/// <inheritdoc />
public static bool IsElevated()
{
bool ret = false;
IntPtr hToken; // Invalid handle.
if (OpenProcessToken(System.Diagnostics.Process.GetCurrentProcess().Handle, TOKEN_QUERY, out hToken))
{
uint tokenInfLength = 0;
// first call gets lenght of tokenInformation
ret = GetTokenInformation(hToken, TOKEN_INFORMATION_CLASS.TokenElevation, IntPtr.Zero, tokenInfLength, out tokenInfLength);
IntPtr tokenInformation = Marshal.AllocHGlobal((IntPtr)tokenInfLength);
if (tokenInformation != IntPtr.Zero)
{
ret = GetTokenInformation(hToken, TOKEN_INFORMATION_CLASS.TokenElevation, tokenInformation, tokenInfLength, out tokenInfLength);
if (ret)
{
TOKEN_ELEVATION tokenElevation = (TOKEN_ELEVATION)Marshal.PtrToStructure(tokenInformation, typeof(TOKEN_ELEVATION));
ret = tokenElevation.TokenIsElevated != 0;
}
Marshal.FreeHGlobal(tokenInformation);
CloseHandle(hToken);
}
}
return(ret);
}
private static bool TokenIsElevated(IntPtr hToken)
{
TOKEN_ELEVATION tk = new TOKEN_ELEVATION();
tk.TokenIsElevated = 0;
IntPtr lpValue = Marshal.AllocHGlobal(Marshal.SizeOf(tk));
Marshal.StructureToPtr(tk, lpValue, false);
uint tokenInformationLength = (uint)Marshal.SizeOf(typeof(TOKEN_ELEVATION));
uint returnLength;
Boolean result = GetTokenInformation(
hToken,
TOKEN_INFORMATION_CLASS.TokenElevation,
lpValue,
tokenInformationLength,
out returnLength
);
TOKEN_ELEVATION elv = (TOKEN_ELEVATION)Marshal.PtrToStructure(lpValue, typeof(TOKEN_ELEVATION));
if (elv.TokenIsElevated == 1)
{
return(true);
}
else
{
return(false);
}
}
public static bool GetTokenElevated(TokenHandle hToken)
{
int size;
TOKEN_ELEVATION te = new TOKEN_ELEVATION();
te.TokenIsElevated = 0;
bool result = GetTokenInformation(hToken, TOKEN_INFORMATION_CLASS.TokenElevation, ref te, Marshal.SizeOf(typeof(TOKEN_ELEVATION)), out size);
if (!result)
{
throw new Win32Exception();
}
return(te.TokenIsElevated != 0);
}
/// <summary>
/// Returns true if the current process is elevated.
/// </summary>
public unsafe static bool IsProcessElevated()
{
using (AccessToken token = OpenProcessToken(AccessTokenRights.Read))
{
TOKEN_ELEVATION elevation = new TOKEN_ELEVATION();
if (!Imports.GetTokenInformation(
token,
TokenInformation.Elevation,
&elevation,
(uint)sizeof(TOKEN_ELEVATION),
out _))
{
throw Errors.GetIoExceptionForLastError();
}
return(elevation.TokenIsElevated);
}
}
/// <summary>
/// The function gets the elevation information of the current process. It
/// dictates whether the process is elevated or not. Token elevation is only
/// available on Windows Vista and newer operating systems, thus
/// IsProcessElevated throws a C++ exception if it is called on systems prior
/// to Windows Vista. It is not appropriate to use this function to determine
/// whether a process is run as administartor.
/// </summary>
/// <returns>
/// Returns true if the process is elevated. Returns false if it is not.
/// </returns>
/// <exception cref="System.ComponentModel.Win32Exception">
/// When any native Windows API call fails, the function throws a Win32Exception
/// with the last error code.
/// </exception>
/// <remarks>
/// TOKEN_INFORMATION_CLASS provides TokenElevationType to check the elevation
/// type (TokenElevationTypeDefault / TokenElevationTypeLimited /
/// TokenElevationTypeFull) of the process. It is different from TokenElevation
/// in that, when UAC is turned off, elevation type always returns
/// TokenElevationTypeDefault even though the process is elevated (Integrity
/// Level == High). In other words, it is not safe to say if the process is
/// elevated based on elevation type. Instead, we should use TokenElevation.
/// </remarks>
internal bool IsProcessElevated()
{
bool fIsElevated = false;
SafeTokenHandle hToken = null;
int cbTokenElevation = 0;
IntPtr pTokenElevation = IntPtr.Zero;
try
{
// Open the access token of the current process with TOKEN_QUERY.
if (!NativeMethods.OpenProcessToken(Process.GetCurrentProcess().Handle,
NativeMethods.TOKEN_QUERY, out hToken))
{
throw new Win32Exception();
}
// Allocate a buffer for the elevation information.
cbTokenElevation = Marshal.SizeOf(typeof(TOKEN_ELEVATION));
pTokenElevation = Marshal.AllocHGlobal(cbTokenElevation);
if (pTokenElevation == IntPtr.Zero)
{
throw new Win32Exception();
}
// Retrieve token elevation information.
if (!NativeMethods.GetTokenInformation(hToken,
TOKEN_INFORMATION_CLASS.TokenElevation, pTokenElevation,
cbTokenElevation, out cbTokenElevation))
{
// When the process is run on operating systems prior to Windows
// Vista, GetTokenInformation returns false with the error code
// ERROR_INVALID_PARAMETER because TokenElevation is not supported
// on those operating systems.
throw new Win32Exception();
}
// Marshal the TOKEN_ELEVATION struct from native to .NET object.
TOKEN_ELEVATION elevation = (TOKEN_ELEVATION)Marshal.PtrToStructure(
pTokenElevation, typeof(TOKEN_ELEVATION));
// TOKEN_ELEVATION.TokenIsElevated is a non-zero value if the token
// has elevated privileges; otherwise, a zero value.
fIsElevated = (elevation.TokenIsElevated != 0);
}
finally
{
// Centralized cleanup for all allocated resources.
if (hToken != null)
{
hToken.Close();
hToken = null;
}
if (pTokenElevation != IntPtr.Zero)
{
Marshal.FreeHGlobal(pTokenElevation);
pTokenElevation = IntPtr.Zero;
cbTokenElevation = 0;
}
}
return(fIsElevated);
}
static extern bool GetTokenInformation(TokenHandle TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, ref TOKEN_ELEVATION TokenInformation, int TokenInformationLength, out int ReturnLength);
