C# 如何判断我的进程是否以管理员身份运行?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/509292/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can I tell if my process is running as Administrator?
提问by Erik Forbes
I would like to display some extra UI elements when the process is being run as Administrator as opposed to when it isn't, similar to how Visual Studio 2008 displays 'Administrator' in its title bar when running as admin. How can I tell?
我想在进程以管理员身份运行时显示一些额外的 UI 元素,而不是在不以管理员身份运行时,类似于 Visual Studio 2008 在以管理员身份运行时在其标题栏中显示“管理员”的方式。我怎么知道?
采纳答案by casperOne
Technically, if you want to see if the member is the local administrator account, then you can get the security identifier (SID)of the current user through the Userpropertyon the WindowsIdentityclass, like so (the static GetCurrentmethodgets the current Windows user):
从技术上讲,如果要查看成员是否为本地管理员帐户,则可以通过class上的属性获取当前用户的安全标识符(SID),如下所示(静态方法获取当前 Windows 用户):UserWindowsIdentityGetCurrent
WindowsIdentity windowsIdentity = WindowsIdentity.GetCurrent();
string sid = windowsIdentity.User.ToString();
The Userproperty returns the SID of the user which has a number of predefined values for various groups and users.
该User属性返回用户的 SID,该 SID为各种组和用户提供了许多预定义的值。
Then you would check to see if the SID has the following pattern, indicating it is the local administrator account (which is a well-known SID):
然后您将检查SID 是否具有以下模式,表明它是本地管理员帐户(这是一个众所周知的 SID):
S-1-5-{other SID parts}-500
S-1-5-{其他 SID 部件} -500
Or, if you don't want to parse strings, you can use the SecurityIdentifierclass:
或者,如果您不想解析字符串,则可以使用SecurityIdentifier该类:
// Get the built-in administrator account.
var sid = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid,
null);
// Compare to the current user.
bool isBuiltInAdmin = (windowsIdentity.User == sid);
However, I suspect that what you reallywant to know is if the current user is a member of the administrators groupfor the local machine. You can get this SID using the WellKnownSidTypeof BuiltinAdministratorsSid:
但是,我怀疑您真正想知道的是当前用户是否是本地计算机管理员组的成员。您可以使用WellKnownSidTypeof获取此 SID BuiltinAdministratorsSid:
// Get the SID of the admin group on the local machine.
var localAdminGroupSid = new SecurityIdentifier(
WellKnownSidType.BuiltinAdministratorsSid, null);
Then you can check the Groupspropertyon the WindowsIdentityof the user to see if that user is a member of the local admin group, like so:
然后,你可以检查Groups属性的WindowsIdentity用户,看看用户是本地管理员组的成员,就像这样:
bool isLocalAdmin = windowsIdentity.Groups.
Select(g => (SecurityIdentifier) g.Translate(typeof(SecurityIdentifier))).
Any(s => s == localAdminGroupSid);
回答by Kenn
I think this is a good simple mechanism.
我认为这是一个很好的简单机制。
using System.Security.Principal;
WindowsIdentity identity = WindowsIdentity.GetCurrent();
WindowsPrincipal principal = new WindowsPrincipal(identity);
bool isAdmin = principal.IsInRole(WindowsBuiltInRole.Administrator);
回答by tbradt
I felt it important to note the difficulty I had with attempting to use WellKnownSidType.BuiltinAdministratorsSid per casperOne's answer above. According to the WellKnownSiDType MSDN, BuiltinAdministratorsSid "Indicates a SID that matches the administrator account." So I would expect casperOne's code to work, and guess it likely does in some environments. Unfortunately, it didn't on my Windows 2003 with .NET 2.0 (legacy code). It actually returned S-1-5-32-544 which, according to this articleis the sid for the Administrators group. Thus, the comparison fails for me. I will have to do my own string comparison for startswith "S-1-5-21" (that kb 243330 indicates the "21" is included even though the blog referenced above does not) and endswith "500".
我觉得重要的是要注意根据上面 casperOne 的答案尝试使用 WellKnownSidType.BuiltinAdministratorsSid 时遇到的困难。根据WellKnownSiDType MSDN,BuiltinAdministratorsSid“表示与管理员帐户匹配的 SID。” 所以我希望 casperOne 的代码能够工作,并且猜测它可能在某些环境中工作。不幸的是,它在我的带有 .NET 2.0(旧代码)的 Windows 2003 上没有。它实际上返回了 S-1-5-32-544,根据本文,它是 Administrators组的 sid 。因此,比较对我来说失败了。我将不得不为startswith“S-1-5-21”做我自己的字符串比较(kb 243330表示“21”
回答by Bryan Legend
Here's a one liner to do it.
这是一个单班轮来做到这一点。
using System.Security.Principal;
static bool IsElevated => new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator);
回答by SoumyaMahunt
I use simple try catch statement to create a random file in "C:\Windows\"folder. If it errors out the app is running with normal privileges otherwise it is running as admin privileges.
我使用简单的 try catch 语句在“C:\Windows\”文件夹中创建一个随机文件。如果出错,则应用程序以普通权限运行,否则以管理员权限运行。
try
{
File.Create(string.Format(@"C:\Windows\{0}.txt", new Guid()), 0, FileOptions.DeleteOnClose);
// Do as admin
}
catch
{
// Do as default
}
