User Access Control Winforms Shield
Before reading this post make sure you understand UAC.
You can read about UAC at:
When deploying enterprise applications and desktop systems, information technology (IT) administrators are often presented with the challenge of maintaining computer security while still enabling business productivity (usability) – traditionally two opposing forces. If systems and users were deployed in highly secure locked-down states, productivity would typically suffer because applications would cease to function properly in the absence of administrative privileges. In the other direction, if administrators opted for higher usability by granting end-users administrative privileges, systems became highly exposed to the effects of malware that could perform malicious actions such as stealing personal information and making unauthorized system changes. To make matters worse, IT administrators really didn’t have an easy way to balance the two requirements and often resorted to a one-or-the-other approach.
Enter the Microsoft Windows User Account Control (UAC) feature in Microsoft Windows Vista . With UAC IT administrators can easily deploy applications and service components with limited privileges (security) while still maintaining the ability to perform elevated tasks (usability) whenever needed.
One of the most visible features with UAC is the introduction of “elevated shield icon” decorated buttons that help users to identify actions and applications that require elevation. Take for example the task of changing the local system time on a Microsoft Windows Vista system which requires administrative privileges. Microsoft Windows Vista now indicates this requirement by displaying an elevated shield icon-decorated button in the date and time adjustment dialog
Decorating Windows Application Form Buttons with the Elevated Shield Icon in .NET
Unfortunatly we have to use unmanaged code interoperability because .Net does not support that today. This will change in ORCAS.
In unmanaged code (C/C++), there are several way that you could decorate a button with the elevated shield icon. The first method is to use the Button_SetElevationRequiredState macro and the second method is to send the BCM_SETSHIELD message to the target button control handle. If you take a look under the hood and install the Microsoft Windows Software Development Kit for Windows Vista and .NET Framework 3.0 Components, inside the file CommCtrl.h at line 7900 you’ll find the follow declaration for the Button_SetElevationRequiredState macro:
#define Button_SetElevationRequiredState(hwnd, fRequired) (LRESULT)SNDMSG((hwnd), BCM_SETSHIELD, 0, (LPARAM)fRequired)
As we can see, the Button_SetElevationRequiredState macro really just calls user32.dll!SendMessage with the BCM_SETSHIELD message. So in the coming example we’ll decorate a button control with an elevated shield icon from within managed code (specifically C#) using only the BCM_SETSHIELD message method.
BCM_SETSHIELD Message MethodExposing the nuts and bolts behind the Button_SetElevationRequiredState macro gives us some useful information about how to use the BCM_SETSHIELD method successfully. A couple things need to happen before we can successful decorate our example button:
- The target button control’s handle must be passed as the 1st argument to user32.dll!SendMessage.
- The correct BCM_SETSHIELD value must be passed as the 2nd argument to user32.dll!SendMessage.
- The value 0 must be passed as the 3rd argument to user32.dll!SendMessage.
- A pointer to a Boolean true value must be passed as the 4th argument to user32.dll!SendMessage.
- The target button control’s .FlatStyle member needs to be set to the system style.
- The function user32.dll!SendMessage must be called from within our C# code.
In this post we looked at how we could use the BCM_SETSHIELD message along with .NET P/Invokes to programmatically decorate Windows Vista forms application buttons with elevated shield icons.
UAC Shield is important, Today we have to work a little to get it.
While visual cues are helpful, developing applications to be UAC compliant however involves much more than just decorating buttons – there’s considerations such as file system virtualization, registry virtualization, over-the-shoulder (OTS) credentials, proper elevation methods and application manifests that developers need to consider. To learn more about these UAC aspects, please refer to the additional resources and references section.