.NET Framework security issue

Question

When I run my application on my friend's Windows 7 computer, I get a .NET security error.

Here is a screenshot

alt text http://img707.imageshack.us/img707/1340/94161244.png

and here is manifest

<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <assemblyIdentity version="1.0.0.0" name="Myapp.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <!-- UAC Manifest Options
            If you want to change the Windows User Account Control level replace the 
            requestedExecutionLevel node with one of the following.

        <requestedExecutionLevel  level="asInvoker" uiAccess="false" />
        <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />
        <requestedExecutionLevel  level="highestAvailable" uiAccess="false" />

            If you want to utilize File and Registry Virtualization for backward 
            compatibility then delete the requestedExecutionLevel node.
        -->
        <requestedExecutionLevel level="asInvoker" uiAccess="false" />
      </requestedPrivileges>
    </security>
  </trustInfo>
</asmv1:assembly>

How can i fix this in visual basic 2010 ?

thanks

EDIT: I made a temporary fix like this

    Private Sub MyApplication_Startup(ByVal sender As Object, ByVal e As Microsoft.VisualBasic.ApplicationServices.StartupEventArgs) Handles Me.Startup

            Dim a As New WindowsPrincipal(WindowsIdentity.GetCurrent())
            If Not a.IsInRole(WindowsBuiltInRole.Administrator) Then
                MsgBox("Please Run the application as administrator")
                e.Cancel = True
            End If

End Sub

EDIT 2: I also realized that my friend's win 7 is kinda broken, it does not even load SSL certf. of the web pages. weird

Answer 1

Please change,

this line

<requestedExecutionLevel level="asInvoker" uiAccess="false" /> 

Into

<requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />

in your manifest file.

Answer 2

Have you tried adding a security demand on the method for the specified key, I think this causes UAC to kick in if needed. Change the Write attribute to whatever key you're accessing.

    <System.Security.Permissions.RegistryPermission(Security.Permissions.SecurityAction.Demand, Write:="HKLM\Software")> _
Private Shared Sub Bob()

End Sub

Or adding this to your AssemblyInfo.vb:

<Assembly: System.Security.Permissions.RegistryPermission(Security.Permissions.SecurityAction.RequestMinimum, ViewAndModify:="HKLM\Software")> 

Answer 3

Do you need to write or read from the common appdata registry?

• If you only need to read: Change your code such that your RegistryKey only requires read-only permissions.

• If you need to write: Only administrators can write to HKEY_LOCAL_MACHINE, which is where the common appdata resides. Thus, your application will require administrative permissions, which requires elevation in Windows Vista or 7. At this point, you should again make a decision:

  • If it is really important that this data is shared between users and it's OK that only admins can use your software: Start your application with Right-mouse-button/Run as administrator or add a manifest as suggested by Rubens.

  • If it's OK for the data to be stored per user, use Application.UserAppDataRegistry instead.

Answer 4

Please, take a look here: Demand UAC elevation for an application by adding a manifest using mt.exe