User Access Control Winforms Shield
Before reading this post make sure you understand UAC.
You can read about UAC at:
When deploying enterprise applications and desktop systems, information technology (IT) administrators are often presented with the challenge of maintaining computer security while still enabling business productivity (usability) – traditionally two opposing forces. If systems and users were deployed in highly secure locked-down states, productivity would typically suffer because applications would cease to function properly in the absence of administrative privileges. In the other direction, if administrators opted for higher usability by granting end-users administrative privileges, systems became highly exposed to the effects of malware that could perform malicious actions such as stealing personal information and making unauthorized system changes. To make matters worse, IT administrators really didn’t have an easy way to balance the two requirements and often resorted to a one-or-the-other approach.
Enter the Microsoft Windows User Account Control (UAC) feature in Microsoft Windows Vista . With UAC IT administrators can easily deploy applications and service components with limited privileges (security) while still maintaining the ability to perform elevated tasks (usability) whenever needed.
One of the most visible features with UAC is the introduction of “elevated shield icon” decorated buttons that help users to identify actions and applications that require elevation. Take for example the task of changing the local system time on a Microsoft Windows Vista system which requires administrative privileges. Microsoft Windows Vista now indicates this requirement by displaying an elevated shield icon-decorated button in the date and time adjustment dialog
Decorating Windows Application Form Buttons with the Elevated Shield Icon in .NET
Unfortunatly we have to use unmanaged code interoperability because .Net does not support that today. This will change in ORCAS.
In unmanaged code (C/C++), there are several way that you could decorate a button with the elevated shield icon. The first method is to use the Button_SetElevationRequiredState macro and the second method is to send the BCM_SETSHIELD message to the target button control handle. If you take a look under the hood and install the Microsoft Windows Software Development Kit for Windows Vista and .NET Framework 3.0 Components, inside the file CommCtrl.h at line 7900 you’ll find the follow declaration for the Button_SetElevationRequiredState macro:
#define Button_SetElevationRequiredState(hwnd, fRequired) (LRESULT)SNDMSG((hwnd), BCM_SETSHIELD, 0, (LPARAM)fRequired)
As we can see, the Button_SetElevationRequiredState macro really just calls user32.dll!SendMessage with the BCM_SETSHIELD message. So in the coming example we’ll decorate a button control with an elevated shield icon from within managed code (specifically C#) using only the BCM_SETSHIELD message method.
BCM_SETSHIELD Message MethodExposing the nuts and bolts behind the Button_SetElevationRequiredState macro gives us some useful information about how to use the BCM_SETSHIELD method successfully. A couple things need to happen before we can successful decorate our example button:
- The target button control’s handle must be passed as the 1st argument to user32.dll!SendMessage.
- The correct BCM_SETSHIELD value must be passed as the 2nd argument to user32.dll!SendMessage.
- The value 0 must be passed as the 3rd argument to user32.dll!SendMessage.
- A pointer to a Boolean true value must be passed as the 4th argument to user32.dll!SendMessage.
- The target button control’s .FlatStyle member needs to be set to the system style.
- The function user32.dll!SendMessage must be called from within our C# code.
In this post we looked at how we could use the BCM_SETSHIELD message along with .NET P/Invokes to programmatically decorate Windows Vista forms application buttons with elevated shield icons.
UAC Shield is important, Today we have to work a little to get it.
While visual cues are helpful, developing applications to be UAC compliant however involves much more than just decorating buttons – there’s considerations such as file system virtualization, registry virtualization, over-the-shoulder (OTS) credentials, proper elevation methods and application manifests that developers need to consider. To learn more about these UAC aspects, please refer to the additional resources and references section.
UAC Shield Example
The purpose of this post is to help you to find the right pattern for you data handling.
Data Personality are qualities we decide our data has, which means we assume assumption on our data that will lead us to the correct pattern. To understand the “data Personality” we should ask several questions:
The Questions can be put into 3 Groups:
1. The Database Sharing:
A. Is it a Private Database? - “My Database”
Only one application can access that data.
