在 C# 中为 Windows 7 和 Xp Sp3 控制 Windows 防火墙

Posted

技术标签:

【中文标题】在 C# 中为 Windows 7 和 Xp Sp3 控制 Windows 防火墙【英文标题】:Controlling Windows Firewall in C# for Windows 7 and Xp Sp3 【发布时间】:2012-04-04 16:54:43 【问题描述】:

我这里有一个在 Windows 7 中完美运行的代码,我从 this 帖子中获得了帮助......

在 Win Xp Sp3 PC 上编译相同的代码时会出现问题。它没有出现......说接口丢失(错误)......

我似乎无法弄清楚。我再次添加了对 windows xp 的 hnetcfg.dll(COM APi 参考)的引用(在 windows 7 中,我必须添加其他 dll“FirewallAPi.dll”)到项目

using NATUPNPLib;
using NETCONLib;
using NetFwTypeLib;

但是接口和其他类仍然对 VS 不可见

请原谅发布整个代码

防火墙管理器

using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Runtime.InteropServices;
using NATUPNPLib;
using NETCONLib;
using NetFwTypeLib;

namespace WindowsFirewallManager

/// Allows basic access to the windows firewall API.
/// This can be used to add an exception to the windows firewall
/// exceptions list
public class FirewallHelper

    #region Variables

    /// Hooray! Singleton access.
    private static FirewallHelper instance;

    /// Interface to the firewall manager COM object
    private INetFwMgr fireWallManager = null;
    

    #endregion

    #region Properties

    /// Singleton access to the firewallhelper object.
    /// Threadsafe.
    public static FirewallHelper Instance
    
        get
        
            lock (typeof (FirewallHelper))
            
                return instance ?? (instance = new FirewallHelper());
            
        
    

    #endregion

    #region Constructivat0r

    /// Private Constructor.  
    /// If this fails, HasFirewall will return false
    private FirewallHelper()
    
        // Get the type of HNetCfg.FwMgr, or null if an error occurred
        Type fwMgrType = Type.GetTypeFromProgID("HNetCfg.FwMgr", false);

        // Assume failed.
        fireWallManager = null;

        if (fwMgrType != null)
        
            try
            
                fireWallManager =
                    (INetFwMgr) Activator.CreateInstance(fwMgrType);
            
                // In all other circumnstances, fireWallManager is null.
            catch (ArgumentException)
            
            
            catch (NotSupportedException)
            
            
            catch (TargetInvocationException)
            
            
            catch (MissingMethodException)
            
            
            catch (MethodAccessException)
            
            
            catch (MemberAccessException)
            
            
            catch (InvalidComObjectException)
            
            
            catch (COMException)
            
            
            catch (TypeLoadException)
            
            
        
    

    #endregion

    #region Helper Methods

    /// Gets whether or not the firewall is installed on this computer.
    public bool IsFirewallInstalled
    
        get
        
            return fireWallManager != null &&
                   fireWallManager.LocalPolicy != null &&
                   fireWallManager.LocalPolicy.CurrentProfile != null;
        
    

    /// Returns whether or not the firewall is enabled.
    /// If the firewall is not installed, this returns false.
    public bool IsFirewallEnabled
    
        get
        
            return IsFirewallInstalled &&
                   fireWallManager.LocalPolicy.CurrentProfile.
                       FirewallEnabled;
        
    

    /// Returns whether or not the firewall allows Application "Exceptions".
    /// If the firewall is not installed, this returns false.
    /// 
    /// 
    /// Added to allow access to this method
    public bool AppAuthorizationsAllowed
    
        get
        
            return IsFirewallInstalled &&
                   !fireWallManager.LocalPolicy.CurrentProfile.
                        ExceptionsNotAllowed;
        
    

    /// Adds an application to the list of authorized applications.
    /// If the application is already authorized, does nothing.
    /// 
    /// 
    /// The full path to the application executable.  This cannot
    /// be blank, and cannot be a relative path.
    /// 
    /// 
    /// This is the name of the application, purely for display
    /// puposes in the Microsoft Security Center.
    /// 
    /// 
    /// When applicationFullPath is null OR
    /// When appName is null.
    /// 
    /// 
    /// When applicationFullPath is blank OR
    /// When appName is blank OR
    /// applicationFullPath contains invalid path characters OR
    /// applicationFullPath is not an absolute path
    /// 
    /// 
    /// If the firewall is not installed OR
    /// If the firewall does not allow specific application 'exceptions' OR
    /// Due to an exception in COM this method could not create the
    /// necessary COM types
    /// 
    /// 
    /// If no file exists at the given applicationFullPath
    public void GrantAuthorization(string applicationFullPath,
                                   string appName,
                                   NET_FW_SCOPE_ scope,
                                   NET_FW_IP_VERSION_ ipVersion)
    
