CODEWITHSUNDEEP
vb.netclickonceimpersonation
jmease
jmease

Reputation: 23

Run ClickOnce Application as Administrator

I have a vb.net clickonce application that will be used by low-level personnel with no administrator accesses. However, the application itself needs to save files to a folder on the server that is hidden and only allows read/write access to administrators. I need for these users to be able to interact with this folder using the application without giving them the ability to browse to the folder on their own. I've tried using several impersonation techniques, none have worked.

http://weblogs.asp.net/ralfw/archive/2003/11/24/39479.aspx is one that I've tried. It still says access is denied even though when I run Return System.Security.Principal.WindowsIdentity.GetCurrent().Name it returns the administrator credentials.

I've tried creating another application that simply does a StartProcess using administrator credentials, but the file i'm trying to launch is a .application and not a .exe so I get a "The specified executable is not a valid application for this OS platform" error. 

Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
    Dim file_name As String = "file path to .application file"

    Dim p As New ProcessStartInfo(file_name)
    p.UseShellExecute = False
    p.Domain = "domain"
    p.UserName = "administrator"
    p.Password = New System.Security.SecureString()
    For Each c As Char In "password"
        p.Password.AppendChar(c)
    Next
    Process.Start(p)

End Sub

I've tried doing a StartProcess for Internet Explorer and providing an argument the url to the .application file which works until I try to supply credentials other than my own and I get a "cannot find file" error. If I remove everything from p.Username to Next, the application opens, but as the user and not administrator. Below is code for that attempt.

Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

    Dim p As New ProcessStartInfo(My.Computer.FileSystem.SpecialDirectories.ProgramFiles + "\Internet Explorer\IEXPLORE.EXE")
    p.UseShellExecute = False
    p.Domain = "domain"
    p.UserName = "administrator"
    p.Password = New System.Security.SecureString()
    For Each c As Char In "password"
        p.Password.AppendChar(c)
    Next

    p.Arguments = ("URL to .application file")
    Process.Start(p)

End Sub

I am at an absolute loss as to how to have this application run as admin so users can view files and save files to this protected location using only this application.

Upvotes: 0

Views: 6936

Answers (2)

RobinDotNet
RobinDotNet

Reputation: 11877

You can't elevate permissions on a ClickOnce application, and it can't do anything that requires administrative privileges. The idea of a WCF service is interesting. The only other thing you can do is include an exe file in your deployment that does what you want it to do, and run it with elevated privileges from the ClickOnce app.

Yes, that's right, you can't run a ClickOnce app with elevated privileges, but it can kick off a process that can then elevate privileges itself.

Upvotes: 3

Tridus
Tridus

Reputation: 5081

This sounds like a great candidate for a WCF (or some other type) service on the server. That would provide methods to do what you want. The client app would call the service and say "put this file on the server", and the service code is what actually saves it. Since it's running on the server the service's user account can have the necessary privileges without any of the client side permission issues you're facing now. The client users wouldn't need any privileges at all except the ability to connect to the service.

The other upside is that you don't have an admin account password in your client app using this method, which will remove a rather serious security concern.

Upvotes: 0

Related Questions