How to Request Administrator Permissions When the Program Starts

How to request administrator permissions when the program starts?

Add the following to your manifest file:

<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />

You can also use highestAvailable for the level.

Look here about embedding manifest files:

http://msdn.microsoft.com/en-us/library/bb756929.aspx

PS: If you don't have a manifest file, you can easily add a new one:

In Visual Studio, right click project -> Add Item -> Choose
Application Manifest File ( under General for Visual C# items)

The added file will already have the above part, just change the level to requireAdministrator from asInvoker

How to request administrator permissions at runtime?

As far as my research (May 9, 2021) when, there is no possible way to extend the privileges of the current program. Also see @Flydog57's comment:

You can't. If you want to get the OS UAC prompt asking the user to use his/her admin mojo when running the program, only the OS can do that for you, and it is done before your code starts. When a program starts, it gets a token that identifies the user and his/her permissions and privileges. When UAC is enabled, an admin user has a non-admin token and an admin token. As a program starts it gets one of those. Once the program starts, the token cannot change. If you need to do this, start up another process with a different token.

The only logical solution is to start a new executable/process whole together with elevated privileges. With C#, you can use System.Diagnostics.Process.

However, this might change (I have no sources, but it's a possibility) in the future.

How to make my program ask for administrator privileges on execution

 Add a manifest file into your EXE as described here:

http://msdn.microsoft.com/en-us/library/bb756929.aspx

C# How to get admin privileges AT RUNTIME

You can't change the privilege level of a currently running process. You CAN launch a new process, asking for elevated permissions. Process.Start() supports the flag "runas".

        using (Process configTool = new Process())
        {
            configTool.StartInfo.FileName = "foo.exe"
            configTool.StartInfo.Arguments = "--bar";
            configTool.StartInfo.Verb = "runas";
            configTool.Start();
            configTool.WaitForExit();
        }

See Elevating process privilege programmatically?

You could separate functions of your application into a second executable, or re-launch your application with elevated permissions with "runas".

Requesting administrator privileges at run time

Not quite, but you can do the opposite—you can drop privileges if you already have them. So, you can have your program start out running as an Administrator, using one of the methods listed by Kate Gregory. Then, drop your unneeded privileges; see Dropping privileges in C++ on Windows for how to do that.

How does a program ask for administrator privileges?

There are a number of methods depending on your needs. Some details are given in the application developer requirements for UAC.

1. Include a UAC manifest that causes your program to require administrator privileges at startup.
2. Use one of the suggested methods for invoking an elevation to run out of process. One of the nicest is to use the COM elevation moniker and CoCreateInstanceAsAdmin to call methods on a COM object running as an administrator. This is possibly tricky to get working in VB.Net. I got it working ok in C++ though
3. Another ok method is to isolate the parts of your code that need admin privileges into an application that uses a UAC manifest to require admin privileges. Your main app does not need to run as an admin in that case. When you require admin privilegese, you would invoke the external application.

How do I request admin privileges?

The app must restart itself with ProcessStartInfo Verb = "RunAs". Then close current instance (non-admin).

Admin rights for a single method

You can add a PrincipalPermission attribute to your method to demand administrative privileges for its execution:

[PrincipalPermission(SecurityAction.Demand, Role = @"BUILTIN\Administrators")]
public void MyMethod()
{
}

This is described in more detail in the following article:

Security Principles and Local Admin Rights in C# .Net

If you are looking for a way to elevate an already existing process I doubt that this is possible as administrator privileges are given on process-level to a process upon startup (see this related question). You would have to run your application "as administrator" to get the desired behavior.

However, there are some tricks that might allow you to do what you want, but be warned that this might open up severe security risks. See the following thread in the MSDN forums:

Launching MyElevatedCom Server without prompting Administrator credentialls from Standard User

Update (from comment)

It seems that if an update requires elevation your application update is best done by a separate process (either another executable, or your application called with a command line switch). For that separate process you can request elevation as follows:

var psi = new ProcessStartInfo();
psi.FileName = "path to update.exe";
psi.Arguments = "arguments for update.exe";
psi.Verb = "runas";

var process = new Process();
process.StartInfo = psi;
process.Start();   
process.WaitForExit();

---

Related Topics