User Access Control (UAC)

User Access Control

UAC是VISTA的一个新特性。UAC权限为USER权限,登陆用户集成了UAC的权限。程序在访问受保护资源时提示用户是否需要提高权限并进行该操作。这使得VISTA的安全性比以往Windows版本都要高。

UAC编程

通过以下步骤提供应用程序权限:

  1. 在项目中添加Manifest文件,默认为“appname.manifest”
  2. 编辑requestedExecutionLevel节点的level属性。
  3. uiAccess:应用程序是否需要更高的权限执行

 requestedExecutionLevel的level属性值:

  • requireAdministrator:需要管理员权限。如果当前用户不是管理员身份登陆,将出现登陆框给用户登陆
  • highestAvailable:应用程序在用户允许后获得当前用户权限
  • asInvoker:已当前用户身份执行

EXAMPLE:

<asmv1:assembly xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns:asmv2="urn:schemas-microsoft-com:asm.v2"
      xmlns:asmv1="urn:schemas-microsoft-com:asm.v1"
      xmlns="urn:schemas-microsoft-com:asm.v1" manifestversion="1.0">
  <assemblyidentity version="1.0.0.0" name="MyApplication.app">
  <trustinfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedprivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedexecutionlevel level="requireAdministrator" uiaccess="false">
      </requestedexecutionlevel>
    </requestedprivileges>
  </security>
</trustinfo>
</assemblyidentity>

 

 

 

 


typedef BOOL (WINAPI *PCreateWellKnownSid)(
  IN WELL_KNOWN_SID_TYPE WellKnownSidType,
  IN PSID DomainSid  OPTIONAL,
  OUT PSID pSid,
  IN OUT DWORD *cbSid
    );
BOOL GetProcessElevation(TOKEN_ELEVATION_TYPE* pElevationType, BOOL* pIsAdmin) 
{
HANDLE hToken = NULL;
DWORD dwSize;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
return(FALSE);
BOOL bResult = FALSE;
// Retrieve elevation type information
if (GetTokenInformation(hToken, TOKEN_INFORMATION_CLASS(18),pElevationType, sizeof(TOKEN_ELEVATION_TYPE), &dwSize)) 
{
// Create the SID corresponding to the Administrators group
BYTE adminSID[SECURITY_MAX_SID_SIZE];
dwSize = sizeof(adminSID);

HMODULE hModule = ::LoadLibrary("Advapi32.dll");
if (NULL == hModule)
{
CloseHandle(hToken);
return (FALSE);
}
PCreateWellKnownSid pCreateWellKnownSid = (PCreateWellKnownSid)::GetProcAddress(hModule,"CreateWellKnownSid");
if (NULL == pCreateWellKnownSid)
{
FreeLibrary(hModule);
CloseHandle(hToken);
return (FALSE);
}

pCreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, &adminSID,
&dwSize);
if (*pElevationType == TokenElevationTypeLimited) 
{
// Get handle to linked token (will have one if we are lua)
HANDLE hUnfilteredToken = NULL;
GetTokenInformation(hToken, TOKEN_INFORMATION_CLASS(19), (VOID*)
&hUnfilteredToken, sizeof(HANDLE), &dwSize);
// Check if this original token contains admin SID
if (CheckTokenMembership(hUnfilteredToken, &adminSID, pIsAdmin)) 
{
bResult = TRUE;
}
// Don't forget to close the unfiltered token
CloseHandle(hUnfilteredToken);
}
else 
{
*pIsAdmin = IsUserAnAdmin();
bResult = TRUE;
}
FreeLibrary(hModule);
}
// Don't forget to close the process token
CloseHandle(hToken);
return(bResult);

} 

posted @ 2011-07-27 16:45  ahuo  阅读(595)  评论(0编辑  收藏  举报