简体繁体 English

如何以IE保护模式（从托管BHO）访问AppData

[英]How to Access AppData in IE Protected Mode (from a Managed BHO)

原文 2010-01-02 20:39:25 8 4 c#/ internet-explorer/ bho/ protected-mode

I am writing an IE Extension (BHO) in C#. 我正在用C＃编写IE扩展（BHO）。 When run in protected mode (IE's new UAC-compliant mode which forces all extensions to run at low-integrity), it fails because it cannot access user.config in the appdata folder. 当以保护模式运行（IE的新UAC兼容模式，该模式强制所有扩展以低完整性运行）时，它将失败，因为它无法访问appdata文件夹中的user.config。

Is there some way to mark files are readable by lower-integrity processes? 有什么方法可以将文件标记为低完整性进程可读？

Failing that, is there some way to force the BHO to run at medium-level integrity? 如果失败，是否有某种方法可以迫使BHO以中等级别的完整性运行？

Failing that, is there some way to create a low-integrity symlink in the low-integrity folders which points to a medium-integrity file in AppData? 如果失败，是否有某种方法可以在低完整性文件夹中创建低完整性符号链接，该链接指向AppData中的中完整性文件？

Failing that, is there some way to force the application to use a user.config file in the LocalLow folder? 失败了，是否有某种方法可以强制应用程序使用LocalLow文件夹中的user.config文件？ How do I get the path for this folder in .net (it's not listed under Environment.SpecialFolder)? 如何在.net中获取此文件夹的路径（未在Environment.SpecialFolder下列出）？ Will I be able to fall back with users running XP or who turn protected mode off, without losing all their user.config data? 我能否在不丢失所有user.config数据的情况下回退到运行XP的用户或关闭保护模式的用户？

4 个解决方案

There's one approach that is not especially elegant but you can start another (broker)process with medium level integrity which can do the 'dirty work' and use IPC to communicate with it. 有一种方法不是特别优雅，但是您可以启动具有中等级别完整性的另一个（代理）过程，该过程可以完成“肮脏的工作”并使用IPC与之通信。 To make your life easier I would suggest you to use sockets for communication because they don't require security check which can be tricky when you have communication between processes with different integrity levels. 为了使您的生活更轻松，我建议您使用套接字进行通信，因为它们不需要安全检查，当您在具有不同完整性级别的进程之间进行通信时，这很棘手。

In order to skip UAC warning when you spawn new process you can modify BHO registration script and add few registry values that will inform IE to silently elevate new process to medium level. 为了在生成新进程时跳过UAC警告，可以修改BHO注册脚本并添加一些注册表值，这些值将通知IE将新进程静默提升到中等级别。

You can find more information here: http://msdn.microsoft.com/en-us/library/bb250462(VS.85).aspx#wpm_elebp 您可以在这里找到更多信息： http : //msdn.microsoft.com/zh-cn/library/bb250462(VS.85).aspx#wpm_elebp

我将从保护模式Internet Explorer参考开始。

You get a one-shot privileged access during RegisterBHO. 在RegisterBHO期间，您将获得一键式特权访问。 After that you are in protected mode. 之后，您将进入保护模式。

If you need to change long term storage during the runtime of the BHO, I have found that the registry is the best place. 如果您需要在BHO的运行期间更改长期存储，我发现注册表是最好的地方。 Your changes will be only visible to you, but they will persist. 您所做的更改仅对您可见，但它们将保持不变。

我建议您编写自己的SettingsProvider，将其保存在System.IO.IsolatedStorage中。