B. Is it a Shared Database? - “My Shared Database”
Many users can access this data concurrently
C. Is it a Shared Database in a for a particular group of users? - “Our Database”
Not many users can access this data concurrently
2. Timeliness and change rate (Read Only Vs Read Write . Quick Vs Slow Change Rate):
A. Is it a “Read Only” Data? - “Referenced Database”
B. Is it a ”Read Write” Data? - “Changing Database”
a. Does it change quickly ?
b. Do you need a fresh view ? - “Fresh Database”
When ever you look you get have the exact true data
c. Is the data stale and how stale is it – “Stale Database”
C. Is it always contain true consistent data? – “Correct Database”
3. Locality and the amount of data (Is it Huge Data base (you have a lot of data)):
A. Is this data distributed ? Can it be distributed?
a. Is your Data scattered across different databases? – “Distributed Database”
b. Do you have Different types of data in different places? “My Distributed Data”
c. Is your data distributed in geographically different places?
B. What view of data do you need?
a. Does this view exist in any one database?
C. How many users use the data?
a. Are there any scalability issues?
Pattern also can be divided into 3 groups of consideration.
Ask yourself about each of the following considerations:
1. Access Direct – My data base
a. single user private local database
2. Access Remote (Client Server) – The database is shared
a. Two tier Small amount of users.
b. Simple concurrency
3. Intermediated Access
a. You need to handle your problems between the client and the Database.
b. Pooling (Scalability - Number of locks and connections)
c. Security (The database and the user live in different security realms)
d. Validation & Error handling
e. Data Transformation before the database
f. Code Manageability
2. Error handling or Concurrency
1. ACID Transaction
a. Use Distributed transaction when possible
a. List the problems and deal with them one by one
a. Create a proper error path
1. Caching & Snapshoting
a. Transformation between one “timeliness and change” assumptions patterns to another. (example: Read Write to stale)
a. Create a view of date from many different sources that does not exist in any of them. Build another layer in front of your databases with a full CRUD capabilities which has the exact view you need. The data is scattered in many databases but your app does not know this.
a. You replicate data in different location for scalability
b. For “Read Only” data / Very slow changing data
a. You distribute data to different location for scalability & simplicity
b. This is Replication but for Read Write data
c. Splitting the writable data on many machines
d. A router or broker sends you to the right database.
a. “Read Only” and “Read Write” at the same time.
b. Copy the data you need to create a report from to another DB and continue the read write
on the original DB formation
The truth about XML performance
WS * Standards are all based on top of XML. When people who care about performance hear this they go crazy. They say that XML is not efficient.
The problem is that they do not understand exactly what XML really is.
The Definition of XML is “A standard for information representation using the hierarchic model”
This “hierarchic model” is a tree of nodes called: “XML Infoset”
It is true that in most cases this tree is expressed in text. This is the source of the misconception about XML. The fact people do not know is that the XML Infoset can be expressed in any encoding . Text is only an encoding example.
Let us prove this: To do this we will look at the following code.
Let us assume we have a customer class which includes customer information.
//2. XML Serialization with binary encoding
XmlSerializer xs =
XmlDictionaryWriter writer1 =
We create a XML serializer for the customer class cm1. Pay attention that NO ENCODING INFORMATION IS SUPPLIED TO THE SERIALIZER. Why ???
The rezone relies in the definition of XML serialization: “Creation of an XML InfoSet to represent the class state”. There is no one word about encoding.
This means we can XML serialize an object and encode this XML infoset afterwards in binary encoding.
This is still XML but encoded binary.
By the way this is exactly what WCF does in netTcpBinding. It creates XML using XML or DataContract serializers but it uses binary encoding.
The results are interesting: The size of xml serialization with binary encoding can be smaller that binary serialization.
This means that XML can be used in application that needs performance, as XML really means a tree of nodes. We represent this tree in any way we want. Some methods of representation are lighter than others, the information stays the same.
I Include a code sample Compare XML Binary and DataCotract Serialization that compare the 3 major serialization methods and proves that XML is not “Anti Performance” technology