Geek Answers Handbook

How to display a UAC prompt to save a file in a limited place using C #?

When a user saves a file from my application, they currently cannot save to limited places (e.g. C :). I think this is a good restriction, but I would like to provide a UAC invitation to elevate privileges and allow the user to save in a limited area.

I saw many answers on this topic that include creating a new process with elevated privileges using "runas". In addition, it seems that this can be done by impersonating another user. From what I understand, both of these methods require the user to provide user credentials.

What I want to do is basically what Windows itself does. When you try to copy a file to C: \ on Windows 7 (if you have UAC installed at the default level), you will receive the following prompt:

UAC Prompt

As soon as you click the Continue button with the UAC screen, the file will be copied to C: \ without prompting for credentials (provided that you are logged in with administrator rights).

How can I reproduce this behavior in my application for admin users? They do not need to impersonate another user, as they already have administrator privileges. Can someone provide detailed information on what Windows does during this process? Do they spawn a new privileged explorer.exe process?

+7
source share
3 answers

You need to do what Windows does. And create a new process that will work with elevated rights. There are no shortcuts. The token that is issued when the process starts determines what rights this process has. This token cannot be changed after the process starts. If you need to raise, you need a new process.

I saw many answers on this topic that include creating a new process with elevated privileges using "runas". In addition, it seems that this can be done by impersonating another user. From what I understand, both of these methods require the user to provide user credentials.

No, it is not. If the current user is not an administrator, then the new credentials of a user who has administrator rights will be requested in the UAC dialog box. This is a leverage UAC dialog with leverage. On the other hand, if the current user is an administrator, then they just get the consent dialog. This is a dialog box shown on a secure desktop and just asks you to click Continue.

The only thing that Windows components you cannot do is start the process without specifying a consent dialog. This only happens in Windows 7 (but not in Vista), and only if you have the UAC option in the new default setting that was added in Windows 7. The way Explorer can display the dialog box that you included in the question and then start a process with a higher priority for copying without displaying the UAC consent dialog box. This feature is provided only to Windows components.

But the bottom line is that you need to start a new process that works with a higher level. Using the verb runas is the canonical way to do this.

+5
source

Elevated Privilege / UAC Programming

Running applications with more privileges than required is against the principle of least privilege and could have a potential security vulnerability. To protect this, Windows Vista introduces a User Control Account (UAC) to protect the operating system by running applications with reduced privileges (as a regular user), even the current user signs up as an administrator. More and more XP / 2K users are also using a regular user account for daily use. Read UAC Demystified first fully understand UAC.

There are two common mistakes developers tend to make:

  • Ask the end user to run the application with administrator privileges even though this is not necessary, most of the time due to poor practice design. These applications either scare away end users or potentially a security vulnerability.
  • Do not ask the end user to run the application, but try to perform operations that require administrator privilege. These applications simply break down under Windows Vista or Windows XP / 2K regular user account.

The downloadable code sample demonstrates how to program elevated privileges / UAC. Sample WPF and Windows Forms applications provided. Run the application for the following scenarios to see the difference:

  • General user, Windows XP / Windows Vista: UAC screen icon is displayed. By clicking "Save to C: \", the "Run as" dialog box appears, the user enters the administrator password to continue;
  • Administrator, Windows XP / Windows Vista with UAC Disabled: UAC screen icon is hidden. Clicking "Save to C: \" completed without any dialogue;
  • Administrator, Windows Vista with UAC Enabled: The UAC screen icon is displayed. When you click the "Save to C: \" button, a dialog box appears asking users for permission to continue.

Download link

Call for increased execution (first check for administrator):

 private void SaveToRootFolder_Click(object sender, EventArgs e) { string fileName = @"C:\Test.txt"; if (App.IsAdmin) DoSaveFile(textBox1.Text, textBox2.Text, fileName); else { NameValueCollection parameters = new NameValueCollection(); parameters.Add("Text1", textBox1.Text); parameters.Add("Text2", textBox2.Text); parameters.Add("FileName", fileName); string result = Program.ElevatedExecute(parameters); if (!string.IsNullOrEmpty(result)) MessageBox.Show(result); } }

Enhanced Performance:

 internal static string ElevatedExecute(NameValueCollection parameters) { string tempFile = Path.GetTempFileName(); File.WriteAllText(tempFile, ConstructQueryString(parameters)); try { ProcessStartInfo startInfo = new ProcessStartInfo(); startInfo.UseShellExecute = true; startInfo.WorkingDirectory = Environment.CurrentDirectory; Uri uri = new Uri(Assembly.GetExecutingAssembly().GetName().CodeBase); startInfo.FileName = uri.LocalPath; startInfo.Arguments = "\"" + tempFile + "\""; startInfo.Verb = "runas"; Process p = Process.Start(startInfo); p.WaitForExit(); return File.ReadAllText(tempFile); } catch (Win32Exception exception) { return exception.Message; } finally { File.Delete(tempFile); } }
+6
source

A limited option, useful only when moving, renaming, copying, and deleting files:

SHFileOperation

If you try to perform a file operation using this function, Windows will provide the user with a height request.

Please note that there are some disadvantages to this:

  • This only works for moving, renaming, copying and deleting. Saving a new file in this way would require saving to a temporary directory, and then moving it to the right place. This does not solve the problem with the Save File dialog box, not allowing you to select a secure UAC location as the target.
  • If the target directory does not exist (for moving or copying), SHFileOperation can ask the user if the target directory should be created. However, it will not request elevated privileges to do this, and this will fail in the secure location of the UAC. A workaround for this is to manually create non-existent directories at a temporary location and then move / copy them to the target location. This WILL provides a UAC invitation.
  • You need to have contingency plans if the user selects Skip or Cancel in the Move / Copy dialog box, or if the user selects No at the UAC prompt.
+1
source

More articles:


All Articles