        #region  Parameter checking

        if (applicationFullPath == null)
            throw new ArgumentNullException("applicationFullPath");
        if (appName == null)
            throw new ArgumentNullException("appName");
        if (applicationFullPath.Trim().Length == 0)
            throw new ArgumentException(
                "applicationFullPath must not be blank");
        if (applicationFullPath.Trim().Length == 0)
            throw new ArgumentException("appName must not be blank");
        if (applicationFullPath.IndexOfAny(Path.InvalidPathChars) >= 0)
            throw new ArgumentException(
                "applicationFullPath must not contain invalid path characters");
        if (!Path.IsPathRooted(applicationFullPath))
            throw new ArgumentException(
                "applicationFullPath is not an absolute path");
        if (!File.Exists(applicationFullPath))
            throw new FileNotFoundException("File does not exist",
                                            applicationFullPath);

        // State checking
        if (!IsFirewallInstalled)
            throw new FirewallHelperException(
                "Cannot grant authorization: Firewall is not installed.");
        if (!AppAuthorizationsAllowed)
            throw new FirewallHelperException(
                "Application exemptions are not allowed.");

        #endregion

        if (!HasAuthorization(applicationFullPath))
        
            // Get the type of HNetCfg.FwMgr, or null if an error occurred
            Type authAppType =
                Type.GetTypeFromProgID("HNetCfg.FwAuthorizedApplication",
                                       false);

            // Assume failed.
            INetFwAuthorizedApplication appInfo = null;

            if (authAppType != null)
            
                try
                
                    appInfo =
                        (INetFwAuthorizedApplication)
                        Activator.CreateInstance(authAppType);
                
                    // In all other circumnstances, appInfo is null.
                catch (ArgumentException)
                
                
                catch (NotSupportedException)
                
                
                catch (TargetInvocationException)
                
                
                catch (MissingMethodException)
                
                
                catch (MethodAccessException)
                
                
                catch (MemberAccessException)
                
                
                catch (InvalidComObjectException)
                
                
                catch (COMException)
                
                
                catch (TypeLoadException)
                
                
            

            if (appInfo == null)
                throw new FirewallHelperException(
                    "Could not grant authorization: can't create INetFwAuthorizedApplication instance.");

            appInfo.Name = appName;
            appInfo.ProcessImageFileName = applicationFullPath;
            appInfo.Scope = scope;
            appInfo.IpVersion = ipVersion;
            appInfo.Enabled = true;
            // ...
            // Use defaults for other properties of the AuthorizedApplication COM object

            // Authorize this application
            fireWallManager.LocalPolicy.CurrentProfile.
                AuthorizedApplications.Add(appInfo);
        
        // otherwise it already has authorization so do nothing
    

    /// Removes an application to the list of authorized applications.
    /// Note that the specified application must exist or a FileNotFound
    /// exception will be thrown.
    /// If the specified application exists but does not current have
    /// authorization, this method will do nothing.
    /// 
    /// 
    /// The full path to the application executable.  This cannot
    /// be blank, and cannot be a relative path.
    /// 
    /// 
    /// When applicationFullPath is null
    /// 
    /// 
    /// When applicationFullPath is blank OR
    /// applicationFullPath contains invalid path characters OR
    /// applicationFullPath is not an absolute path
    /// 
    /// 
    /// If the firewall is not installed.
    /// 
    /// 
    /// If the specified application does not exist.
    public void RemoveAuthorization(string applicationFullPath)
    
        #region  Parameter checking

        if (applicationFullPath == null)
            throw new ArgumentNullException("applicationFullPath");
        if (applicationFullPath.Trim().Length == 0)
            throw new ArgumentException(
                "applicationFullPath must not be blank");
        if (applicationFullPath.IndexOfAny(Path.InvalidPathChars) >= 0)
            throw new ArgumentException(
                "applicationFullPath must not contain invalid path characters");
        if (!Path.IsPathRooted(applicationFullPath))
            throw new ArgumentException(
                "applicationFullPath is not an absolute path");
        if (!File.Exists(applicationFullPath))
            throw new FileNotFoundException("File does not exist",
                                            applicationFullPath);
        // State checking
        if (!IsFirewallInstalled)
            throw new FirewallHelperException(
                "Cannot remove authorization: Firewall is not installed.");

        #endregion

        if (HasAuthorization(applicationFullPath))
        
