코드로 관리자 권한 상승 시키기

관리자 권한 상승 시키기

Add a UAC shield to a button when elevation is required for admin tasks

By hackman3vilGuy, 22 Apr 2007

4.51 (28 votes)

• Download source code - 46.8 KB

IniUtils_src.zip

Introduction

Any application that does not always need administrator privileges should not run with them by default. However, when a user wants to perform a task that requires elevation, you need to show them that this is required by displaying the Vista shield icon. When this is clicked, your application will then need to restart with administrator privileges. Interested? Then read on...

Making the VistaSecurity Class

First we need to create a VistaSecurity class. Inside it we need the SendMessage API.

 Collapse | Copy Code

[DllImport("user32")]
public static extern UInt32 SendMessage
    (IntPtr hWnd, UInt32 msg, UInt32 wParam, UInt32 lParam);

internal const int BCM_FIRST = 0x1600; //Normal button
internal const int BCM_SETSHIELD = (BCM_FIRST + 0x000C); //Elevated button

First, before we add a shield, we need to know if the process is elevated or not which is easily done. To add a shield to a button, make sure that the button uses FlatStyle.System and then sends the appropriate message using the API. The important API function parameters are the handle of the button and the BCM_SETSHIELD message.

 Collapse | Copy Code

static internal bool IsAdmin()
{
    WindowsIdentity id = WindowsIdentity.GetCurrent();
    WindowsPrincipal p = new WindowsPrincipal(id);
    return p.IsInRole(WindowsBuiltInRole.Administrator);
}

static internal void AddShieldToButton(Button b)
{
    b.FlatStyle = FlatStyle.System;
    SendMessage(b.Handle, BCM_SETSHIELD, 0, 0xFFFFFFFF);
}

We then need a way to elevate the process if required. We just restart the process with the "runas" Verb. The current unelevated process is then exited unless the System.ComponentModel.Win32Exception is thrown, as this indicates that the user has clicked Cancel on the UAC prompt.

 Collapse | Copy Code

internal static void RestartElevated()
{
    ProcessStartInfo startInfo = new ProcessStartInfo();
    startInfo.UseShellExecute = true;
    startInfo.WorkingDirectory = Environment.CurrentDirectory;
    startInfo.FileName = Application.ExecutablePath;
    startInfo.Verb = "runas";
    try
    {
        Process p = Process.Start(startInfo);
    }
    catch(System.ComponentModel.Win32Exception ex)
    {
        return;
    }

    Application.Exit();
}

That's it for the VistaSecurity class.

Using the code

On the form, you need the following code in your constructor after InitializeComponent which will add the shield.

 Collapse | Copy Code

if (!VistaSecurity.IsAdmin())
{
    this.Text += " (Standard)"; //Unnecessary
    VistaSecurity.AddShieldToButton(buttonGetElevation); //Important
}
else
    this.Text += " (Elevated)";

When the button is clicked we need to check if you have permission to perform the required action or elevate.

 Collapse | Copy Code

if (VistaSecurity.IsAdmin())
{
    DoAdminTask();
}
else
{
    VistaSecurity.RestartElevated();
}

Well, that's how to display a shield and get elevation!

Points of Interest

For the admin task in this demo, I added a file VISTA.TXT to All Users' start menu at\ProgramData\Microsoft\Windows\Start Menu\. To get rid of the file, run the demo again (admin credentials may be required!). The Try Admin Task button just tries to create the file without asking for elevation.

History

• 22 Apr 07 - Article written
• 24 Apr 07 - Checking of Administrator account works for non-English versions of Windows by usingWindowsBuiltInRole.Administrator instead of a non-localized string. In DoAdminTask(), MessageBoxesshow what has been done, more error catching added, and an Environment.SpecialFolder is used to get the path.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

출처 : http://www.codeproject.com/Articles/18509/Add-a-UAC-shield-to-a-button-when-elevation-is-req

아래의 내용은 정성태 님의 블로그 내용 입니다.

저도 많이 참고가 되었네요...

===== Program.cs =====
static class Program
{
    [STAThread]
    static void Main()
    {
        if (IsAdministrator() == false)
        {
            try
            {
                ProcessStartInfo procInfo = new ProcessStartInfo();
                procInfo.UseShellExecute = true;
                procInfo.FileName = Application.ExecutablePath;
                procInfo.WorkingDirectory = Environment.CurrentDirectory;
                procInfo.Verb = "runas";
                Process.Start(procInfo);
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message.ToString());
            }

            return;
        }

        Application.EnableVisualStyles();
        Application.SetCompatibleTextRenderingDefault(false);
        Application.Run(new Form1());
    }

    public static bool IsAdministrator()
    {
        WindowsIdentity identity = WindowsIdentity.GetCurrent();

        if (null != identity)
        {
            WindowsPrincipal principal = new WindowsPrincipal(identity);
            return principal.IsInRole(WindowsBuiltInRole.Administrator);
        }

        return false;
    }
}

===== Form1.cs =====
public partial class Form1 : Form
{
    public Form1()
    {
        InitializeComponent();

        if (Program.IsAdministrator() == true)
        {
            this.Text += " (Administrator)";
        }
    }
}
[출처] ClickOnce - 관리자 권한 상승하는 방법|작성자 techshare

출처 : http://blog.naver.com/techshare?Redirect=Log&logNo=100116699724