RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


A Programmer's Exploration of Vista's User Account Control : Page 2

Vista's User Account Control (UAC) improves security, but making it work smoothly requires a little more developer work. Find out what you need to know to code Vista UAC-aware applications.

Step 1: Use User-specific Directories in Code
It is essential that applications reference individual user directories to store or access data. Applications that use hard-coded paths or that access protected system directories—and that do not have an embedded manifest—will unceremoniously generate an access exception and crash. To avoid this always use the Environment.SpecialFolder enumeration in your managed code when refactoring or writing new applications. The following code shows an example:

   String path = Environment.GetFolderPath(
   FileInfo fi = new FileInfo(path + "ProgramData.txt");
   FileStream fstr = fi.Open(FileMode.Open);
Using the Environment.SpecialFolder enumeration value lets Vista determine the physical folder appropriate for the current user.

Figure 2. Setup Project Targeting the User's Application Data Folder: When building setup projects, add configuration files and user data files to the "User's Application Data Folder" item.
Step 2: Install Configuration and Data Files to User Data Directories
Windows Installer 4.0 provides support for installing user-specific data to the appropriate directories. In your setup projects, select "User's Application Data Folder in File System," and add your configuration and data files. Right-clicking on the setup project provides you with several options for packaging the output of your project. Figure 2 illustrates a properly configured setup project for output to the User's Application Data Folder. In Figure 2, the Primary Content Output contains the ProgramData.txt file which the installed application can access using the SpecialFolder object, as shown in the example code in the preceding section.

Step 3: Create an Application Manifest File
If you attempt to run an application on UAC-enabled Vista without an embedded manifest file, any code or user action—even attempting to display a simple file dialog—can throw unhandled security exceptions. There are many scenarios where you might need to elevate the UAC access level for standard users, especially when porting a legacy application to Vista, and a complete UAC-refactor is not possible. There are three privilege execution levels, as shown in Table 2.

Table 2. Manifest-specified Execution Levels: There are three levels available in an application manifest for invoking requested execution privileges.
Invocation Level in the Embedded Manifest Result with Default Consent Policy for Standard User
asInvoker The standard user token is used to start the process.
highestAvailable Prompt standard users for administrative credentials.
requireAdministrator Prompt standard users for administrative credentials.

Here's a sample application manifest that specifies the privilege execution level as asInvoker:

   <assembly xmlns="urn:schemas-microsoft-com:asm.v1" 
      <ms_asmv2:trustInfo xmlns:ms_asmv2=
               <ms_asmv2requestedExecutionLevel level="asInvoker">
Vista looks for the execution level whenever an application runs. Here's the general process:

  1. All users logged on to Vista have a current access token associated with the process that invokes the application. This is typically the standard user token.
  2. When the application is invoked, Vista checks to see if the application manifest specifies a requested execution level. If the application doesn't have an embedded manifest, Vista runs the application with the same permissions as the invoking process' access token.
  3. When a manifest is present, then the user experience and permissions are determined by a combination of three elements: the invoking process' access token, the requested execution level (asInvoker above), and the security prompt settings.
Following this process using the manifest shown above, Vista finds the manifest, determines that the requested execution level is asInvoker, and checks the requested level against the user's access token. When the user's access token is standard user, Vista will launch the application with standard user permissions.

If the application-requested execution level were highestAvailable or requireAdministrator instead, Vista would check the security prompt setting. The security prompt setting can automatically launch the application, deny such requests, or prompt for credentials, all depending on the invoking process' access token.

Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date