Welcome to MSDN Blogs Sign in | Join | Help

Adding a UAC Manifest to Managed Code

The UAC feature of Vista is one of my favorite new features -- it really makes running as a non-admin much less painful than it has been in the past.  One of the requirements that UAC puts on developers is that we must mark our applications with manifests which declare if the application would like to run elevated or not.  Documentation for this manifest format can be found on MSDN, where you can find the schema and information about what the various settings mean.

If you'd like to add one of these manifests to your managed application, the steps are relatively straight forward:

  1. Create a manifest resource
  2. Compile the resource
  3. Embed it in your application

1. Create a manifest resource

The first step is to create a resource file containing your manifest.  The manifest should be of type RT_MANIFEST, and have id 1 for an exe (id 2 for a dll).  For instance, the resource script for an exe that does not need to elevate might be saved in UacManifest.rc and look like this:

#include <winuser.h>
#define IDR_MANIFEST 1 // 2 for a DLL

IDR_MANIFEST RT_MANIFEST MOVEABLE PURE
{
    "<assembly xmlns=""urn:schemas-microsoft-com:asm.v1"" manifestVersion=""1.0"">
       <asmv3:trustInfo xmlns:asmv3=""urn:schemas-microsoft-com:asm.v3"">
         <asmv3:security>
           <asmv3:requestedPrivileges>
             <asmv3:requestedExecutionLevel
               level=""asInvoker""
               uiAccess=""false"" />
           </asmv3:requestedPrivileges>
         </asmv3:security>
       </asmv3:trustInfo>
     </assembly>"
}

2. Compile the resource

You'll need to install the Platform SDK for this step so that you have access to the rc tool and the winuser.h header.  Once you've gotten the SDK setup, you can then compile your resource script into a .res file:

C:\src\App>rc.exe UacManifest.rc

Which will create a UacManifest.res for you.

3. Embed it in your application

Now that you've compiled your .res file, you can pass it to your managed compiler when building your application to embed in your exe.  The exact switch will vary depending on your compiler:

Compiler Switch
C# /win32res
VB /win32resource
ILAsm /resource
AL /win32res

You can also select the resource file in the project properties in Visual Studio.

Published Thursday, April 06, 2006 7:00 AM by shawnfa
Filed under: , ,

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# re: Adding a UAC Manifest to Managed Code

Friday, April 07, 2006 4:39 AM by junfeng
Please, add an <assemblyIdentity> to the sample. Give it a random name, I don't care. But I don't like assembly without assembly name.

# Vista: User Account Protection

Friday, April 07, 2006 4:48 PM by random ramblings....
Yet another note to self, must get round to reading these in detail: -- Microsoft Windows Vista Developer Center : Developer Best Practices and Guidelines for Applications in a Least Privileged Environment -- Adding a UAC Manifest to Managed Code...

# MSDN Flash Ireland - International Resources - 21 Apr 06

Friday, April 21, 2006 6:29 AM by Robert Burke's Weblog












&amp;nbsp;
Web Resources



&amp;nbsp;

[Mobile and Embedded Development] Microsoft...

# How to embed a manifest in an assembly: let me count the ways...

Thursday, August 24, 2006 3:11 PM by "A la Vista"
With our current developer tools, there's no immediately obvious way to embed a manifest in a managed...

# How to embed a manifest in an assembly: let me count the ways...

Thursday, October 12, 2006 2:24 AM by "A la Vista"

With our current developer tools, there's no immediately obvious way to embed a manifest in a managed

# Adding a manifest to a Vista application &laquo; Systems Engineering

Friday, October 13, 2006 5:03 PM by Adding a manifest to a Vista application « Systems Engineering

PingBack from http://systemsengineering.wordpress.com/2006/10/13/adding-a-manifest-to-a-vista-application/

# re: Adding a UAC Manifest to Managed Code

Monday, November 06, 2006 11:49 PM by Herbert N Swearengen III

There is one side effect to adding this manifest: the application icon specified for VB or C# in the project properties is lost.

You will need to modify the resource script (.rc) to include the following line:

AppIcon ICON "App Icon Name.ico"

You can name the icon anything, AppIcon is just a suggestion. The quotes around the icon name are only required if the name has spaces. Also if the icon is not in the project folder, include the path.

This will add both the manifest and icon to your executible. If you have requested "requireAdministrator", the icon will have one of those cute shields.

# re: Adding a UAC Manifest to Managed Code

Tuesday, November 14, 2006 2:37 PM by shawnfa

Thanks for the tip Herbert!

# re: Adding a UAC Manifest to Managed Code

Tuesday, February 13, 2007 11:54 AM by Keith Dorken

You lose more than the application icon. It appears like you lose the Assembly version information as well. So now you have to duplicate the VERSIONINFO resource as well, instead of relying on the [assembly: ...] attribute that you could embed in your project.

# Adding a UAC Manifest to Managed Code

Monday, March 05, 2007 9:24 AM by

Entweder Orcas verwenden (built in support for manifest integration) oder http://blogs.msdn.com/shawnfa/archive/2006/04/06/568563.aspx

# 转载:如何指定程序在Vista上面需要提升权限运行(Elevated)

Thursday, April 19, 2007 10:35 AM by ATField

转载:如何通过添加Manifest指定程序在Vista上面需要提升权限运行(Elevated)

# re: Adding a UAC Manifest to Managed Code

Friday, May 11, 2007 11:19 AM by Eric

If you authenticode sign the assembly, you get the friendly "Continue/Cancel" consent UAC prompt.  However, it shows the application name as [...].tmp which is not friendly.  Any idea how to specify the application/assembly name?  The <assemblyIdentity> element doesn't seem to have any effect.

Leave a Comment

(required) 
required 
(required) 
 
Page view tracker