locked
Problem while registering assembly using custom actions RRS feed

  • Question

  • Hello all:

    I have an installer that calls a merge module with a custom action. In customaction, based on certain criteria, it register and install some files in the GAC.

    It works fine on XP and earlier versions but on vista, user access control, does not let it  proceed and it fails while registering my assembly with an error that says "Access to the registry key HKEY_CLASSES_ROOT/Record is denied". If I look at the stack it fails at Microsoft.Win32.RegistryKey.CreateSubkey method. I use System.Runtime.InteropServices.RegistrationServices.registerassembly method to register my assembly and that in tunrs calls this Microsfot.win32.registrykey.createsubkey.

    I f I turn off user account control everything works fine, I understand that this is what is intended in vista but I am not sure how to make my custom action work around this problem.

    Can some put some light on this issue?

    Regards,

    Vivek Vishist

    Thursday, November 2, 2006 8:24 PM

Answers

  • Creating an Embedded Manifest with Microsoft Visual Studio 
    Visual Studio enables you to automatically embed an XML manifest file within the resource section of the Portable Executable (PE) image.
    You need to create a signed PE image containing a manifest.
    The manifest includes the necessary requestedExecutionLevel attributes that allow the application to run with the desired privilege level on Windows Vista.
    When the program is launched, the manifest information is extracted from the resource section of the PE and used by the operating system.
    Manifest file
    To mark your application, first create a manifest file to use with the target application. You can do this with any text editor. The manifest file should have the same name as the target.exe with a .manifest extension.
    Example
    Executable:   IsUserAdmin.exe
    Manifest:   IsUserAdmin.exe.manifest
    -------------
     Also
    --------------
    The Windows Vista application manifest has been enhanced with attributes that permit developers to mark their applications with a requested execution level. The following is the format for this.
    <requestedExecutionLevel level="asInvoker|highestAvailable|requireAdministrator" uiAccess="true|false"/>
    level
    asInvoker. The application runs with the same token as the parent process.
    highestAvailable. The application runs with the highest privileges the current user can obtain.
    requireAdministrator. The application runs only for administrators and requires that the application be launched with the full token of an administrator.
    -------------
     
    Sample manifest file:
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="IsUserAdmin" type="win32"/> <description>Description of your application</description> <!-- Identify the application security requirements. --> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
    The parts of the manifest that need to be adjusted for your application are marked in bold. They include the following:
    The assembly identity
    The name
    The type
    The description
    The attributes in the requestedExecutionLevel
    Tuesday, November 7, 2006 5:06 AM

All replies

  • Is this durring the install or you program ?

    If so you  and using MSI to install you need to add to the installer a install mainfest to the exec with permissions

    if you are using click once the they need to be signed

    Friday, November 3, 2006 8:09 PM
  • thanks for your input. Can you please tell me how to add install manifest to the installer ?

     

    Monday, November 6, 2006 5:45 PM
  • Creating an Embedded Manifest with Microsoft Visual Studio 
    Visual Studio enables you to automatically embed an XML manifest file within the resource section of the Portable Executable (PE) image.
    You need to create a signed PE image containing a manifest.
    The manifest includes the necessary requestedExecutionLevel attributes that allow the application to run with the desired privilege level on Windows Vista.
    When the program is launched, the manifest information is extracted from the resource section of the PE and used by the operating system.
    Manifest file
    To mark your application, first create a manifest file to use with the target application. You can do this with any text editor. The manifest file should have the same name as the target.exe with a .manifest extension.
    Example
    Executable:   IsUserAdmin.exe
    Manifest:   IsUserAdmin.exe.manifest
    -------------
     Also
    --------------
    The Windows Vista application manifest has been enhanced with attributes that permit developers to mark their applications with a requested execution level. The following is the format for this.
    <requestedExecutionLevel level="asInvoker|highestAvailable|requireAdministrator" uiAccess="true|false"/>
    level
    asInvoker. The application runs with the same token as the parent process.
    highestAvailable. The application runs with the highest privileges the current user can obtain.
    requireAdministrator. The application runs only for administrators and requires that the application be launched with the full token of an administrator.
    -------------
     
    Sample manifest file:
    <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="IsUserAdmin" type="win32"/> <description>Description of your application</description> <!-- Identify the application security requirements. --> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
    The parts of the manifest that need to be adjusted for your application are marked in bold. They include the following:
    The assembly identity
    The name
    The type
    The description
    The attributes in the requestedExecutionLevel
    Tuesday, November 7, 2006 5:06 AM