Detecting if an application is running as an elevated process, and spawning a new process using elevated permissions
Recently I was writing some code to allow a program to register
itself to start with Windows for all users. On Windows 7 with
User Account Control (UAC) enabled, trying to write to the
relevant registry key without having elevated permissions throws
an UnauthorizedAccessException
exception. If you want to make
these sorts of modifications to a system, the application needs
to be running as an administrator.
Checking if your application is running with elevated permissions
To check if your application is currently running with elevated
permissions, you simply need to see if the current user belongs
to the Administrator
user group.
// Requires "using System.Security.Principal;"
public bool IsElevated
{
get
{
return new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator);
}
}
public void SomeMethod()
{
if (this.IsElevated)
{
// running as administrator
}
}
Running an application as an administrator
While it might be possible to elevate your applications process
via the LogonUser
API, this requires user names and passwords,
and isn't a trivial task. So we'll ignore this approach in
favour of something much more simplistic and less likely to go
wrong, not to mention not requiring admin passwords.
You're probably already aware that there are various "verbs"
predefined for dealing with specific actions relating to
interaction with a file, such as print
and open
. While these
verbs are normally configured on file associations in the
Windows Registry, you can also force a process to be run under
the administration account by specifying the runas
verb.
Note: Specifying this verb in Windows XP displays a dialog allowing a user to be selected. Unfortunately this means that it's possible for the spawned application to not have the required permissions either - remember to check that you have permission to do an action before actually attempting it!
For my scenario, the core application shouldn't need to run in elevated mode, so I decided to create a generic stub program which would accept a number of arguments for if the startup program should be registered or unregistered, and the title and location used to perform the action. Then the main application simply spawned this process in administration mode to apply the users choice.
ProcessStartInfo startInfo;
startInfo = new ProcessStartInfo();
startInfo.FileName = Path.Combine(Path.GetDirectoryName(Application.ExecutablePath), "regstart.exe"); // replace with your filename
startInfo.Arguments = string.Empty; // if you need to pass any command line arguments to your stub, enter them here
startInfo.UseShellExecute = true;
startInfo.Verb = "runas";
Process.Start(startInfo);
Note: Although I haven't included it in the example above, you may wish to handle the
Win32Exception
that can be thrown by theProcess.Start
method. If the user cancels the UAC prompt, this exception will be automatically thrown with theERROR_CANCELLED
(1223) error code.
With the runas
verb specified, the application is now run in
elevated mode, and the operating system asks the user for
permission to continue. Unfortunately, if your application isn't
signed, then you get a scarier version of the prompt, as
displayed above. If your application is signed, then you'll get
something similar to the screenshot below.
Update History
- 2011-11-27 - First published
- 2020-11-21 - Updated formatting
Leave a Comment
While we appreciate comments from our users, please follow our posting guidelines. Have you tried the Cyotek Forums for support from Cyotek and the community?
Comments
DotNetKicks.com
#
[b]Detecting and running applications under elevated permissions with C#[/b] You've been kicked (a good thing) - Trackback from DotNetKicks.com
DotNetShoutout
#
[b]Detecting if an application is running as an elevated process, and spawning a new process using elevated permissions[/b] Thank you for submitting this cool story - Trackback from DotNetShoutout