A few of the applications that we write and use may need administrative capabilities to perform and complete the requests. To install the application we can ensure to have it wrapped into a Windows Installer (MSI) shell so that this requirement is taken care of. But how would we deal the same with respect to day to day use of the executable?
This quick utility demonstrates two perspectives of dealing with this issue:
- Having an Application Manifest that stipulates the need for administrative access.
- Having an Assert Permission Demand as a pre-requisite for the application to run.
- A quick manual check as a first step in the application.
For the project that you want to add 'Require Administrative' access, add an
App.manifest file with the following directive amended:
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
The constructor of the class which needs elevated permission should read as
[SecurityPermission(SecurityAction.Demand, Flags = SecurityPermissionFlag.AllFlags)]
Additionally, I am doing a quick check
WindowsPrincipal of the logged on user and whether he is part of administrator.
Please note that the first step of
App.Manifest would trigger the UAC alert if enabled. If UAC is disabled then there is a most likely chance that this step can be bypassed. However then our contingency checks in (2) and (3) can chip and help us out.
This brief tip/article has the following objectives to convey to a beginner .NET developer to focus on robust applications that conform to Windows Security and responsive enough to user permission requirements.