            // Remove Authorization for this application
            fireWallManager.LocalPolicy.CurrentProfile.
                AuthorizedApplications.Remove(applicationFullPath);
        
        // otherwise it does not have authorization so do nothing
    

    /// Returns whether an application is in the list of authorized applications.
    /// Note if the file does not exist, this throws a FileNotFound exception.
    /// 
    /// 
    /// The full path to the application executable.  This cannot
    /// be blank, and cannot be a relative path.
    /// 
    /// 
    /// The full path to the application executable.  This cannot
    /// be blank, and cannot be a relative path.
    /// 
    /// 
    /// When applicationFullPath is null
    /// 
    /// 
    /// When applicationFullPath is blank OR
    /// applicationFullPath contains invalid path characters OR
    /// applicationFullPath is not an absolute path
    /// 
    /// 
    /// If the firewall is not installed.
    /// 
    /// 
    /// If the specified application does not exist.
    public bool HasAuthorization(string applicationFullPath)
    
        #region  Parameter checking

        if (applicationFullPath == null)
            throw new ArgumentNullException("applicationFullPath");
        if (applicationFullPath.Trim().Length == 0)
            throw new ArgumentException(
                "applicationFullPath must not be blank");
        if (applicationFullPath.IndexOfAny(Path.InvalidPathChars) >= 0)
            throw new ArgumentException(
                "applicationFullPath must not contain invalid path characters");
        if (!Path.IsPathRooted(applicationFullPath))
            throw new ArgumentException(
                "applicationFullPath is not an absolute path");
        if (!File.Exists(applicationFullPath))
            throw new FileNotFoundException("File does not exist.",
                                            applicationFullPath);
        // State checking
        if (!IsFirewallInstalled)
            throw new FirewallHelperException(
                "Cannot remove authorization: Firewall is not installed.");

        #endregion

        // Locate Authorization for this application
        return
            GetAuthorizedAppPaths().Cast<string>().Any(
                appName =>
                appName.ToLower() == applicationFullPath.ToLower());

        // Failed to locate the given app.
    

    /// Retrieves a collection of paths to applications that are authorized.
    /// 
    /// 
    /// 
    /// If the Firewall is not installed.
    public ICollection GetAuthorizedAppPaths()
    
        // State checking
        if (!IsFirewallInstalled)
            throw new FirewallHelperException(
                "Cannot remove authorization: Firewall is not installed.");

        ArrayList list = new ArrayList();
        //  Collect the paths of all authorized applications
        foreach (
            INetFwAuthorizedApplication app in
                fireWallManager.LocalPolicy.CurrentProfile.
                    AuthorizedApplications)
            list.Add(app.ProcessImageFileName);

        return list;
    

    #endregion


异常

using System;

namespace WindowsFirewallManager

/// 
/// Describes a FirewallHelperException.
/// 
public class FirewallHelperException : Exception

    /// 
    /// Construct a new FirewallHelperException
    /// 
    /// 
    public FirewallHelperException(string message)
        : base(message)
     


如果可能,我如何使 FirewallManager 与两个操作系统版本或任何其他方式兼容

感谢您的帮助....

【问题讨论】:

【参考方案1】:

INetFwMgrINetFwMgr 的 MSDN 文章的备注部分明确提到:

Windows Vista:Windows Vista 用户必须使用在 Windows Vista 中开发的应用程序才能获得该接口的所有方法和属性。

说 INetFwMgr 接口实现在 Vista 中被替换,这是一种有点蹩脚的说法。它有一个新的 IID,因此如果您在运行 Vista 或更高版本的机器上构建程序,那么您的程序将在 XP 上失败。您需要为 XP 用户创建一个特殊的程序版本。您需要使用嵌入在 c:\windows\system32\firewallapi.dll 的 XP 版本 中的类型库来执行此操作。通过在该 DLL 上运行 tlbimp.exe 来获取互操作库。拥有一台可以启动 XP 的机器或虚拟机当然是获取该 DLL 副本并测试您的构建的好方法。

【讨论】:

以上是关于在 C# 中为 Windows 7 和 Xp Sp3 控制 Windows 防火墙的主要内容,如果未能解决你的问题,请参考以下文章

在XP SP3上禁用由IE 7引起的Windows共享拖放确认

C# 应用程序在 Windows 7 中运行,但不在 Windows XP 中

windows xp mui是啥怎么用

C# - 在 Windows 7 中为所有用户设置目录权限

有关如何在 c# 中为 Windows 7 任务栏编码所需的信息

windows xp 下无法运行 VS2013 创建的安装文件