Adding a UAC Manifest to Managed Code


The UAC feature of Vista is one of my favorite new features — it really makes running as a non-admin much less painful than it has been in the past.  One of the requirements that UAC puts on developers is that we must mark our applications with manifests which declare if the application would like to run elevated or not.  Documentation for this manifest format can be found on MSDN, where you can find the schema and information about what the various settings mean.


If you’d like to add one of these manifests to your managed application, the steps are relatively straight forward:



  1. Create a manifest resource

  2. Compile the resource

  3. Embed it in your application

1. Create a manifest resource


The first step is to create a resource file containing your manifest.  The manifest should be of type RT_MANIFEST, and have id 1 for an exe (id 2 for a dll).  For instance, the resource script for an exe that does not need to elevate might be saved in UacManifest.rc and look like this:



#include <winuser.h>
#define IDR_MANIFEST 1 // 2 for a DLL

IDR_MANIFEST RT_MANIFEST MOVEABLE PURE
{
    “<assembly xmlns=””urn:schemas-microsoft-com:asm.v1″” manifestVersion=””1.0″”>
       <asmv3:trustInfo xmlns:asmv3=””urn:schemas-microsoft-com:asm.v3″”>
         <asmv3:security>
           <asmv3:requestedPrivileges>
             <asmv3:requestedExecutionLevel
               level=””asInvoker””
               uiAccess=””false”” />
           </asmv3:requestedPrivileges>
         </asmv3:security>
       </asmv3:trustInfo>
     </assembly>”
}

2. Compile the resource



You’ll need to install the Platform SDK for this step so that you have access to the rc tool and the winuser.h header.  Once you’ve gotten the SDK setup, you can then compile your resource script into a .res file:



C:\src\App>rc.exe UacManifest.rc

Which will create a UacManifest.res for you.


3. Embed it in your application


Now that you’ve compiled your .res file, you can pass it to your managed compiler when building your application to embed in your exe.  The exact switch will vary depending on your compiler:



















Compiler Switch
C# /win32res
VB /win32resource
ILAsm /resource
AL /win32res


You can also select the resource file in the project properties in Visual Studio.


Comments (12)

  1. junfeng says:

    Please, add an <assemblyIdentity> to the sample. Give it a random name, I don’t care. But I don’t like assembly without assembly name.

  2. Yet another note to self, must get round to reading these in detail: — Microsoft Windows Vista Developer Center : Developer Best Practices and Guidelines for Applications in a Least Privileged Environment — Adding a UAC Manifest to Managed Code…

  3. &amp;nbsp;

    Web Resources

    &amp;nbsp;

    [Mobile and Embedded Development] Microsoft…

  4. "A la Vista" says:

    With our current developer tools, there’s no immediately obvious way to embed a manifest in a managed…

  5. "A la Vista" says:

    With our current developer tools, there’s no immediately obvious way to embed a manifest in a managed

  6. Herbert N Swearengen III says:

    There is one side effect to adding this manifest: the application icon specified for VB or C# in the project properties is lost.

    You will need to modify the resource script (.rc) to include the following line:

    AppIcon ICON "App Icon Name.ico"

    You can name the icon anything, AppIcon is just a suggestion. The quotes around the icon name are only required if the name has spaces. Also if the icon is not in the project folder, include the path.

    This will add both the manifest and icon to your executible. If you have requested "requireAdministrator", the icon will have one of those cute shields.

  7. shawnfa says:

    Thanks for the tip Herbert!

  8. Keith Dorken says:

    You lose more than the application icon. It appears like you lose the Assembly version information as well. So now you have to duplicate the VERSIONINFO resource as well, instead of relying on the [assembly: …] attribute that you could embed in your project.

  9. says:

    Entweder Orcas verwenden (built in support for manifest integration) oder http://blogs.msdn.com/shawnfa/archive/2006/04/06/568563.aspx

  10. ATField says:

    转载:如何通过添加Manifest指定程序在Vista上面需要提升权限运行(Elevated)

  11. Eric says:

    If you authenticode sign the assembly, you get the friendly "Continue/Cancel" consent UAC prompt.  However, it shows the application name as […].tmp which is not friendly.  Any idea how to specify the application/assembly name?  The <assemblyIdentity> element doesn’t seem to have any effect.