Sunday, March 04, 2007 11:58 PM bart

New in Orcas - Embedding Vista UAC manifests in 30 seconds

Note: This article applies to the Visual Studio "Orcas" March 07 CTP build that can be downloaded from the Microsoft website.

In this post we'll talk about embedding UAC (User Account Control) manifests in managed code executables without having to rely on rather dirty tricks, as I explained in my older blog post entitled Windows Vista - Demand UAC elevation for an application by adding a manifest using mt.exe. Please read this post prior to reading this post, in order to get a good idea about UAC and manifests.

Essentially, this article performs a little word substitution on the title of the previous post: adding a manifest using mt.exe using Visual Studio "Orcas".


Step 1 - Creating the Windows Forms app

We'll start by creating the same app as we did in the previous post mentioned above. Open up VS "Orcas", create a new (C#) Windows Forms project called UacDemo and add a label called "label1" to the designer surface. As a side-note, play around with the IDE designer for Windows Forms a bit, you'll see that the Layout toolbar has been revamped (for example, add another label, select both labels and observe the options in this toolbar):

Next, go to the code and add an event handler for Form1_Load that does the following:

label1.Text = new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator) ? "Yup" : "Nope";

You'll need to bring the System.Security.Principal namespace in scope in order to compile the code above.


Step 2 - Add a manifest to the project

Add a new item to the project and choose for an XML file. Call it UacDemo.exe.manifest:

Add the following contents to it:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="" processorArchitecture="X86" name="UacDemo" type="win32"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator"/> </requestedPrivileges> </security> </trustInfo> </assembly>

Notice that the name attribute of the assemblyIdentity element has to be set to the name of the executable (without .exe extension). Information about UAC manifests can be found by searching "requestedPrivileges" on the internet for instance.


Step 3 - Tell the build environment to include the manifest

This is where things got difficult in the past. A solution pre-Orcas was explained on my aforementioned previous blog entry on UAC using a post-build step calling the mt.exe tool. Now, things have become much more simple. Just go to the properties of the project, tab Application and scroll down to the section "Resources" as shown below:

In the manifest dropdown box you can now point to the manifest we've created in the previous step.


Step 4 - Build, inspect, test

That's it; we're done now! To illustrate what has happened, take a look at the .csproj file of the project using an XML editor; below is a snippet from this file on my machine:

<Project ToolsVersion="3.5" DefaultTargets="Build" xmlns=""> <PropertyGroup> <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration> <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform> <ProductVersion>9.0.20209</ProductVersion> <SchemaVersion>2.0</SchemaVersion> <ProjectGuid>{8FB484D6-73DB-4AEE-8222-7FE5B0CBD622}</ProjectGuid> <OutputType>WinExe</OutputType> <AppDesignerFolder>Properties</AppDesignerFolder> <RootNamespace>UacDemo</RootNamespace> <AssemblyName>UacDemo</AssemblyName> <TargetFrameworkVersion>v3.5</TargetFrameworkVersion> <FileAlignment>512</FileAlignment> <ApplicationManifest>UacDemo.exe.manifest</ApplicationManifest> </PropertyGroup>

First, observe the presence of multi-targeting: the Project's ToolsVersion attribute tells the tools that use the .csproj file to use the 3.5 version of the framework; furthermore, TargetFrameworkVersion tags appear in the file, as well as RequiredTargetFramework tags for dependencies (not illustrated in the snippet above). However, for us the ApplicationManifest element is much more interesting since it points to our manifest file; this tells MSBuild to take mt.exe alike steps to include the manifest in the executable when compilation has been done successfully.

To see that the manifest is included correctly, you can go to the Visual Studio Orcas Command Prompt, cd into the bin\Debug or bin\Release folder of the UacDemo project and call mt -inputresource:uacdemo.exe -out:uacdemo.exe.manifest to extract the manifest from the file and to see what's in there:

Finally, run the file on your Vista machine and you should see the UAC prompt popping up to elevate the privileges of the app:

Notice that creating screenshots from the UAC prompt isn't easy due to the presence of the "UAC Secure Desktop" where the UAC prompts are displayed. In order to make it possible, open up secpol.msc, go to Local Policies, Security Options and tweak the "User Account Control: Switch to the secure desktop when prompting for elevation" setting to Disabled (don't forget to revert it afterwards!):

Enjoy! | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Filed under: ,


# re: New in Orcas - Embedding Vista UAC manifests in 30 seconds

Monday, March 05, 2007 11:12 AM by Thomas Lebrun

Hello Bart,

This could be easily done with less steps :)

Indeed, when you choose to add an item, in you solution, instead of choosing a XML file, you could choose an "Application Manifest file" as shown here:

Like this, the content of the manifest is pre-populated.

Bye :)


# Mais uma do Bart : Simplifica&#231;&#227;o do manifesto para UAC

Thursday, March 08, 2007 7:27 PM by Dennes

Durante a TechConference vocês puderam observar a dificuldade que é inserir um manifesto em um...

# RealTime - Questions: "The purpose, use and configuraiton of UAC in Windows 7.?"

Pingback from  RealTime - Questions: "The purpose, use and configuraiton of UAC in Windows 7.?"