为某些操作请求应用程序的管理员权限(无专职管理员权限)
[英]Request admin right for app for some operation(no full time admin rights)
问题描述
I want to run application usually with normal rights but for some operations(Managing file associations for example) request admin rights. 
我想通常以普通权限运行应用程序,但对于某些操作(例如,管理文件关联)要求管理员权限。
Is it possible? 可能吗?
PS I know about manifest and requestedExecutionLevel but this is not a good solution. PS我知道manifest和requestExecutionLevel,但这不是一个好的解决方案。 I want aplication have admin rights for some period of time not always. 我希望应用程序在某些时间段内不总是具有管理员权限。
2 个解决方案
解决方案1
1 已采纳 2014-09-22 08:26:38
That is not possible unless you start a new process. 除非您开始一个新过程,否则这是不可能的。
You can do that with: 您可以执行以下操作:
var psi = new ProcessStartInfo();
psi.FileName = @"yourExe";
psi.Verb = "runas";
Process.Start(psi);
You could start the same application as you are currently running and pass a switch parameter so the problem knows it only has to execute a specific action. 您可以启动与当前正在运行的应用程序相同的应用程序,并传递一个switch参数,这样问题就知道它只需要执行特定的操作即可。
解决方案2
1 2014-09-22 09:51:55
You can use impersonation and the WindowsImpersonationContext Class to achieve your requirements. 您可以使用模拟和WindowsImpersonationContext类来满足您的要求。 The idea is that the application runs with normal permissions, but when you need to access something that has higher permissions, the application can provide the log in details of a user account that has the correct permissions. 想法是应用程序以正常权限运行,但是当您需要访问具有更高权限的内容时,应用程序可以提供具有正确权限的用户帐户的登录详细信息。 It would look something like this: 它看起来像这样:
using (ImpersonationManager impersonationManager = new ImpersonationManager())
{
impersonationManager.Impersonate(Settings.Default.MediaAccessDomain,
Settings.Default.MediaAccessUserName, Settings.Default.MediaAccessPassword);
// Perform restricted action as other user with higher permissions here
}
Note that this ImpersonationManager class is a custom class, so you won't find it on MSDN, but it just uses the SafeTokenHandle and other code from the linked page: 请注意,这ImpersonationManager类是一个自定义类,所以你不会找到它在MSDN上,但它只是使用了SafeTokenHandle和其他代码的链接页面:
private SafeTokenHandle safeTokenHandle;
private WindowsImpersonationContext impersonationContext;
const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
[DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
private static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, out SafeTokenHandle phToken);
public void Impersonate(string domain, string username, string password)
{
var isLoggedOn = LogonUser(username, domain, password, LOGON32_LOGON_NEW_CREDENTIALS, 0, out safeTokenHandle);
if (!isLoggedOn)
{
var errorCode = Marshal.GetLastWin32Error();
throw new ApplicationException(string.Format("Could not impersonate the elevated user. The LogonUser method returned error code {0}.", errorCode));
}
impersonationContext = WindowsIdentity.Impersonate(this.safeTokenHandle.DangerousGetHandle());
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.