If the application is designed to use Windows 7, uncomment the supportedOS node below -->  
29.       <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>-->  
30.   
31.     </application>  
32.   </compatibility>  
33.   
34.   <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->  
35.   <!-- <dependency>  
36.     <dependentAssembly>  
37.       <assemblyIdentity  
38.           type="win32"  
39.           name="Microsoft.Windows.Common-Controls"  
40.           version="6.0.0.0"  
41.           processorArchitecture="*"  
42.           publicKeyToken="6595b64144ccf1df"  
43.           language="*"  
44.         />  
45.     </dependentAssembly>  
46.   </dependency>-->  
47.   
48. </asmv1:assembly>  

Modify the <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> node.

After the configuration file is modified, when we run the application, such a prompt box will pop up first. After clicking Yes, the program can continue to run.

By the way, there is also a way to know whether the program is running with administrator privileges:

[csharp] view plain copy

1. public bool IsAdministrator()  
2. {  
3.      WindowsIdentity identity = WindowsIdentity.GetCurrent();  
4.      WindowsPrincipal principal = new WindowsPrincipal(identity);  
5.      return principal.IsInRole(WindowsBuiltInRole.Administrator);  
6. }  

 

For the UAC execution permission level referenced in the XML file, it represents the following meanings:

         asInvoker : The application is running with the current permissions.

         highestAvailable: This runs with the highest privilege available to the current user.

         requireAdministrator: This is only run with system administrator privileges.

         By default it is asInvoker.

         Both options, highestAvailable and requireAdministrator, prompt the user for system administrator privileges. So what is the difference between these two options?

         The difference between them is that if we are not logged in as an administrator account, then if the application is set to requireAdministrator, the application will fail to run directly and cannot be started. And if it is set to highestAvailable, the application can run successfully, but it runs with the permissions of the current account instead of the system administrator permissions. If we want the program to run when a non-administrator account is logged in (in this case, some functions should be restricted), it is recommended to use the highestAvailable configuration.