Click here to Skip to main content
13,453,767 members (43,973 online)
Rate this:
Please Sign up or sign in to vote.
Hi all,
I've a question for you:
I've developed a WPF Application and created it's setup file (with the visual studio installer tool).
Now i've a problem:
My application needs to use (read and write) some files.
Every attempt to access to these files fails (Access denied).
These files stay in the application folder (C:\\Programs files\Application Folder...) but can stay in other paths (Desktop or User folder).
If I start application with administrator rights i have access only at files in C:\\program files\application folder ...
How the application gets the rights for the other files access?
Sorry for my poor english :(
Thanks a lot,
Posted 3-Oct-12 7:57am
Your English is good enough to understand your concerns, thank you; your intentions are somewhat questionable, but I thing I answered you in a constructive way, please see.

1 solution

Rate this: bad
Please Sign up or sign in to vote.

Solution 1

You can simply act as an administrator and modify permissions of the file system objects in question, that the application will be able to access them with its default permissions. But would it be good to do so? I would answer: it's no good at all. So, how else you can add extra permissions?

The application cannot possible get more rights than the user who starts the application. The best you can do to get more rights is to request administrative privileges by the application itself, assuming that the user account already has administrative rights. With Windows 7, just logging as Administrator is not enough to give any application administrative permission. Additionally, such user should request of just confirm this when given a UAC "Do you want to allow…" message box by the OS, to elevate the application permission to administrative level. This is explained here:[^].

From the user standpoint, there are different ways to do it:[^].

All the application can do is to request the elevated permission from the very beginning. In this case, the user will see the UAC dialog immediately and will be confirm or deny the request when the application is about to be finally loaded for execution. This option be prescribed in the application manifest. Whatever you do, there is no a way to bypass the user confirmation with the UAC dialog, unless you reduce the safety level of the system in general.

Please see how can you request the elevation using the manifest:[^].

(Credit to Abhinav who provided the reference above, but unfortunately did not interpret its effect correctly; it does really elevate the privileges, only requests.)

Here is how you can disable or turn off UAC in Windows 7:[^].

I strongly recommend to avoid doing it.

However, instructions to "disable UAC for certain applications" circulate. Please see:[^].

And my final advice is: better avoid it. It's the best for the application to use only file system object placed in predefined legitimate directories. For read-only access, it could be the executable directory, or its sub-directory, but for read-write access, it should be one of the "special directories" predefined per user account, or the one for "all users". The .NET libraries provides standard ways to determine the location of these directories.

I provide complete code and explanation of how to find these directories in my past answers. Please see:
How to find my programs directory[^] (executable directory),
How to find my programs directory[^] ("special" directories).

Again, best security is to avoid violation of the principles of best safety practices.


This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy |
Web02 | 2.8.180318.3 | Last Updated 3 Oct 2012
Copyright © CodeProject, 1999-2018
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100