提升的VB6凭据

Question

我需要在VB6应用程序中获得提升的凭据(以启动服务)，但仅当用户需要重新启动服务时才需要(即，我不想在应用程序启动时获得提升的凭据，仅当用户选择重新启动时)。我如何在VB6中做到这一点？

Answer 1

相当简单，但首选的方式涉及一个新的提升过程。此示例使用自身与开关一起运行，以知道执行服务启动而不是正常操作：

VERSION 5.00
Begin VB.Form Form1 
   BorderStyle     =   1  'Fixed Single
   Caption         =   "Form1"
   ClientHeight    =   3060
   ClientLeft      =   45
   ClientTop       =   345
   ClientWidth     =   4560
   LinkTopic       =   "Form1"
   MaxButton       =   0   'False
   MinButton       =   0   'False
   ScaleHeight     =   3060
   ScaleWidth      =   4560
   StartUpPosition =   3  'Windows Default
   Begin VB.CommandButton Command1 
      Caption         =   "Start Service"
      Height          =   495
      Left            =   1448
      TabIndex        =   0
      Top             =   1283
      Width           =   1665
   End
End
Attribute VB_Name = "Form1"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Option Explicit

Private Const BCM_SETSHIELD As Long = &H160C&

Private Declare Function SendMessage Lib "user32" _
    Alias "SendMessageA" ( _
    ByVal hWnd As Long, _
    ByVal wMsg As Long, _
    ByVal wParam As Long, _
    lParam As Any) As Long

Private Declare Function ShellExecute Lib "shell32.dll" _
    Alias "ShellExecuteA" ( _
    ByVal hWnd As Long, _
    ByVal lpOperation As String, _
    ByVal lpFile As String, _
    ByVal lpParameters As String, _
    ByVal lpDirectory As String, _
    ByVal nShowCmd As Long) As Long

Private Sub Command1_Click()
    ShellExecute hWnd, "runas", App.EXEName & ".exe", "-start", CurDir$(), vbNormalFocus
End Sub

Private Sub Form_Load()
    If UCase$(Trim$(Command$())) = "-START" Then
        Caption = "Starting Service"
        Command1.Visible = False
        'Service starting functionality goes here.
    Else
        Caption = "Service Starter"
        'For Shield to work you must have a Common Controls v. 6
        'manifest and call InitCommonControls before loading
        'this form (i.e. preferably from Sub Main).
        SendMessage Command1.hWnd, BCM_SETSHIELD, 0&, 1&
        Command1.Visible = True
    End If
End Sub

Answer 2

一种解决方案是使用COM elevation绰号http://msdn.microsoft.com/en-us/library/ms679687(VS.85).aspx。

如果您的目标是VB6 http://www.vbforums.com/showthread.php?t=459643，此链接将非常有用。

Answer 3

您需要调用WinAPI - CoImpersonateClient或LogonUser。

只需记住之后降低你的权限，当你提升权限时要非常小心(例如，不要对用户输入执行ANYthing )。

另一种选择，我认为是更可取的(如果可用)是使用COM+配置的对象。您可以让COM+子系统管理凭据，并根据需要限制访问以调用对象。这具有在低特权代码和高特权代码之间创建和实际信任边界的好处。