User Access Control (UAC)

User Access Control

UAC是VISTA的一个新特性。UAC权限为USER权限，登陆用户集成了UAC的权限。程序在访问受保护资源时提示用户是否需要提高权限并进行该操作。这使得VISTA的安全性比以往Windows版本都要高。

UAC编程

通过以下步骤提供应用程序权限：

1. 在项目中添加Manifest文件，默认为“appname.manifest”
2. 编辑requestedExecutionLevel节点的level属性。
3. uiAccess：应用程序是否需要更高的权限执行

 requestedExecutionLevel的level属性值:

• requireAdministrator:需要管理员权限。如果当前用户不是管理员身份登陆，将出现登陆框给用户登陆
• highestAvailable:应用程序在用户允许后获得当前用户权限
• asInvoker:已当前用户身份执行

EXAMPLE:

<asmv1:assembly xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns:asmv2="urn:schemas-microsoft-com:asm.v2"
      xmlns:asmv1="urn:schemas-microsoft-com:asm.v1"
      xmlns="urn:schemas-microsoft-com:asm.v1" manifestversion="1.0">
  <assemblyidentity version="1.0.0.0" name="MyApplication.app">
  <trustinfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedprivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedexecutionlevel level="requireAdministrator" uiaccess="false">
      </requestedexecutionlevel>
    </requestedprivileges>
  </security>
</trustinfo>
</assemblyidentity>


 

 

 

 

typedef BOOL (WINAPI *PCreateWellKnownSid)(

  IN WELL_KNOWN_SID_TYPE WellKnownSidType,

  IN PSID DomainSid  OPTIONAL,

  OUT PSID pSid,

  IN OUT DWORD *cbSid

    );

BOOL GetProcessElevation(TOKEN_ELEVATION_TYPE* pElevationType, BOOL* pIsAdmin) 

{

HANDLE hToken = NULL;

DWORD dwSize;

if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))

return(FALSE);

BOOL bResult = FALSE;

// Retrieve elevation type information

if (GetTokenInformation(hToken, TOKEN_INFORMATION_CLASS(18),pElevationType, sizeof(TOKEN_ELEVATION_TYPE), &dwSize)) 

{

// Create the SID corresponding to the Administrators group

BYTE adminSID[SECURITY_MAX_SID_SIZE];

dwSize = sizeof(adminSID);

HMODULE hModule = ::LoadLibrary("Advapi32.dll");

if (NULL == hModule)

{

CloseHandle(hToken);

return (FALSE);

}

PCreateWellKnownSid pCreateWellKnownSid = (PCreateWellKnownSid)::GetProcAddress(hModule,"CreateWellKnownSid");

if (NULL == pCreateWellKnownSid)

{

FreeLibrary(hModule);

CloseHandle(hToken);

return (FALSE);

}

pCreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, &adminSID,

&dwSize);

if (*pElevationType == TokenElevationTypeLimited) 

{

// Get handle to linked token (will have one if we are lua)

HANDLE hUnfilteredToken = NULL;

GetTokenInformation(hToken, TOKEN_INFORMATION_CLASS(19), (VOID*)

&hUnfilteredToken, sizeof(HANDLE), &dwSize);

// Check if this original token contains admin SID

if (CheckTokenMembership(hUnfilteredToken, &adminSID, pIsAdmin)) 

{

bResult = TRUE;

}

// Don't forget to close the unfiltered token

CloseHandle(hUnfilteredToken);

}

else 

{

*pIsAdmin = IsUserAnAdmin();

bResult = TRUE;

}

FreeLibrary(hModule);

}

// Don't forget to close the process token

CloseHandle(hToken);

return(bResult);

}