Visão geral de segurança da automação de interface do usuário
Observação
Esta documentação destina.Os desenvolvedores do NET Framework que desejam usar o gerenciado UI Automation classes definidas na System.Windows.Automation namespace.As informações mais recentes sobre UI Automation, consulte API de automação do Windows: Automação da interface do usuário.
This overview describes the security model for Microsoft UI Automation in Windows Vista.
Este tópico contém as seguintes seções.
- User Account Control
- Tasks Requiring Higher Privileges
- Manifest Files
User Account Control
Security is a major focus of Windows Vista and among the innovations is the ability for users to run as standard (non-administrator) users without necessarily being blocked from running applications and services that require higher privileges.
In Windows Vista, most applications are supplied with either a standard or an administrative token. If an application cannot be identified as an administrative application, it is launched as a standard application by default. Before an application identified as administrative can be launched, Windows Vista prompts the user for consent to run the application as elevated. The consent prompt is displayed by default, even if the user is a member of the local Administrators group, because administrators run as standard users until an application or system component that requires administrative credentials requests permission to run.
Tasks Requiring Higher Privileges
Quando um usuário tenta executar uma tarefa que requer privilégios administrativos, Windows Vista apresenta uma caixa de diálogo perguntando ao usuário de consentimento continuar. This dialog box is protected from cross-process communication, so that malicious software cannot simulate user input. Similarly, the desktop logon screen cannot normally be accessed by other processes.
UI Automation clients must communicate with other processes, some of them perhaps running at a higher privilege level. Clients also might need access to the system dialog boxes that are not normally visible to other processes. Therefore, UI Automation clients must be trusted by the system, and must run with special privileges.
To be trusted to communicate with applications running at a higher privilege level, applications must be signed.
Manifest Files
To gain access to the protected system UI, applications must be built with a manifest file that includes a special attribute in the manifest file. This uiAccess attribute is included in the requestedExecutionLevel tag, as follows:
<trustInfo xmlns="urn:0073chemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="highestAvailable"
UIAccess="true" />
</requestedPrivileges>
</security>
</trustInfo>
The value of the level attribute in this code is an example only.
UIAccess is "false" by default; that is, if the attribute is omitted, or if there is no manifest for the assembly, the application will not be able to gain access to protected UI.
Para obter mais informações sobre Windows Vista security, sobre a assinatura de aplicativos e como criar um assembly de manifestos, consulte "desenvolvedor melhores práticas e diretrizes para aplicativos em um menos privilegiado ambiente" em MSDN.