Adding a UAC Manifest to Managed Code
The UAC feature of Vista is one of my favorite new features -- it really makes running as a non-admin much less painful than it has been in the past. One of the requirements that UAC puts on developers is that we must mark our applications with manifests which declare if the application would like to run elevated or not. Documentation for this manifest format can be found on MSDN, where you can find the schema and information about what the various settings mean.
If you'd like to add one of these manifests to your managed application, the steps are relatively straight forward:
- Create a manifest resource
- Compile the resource
- Embed it in your application
1. Create a manifest resource
The first step is to create a resource file containing your manifest. The manifest should be of type RT_MANIFEST, and have id 1 for an exe (id 2 for a dll). For instance, the resource script for an exe that does not need to elevate might be saved in UacManifest.rc and look like this:
#include <winuser.h>
#define IDR_MANIFEST 1 // 2 for a DLL
IDR_MANIFEST RT_MANIFEST MOVEABLE PURE
{
"<assembly xmlns=""urn:schemas-microsoft-com:asm.v1"" manifestVersion=""1.0"">
<asmv3:trustInfo xmlns:asmv3=""urn:schemas-microsoft-com:asm.v3"">
<asmv3:security>
<asmv3:requestedPrivileges>
<asmv3:requestedExecutionLevel
level=""asInvoker""
uiAccess=""false"" />
</asmv3:requestedPrivileges>
</asmv3:security>
</asmv3:trustInfo>
</assembly>"
}
2. Compile the resource
You'll need to install the Platform SDK for this step so that you have access to the rc tool and the winuser.h header. Once you've gotten the SDK setup, you can then compile your resource script into a .res file:
C:\src\App>rc.exe UacManifest.rc
Which will create a UacManifest.res for you.
3. Embed it in your application
Now that you've compiled your .res file, you can pass it to your managed compiler when building your application to embed in your exe. The exact switch will vary depending on your compiler:
| Compiler | Switch |
| C# | /win32res |
| VB | /win32resource |
| ILAsm | /resource |
| AL | /win32res |
You can also select the resource file in the project properties in Visual Studio.
Comments
Anonymous
April 06, 2006
Please, add an <assemblyIdentity> to the sample. Give it a random name, I don't care. But I don't like assembly without assembly name.Anonymous
April 07, 2006
Yet another note to self, must get round to reading these in detail: -- Microsoft Windows Vista Developer Center : Developer Best Practices and Guidelines for Applications in a Least Privileged Environment -- Adding a UAC Manifest to Managed Code...Anonymous
April 20, 2006
&nbsp;
Web Resources
&nbsp;
[Mobile and Embedded Development] Microsoft...Anonymous
August 24, 2006
With our current developer tools, there's no immediately obvious way to embed a manifest in a managed...Anonymous
October 11, 2006
With our current developer tools, there's no immediately obvious way to embed a manifest in a managedAnonymous
October 13, 2006
PingBack from http://systemsengineering.wordpress.com/2006/10/13/adding-a-manifest-to-a-vista-application/Anonymous
November 06, 2006
The comment has been removedAnonymous
November 14, 2006
Thanks for the tip Herbert!Anonymous
February 13, 2007
You lose more than the application icon. It appears like you lose the Assembly version information as well. So now you have to duplicate the VERSIONINFO resource as well, instead of relying on the [assembly: ...] attribute that you could embed in your project.Anonymous
March 05, 2007
Entweder Orcas verwenden (built in support for manifest integration) oder http://blogs.msdn.com/shawnfa/archive/2006/04/06/568563.aspxAnonymous
April 19, 2007
转载:如何通过添加Manifest指定程序在Vista上面需要提升权限运行(Elevated)Anonymous
May 11, 2007
If you authenticode sign the assembly, you get the friendly "Continue/Cancel" consent UAC prompt. However, it shows the application name as [...].tmp which is not friendly. Any idea how to specify the application/assembly name? The <assemblyIdentity> element doesn't seem to have any effect.