wyDay blog

One of the great things about Vista and Windows 7 is the user isolation. Even admin users need to “elevate” their account to make system changes. Take this Date and Time dialog from Windows 7 as an example:

Every user can view the Date and time, but only administrators can change it.

Adding this ability to your .NET application

Although this series of articles is called “7 days of Windows 7” this particular article is applicable to Windows 2000 – Windows 7.

Step 1. Do we have permission?

The first step is to check if we can write to system registry or system files & folders. There are many ways to do this, but the easiest method is a simple Windows API call:

// check if user is an admin for Windows 2000 and above
[DllImport("shell32.dll", EntryPoint = "#680", CharSet = CharSet.Unicode)]
public static extern bool IsUserAnAdmin();

This will return false if you’re a limited user on Windows 2000 – Windows 7, and will also return false if you are an admin but aren’t elevated on Windows Vista and Windows 7.

In other words, it will return false if you don’t have permission to access system files & registry. And ‘ IsUserAnAdmin” returns true if you do have permission.

Step 2. Notifying the user that elevation will happen: UAC Shield Icon

To set the shield icon to one of your buttons you have to do a few things. First, set the FlatStyle of your button to “System”:

Next, you need to define a couple of functions:

public static bool AtLeastVista()
{
    return (Environment.OSVersion.Platform == PlatformID.Win32NT && Environment.OSVersion.Version.Major >= 6);
}

[DllImport("user32.dll", CharSet = CharSet.Unicode)]
public static extern IntPtr SendMessage(HandleRef hWnd, UInt32 Msg, IntPtr wParam, IntPtr lParam);

public static void SetButtonShield(Button btn, bool showShield)
{
    //Note: make sure the button FlatStyle = FlatStyle.System
    // BCM_SETSHIELD = 0x0000160C
    SendMessage(new HandleRef(btn, btn.Handle), 0x160C, IntPtr.Zero, showShield ? new IntPtr(1) : IntPtr.Zero);
}

Now, simply use this snippet in your code:

…
// UAC Shield on next button for Windows Vista+
if (AtLeastVista())
    SetButtonShield(btnName, true);
…

Step 3. Re-launching process with administrator privileges

All we have to do now is show the elevation dialog and elevate the current program. You might want to specify some arguments, but the barebones of it is as follows:

ProcessStartInfo psi = new ProcessStartInfo
                           {
                               Arguments = "-justelevated",
                               ErrorDialog = true,

                               // Handle is the handle for your form
                               ErrorDialogParentHandle = Handle,
                               FileName = Application.ExecutablePath,
                               Verb = "runas"
                           };
try
{
    Process.Start(psi);
    Close();
}
catch (Exception ex)
{
    // the process couldn't be started. This happens for 1 of 3 reasons:

    // 1. The user cancelled the UAC box
    // 2. The limited user tried to elevate to an Admin that has a blank password
    // 3. The limited user tries to elevate as a Guest account
    MessageBox.Show(ex.Message);
}

Step 4. Code signing

Chances are that if you try to elevate your application you’ll get an ugly yellow elevation box:

To get the nice UAC box you’ll need to code sign your application. I won’t link to any code signing providers (because the list is huge), but you can get a code signing certificate from anywhere between $100 for 3 years to $400 or $500 for a single year. It depends on the company you use and the amount of searching you want to do.

7 Days of Windows 7

Join me tomorrow when I talk about Every possible Windows Vista and Windows 7 .NET Control You could ever want. See the full list of articles in the series.