对 Program Files 文件夹的写访问权限

发布于 2024-08-10 09:31:16 字数 977 浏览 4 评论 0原文

我的应用程序包含一个用于更新应用程序的自更新程序可执行文件。

更新程序执行的首要步骤之一是检查它是否具有对应用程序文件夹

的写入权限 IPermission perm = new FileIOPermission(FileIOPermissionAccess.AllAccess, _localApplicationCodebase);

        if (!SecurityManager.IsGranted(perm))
        {
            OnProgressChanged("Security Permission Not Granted \n The updater does not have read/write access to the application's files (" +
                              _localApplicationCodebase + ")",MessageTypes.Error);
            return false;
        }

        OnProgressChanged("Updater have read/write access to local application files at " + _localApplicationCodebase);
        return true;

在 Win7/Vista 下执行时,此代码通过(意味着根据 CAS,该代码确实具有写入权限),但是当我尝试写入文件时,我收到拒绝访问(并且我确认这些文件未在使用中)

我了解 Vista/Win7 UAC 正在阻止用户在程序文件文件夹中写入文件。但是,我不明白的是,如果实际上不是的话,为什么会授予权限呢?

问候,

Eric Girard

PS:如果我使用“以管理员身份运行”运行相同的代码,它可以正常工作

my application include a self-updater executable that is used to update the application.

One of the first steps the updater is performing is to check that it does have write permission to the application folder


IPermission perm = new FileIOPermission(FileIOPermissionAccess.AllAccess, _localApplicationCodebase);

        if (!SecurityManager.IsGranted(perm))
        {
            OnProgressChanged("Security Permission Not Granted \n The updater does not have read/write access to the application's files (" +
                              _localApplicationCodebase + ")",MessageTypes.Error);
            return false;
        }

        OnProgressChanged("Updater have read/write access to local application files at " + _localApplicationCodebase);
        return true;

When executing under Win7/Vista, this code pass (meaning that according to CAS, the code does have write access), however when I try to write files, I got an Access Denied (and I confirmed that the files are NOT in use)

I understand that Vista/Win7 UAC is preventing users from writing files in the program files folders. However, what I don't understand is why the permission is granted if in reality it is not

Regards,

Eric Girard

PS : If I run the same code using 'Run As Administrator', it works fine

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

一人独醉 2024-08-17 09:31:16

关于 UAC 需要了解的重要一点是,默认情况下,没有代码以管理员权限运行,因此无法写入 Program Files 目录。即使您以管理员身份登录,应用程序也会以标准用户权限启动。

有两种方法可以解决这个问题。您可以让用户使用“以管理员身份运行”菜单项启动应用程序。但这依赖于用户记住一些东西。更好的方法是嵌入清单到您的请求管理员权限的可执行文件。在清单中,将requestedExecutionLevel 设置为requireAdministrator。这将导致 UAC 在应用程序启动后立即提示用户输入管理员凭据。

正如丹尼尔所说,最好的解决方案是将更新功能放在单独的应用程序中。您的主应用程序将有一个清单,将requestedExecutionLevel 设置为“asInvoker”,并且您的更新程序应用程序将请求设置为“requireAdministrator”。您的主应用程序可以使用标准权限运行。但是,当需要进行更新时,请使用 Process.Start 启动需要用户输入管理凭据的更新程序应用程序。

The important thing to know about UAC is that by default, no code runs with Administrator privileges and thus cannot write to the Program Files directory. Even if you are logged in as an administrator, the apps are launched with standard user privliges.

There are two ways around this. You can have the user start the app with the Run As Administrator menu item. But this relies on the user to remember something. The better was is to embed a manifest into your executable that requests administrator privileges. In the manifest, set requestedExecutionLevel to requireAdministrator. This will cause UAC to prompt the user for admin credentials as soon as the app starts.

As Daniel said, the best solution is to put the updating functionality in a separate application. Your primary app will have an manifest that sets the requestedExecutionLevel to "asInvoker" and your updater app with request "requireAdministrator". Your primary app can run with standard privileges. But when the update needs to happen, use Process.Start to launch the updater application that requires the user to enter the admin credentials.

另类 2024-08-17 09:31:16

编写自动更新程序的最佳方法是拥有辅助应用程序。第一个程序以提升的权限调用第二个程序,提示 UAC。然后第二个应用程序可以安装补丁。

The best way to write an auto updater is to have a secondary application. The first program calls the second with elevated privileges, prompting UAC. Then the second application can install the patches.

留蓝 2024-08-17 09:31:16

我不确定这是否是您想要做的,但我发现这篇文章很有帮助。包含的代码可让您检测您的应用程序是否在 Vista 上运行、UAC 是否已启用以及用户是否已提升。

http://www. itwriting.com/blog/198-c-code-to-detect-uac-elevation-on-vista.html

然后使用 runas 重新启动您的应用程序以让用户提升权限

ProcessStartInfo processInfo = new ProcessStartInfo();
processInfo.Verb = "runas";
processInfo.FileName = Application.ExecutablePath;
Process.Start(processInfo);

I'm not sure if this is what you're trying to do, but I've found this post helpful. The included code let's you detect if you're app is running on Vista, if UAC is enabled and if user is elevated.

http://www.itwriting.com/blog/198-c-code-to-detect-uac-elevation-on-vista.html

then restart your app with runas to let user elevate permissions

ProcessStartInfo processInfo = new ProcessStartInfo();
processInfo.Verb = "runas";
processInfo.FileName = Application.ExecutablePath;
Process.Start(processInfo);
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文