Admin rights for a single method

Asked 7/1, 2010 at 16:24 Answered 7/1, 2010 at 16:31

Is it possible to require administrator rights for one single method?

Something like this:

[RequireAdminRightsForThisMethod()]

private void TheMethod(){

    // Do something

}

Cynewulf answered 7/1, 2010 at 16:24 Comment(9)

Take a gander here: omegacoder.com/?p=82 – Hagy 7/1, 2010 at 16:27

What would you want it to do? – Nisan 7/1, 2010 at 16:29

Just a note: If someone gives you an answer with WindowsIdentity.GetCurrent() or the like that this will only work for winforms off the bat, not web pages. – Frication 7/1, 2010 at 16:30

74.125.47.132/search?q=cache:BcnrvCZth5EJ:www.omegacoder.com/… – Iqbal 7/1, 2010 at 16:32

I want the fire UAC to ask for permissions when the applications executes one method. – Cynewulf 7/1, 2010 at 16:32

This avoids the method if the applications does not have permissions. I need to launch the UAC to ask for administrator permissions. – Cynewulf 7/1, 2010 at 16:33

You can't do that automatically. – Nisan 7/1, 2010 at 16:33

Thanks to everyone. Finally I will restart the application asking for administrator permissions when I need to copy updated files. – Cynewulf 22/7, 2010 at 17:26

any help for #8714495 ? :( – Raby 3/1, 2012 at 15:25

You can add a PrincipalPermission attribute to your method to demand administrative privileges for its execution:

[PrincipalPermission(SecurityAction.Demand, Role = @"BUILTIN\Administrators")]
public void MyMethod()
{
}

This is described in more detail in the following article:

Security Principles and Local Admin Rights in C# .Net

If you are looking for a way to elevate an already existing process I doubt that this is possible as administrator privileges are given on process-level to a process upon startup (see this related question). You would have to run your application "as administrator" to get the desired behavior.

However, there are some tricks that might allow you to do what you want, but be warned that this might open up severe security risks. See the following thread in the MSDN forums:

Launching MyElevatedCom Server without prompting Administrator credentialls from Standard User

Update (from comment)

It seems that if an update requires elevation your application update is best done by a separate process (either another executable, or your application called with a command line switch). For that separate process you can request elevation as follows:

var psi = new ProcessStartInfo();
psi.FileName = "path to update.exe";
psi.Arguments = "arguments for update.exe";
psi.Verb = "runas";

var process = new Process();
process.StartInfo = psi;
process.Start();   
process.WaitForExit();

Highland answered 7/1, 2010 at 16:31 Comment(9)

It is possible if you have credentials to change the thread to impersonate those admin credentials. I haven't done it in .NET, but I have in C++/Win32. – Antre 7/1, 2010 at 16:49

@kenny: Yes, that's surely true, but I doubt that it is possible to elevate the current process (which would be required for certain tasks). See the discussion here: social.msdn.microsoft.com/Forums/en-IE/windowscompatibility/…. – Highland 7/1, 2010 at 16:54

The reason I need that is because when the application has an update it needs to copy files to the application folder. I couln't do this without administrator rights. What I want is to fire the UAC when the "CoppyFiles()" method is called. Hope this helps to understand my question. – Cynewulf 7/1, 2010 at 16:58

@lluis you know you could use the directoryservices object / namespace and check if the user is an administrator then implement the rest of the program...meaning if(admin)//do this else //dont do this – Hagy 7/1, 2010 at 17:1

Thanks to everyone. I will restart the application asking for administrator permissions when I need to copy updated files. – Cynewulf 7/1, 2010 at 17:15

any help for #8714495 :( – Raby 3/1, 2012 at 15:25

Throws Request for principal permission failed. I'm using WPF & trying to write a file inside Program Files. – Hosbein 2/3, 2015 at 5:24

@MangeshGhotage: The request will only work if you run elevated. – Highland 2/3, 2015 at 11:27

Seems like this answer is no longer valid: Principal is obsolete and no longer honored by the runtime. – Misquotation 2/3, 2021 at 23:21

A method can require administrative privileges to run, but it's not possible to automatically elevate to Admin when executing a method.

Nisan answered 7/1, 2010 at 16:27 Comment(1)

But if we elevate the whole application using admin, then that application can access admin folders through browse window? So, if we can only elevate that function with admin credentials through program(c#), that would be helpful. Any suggestions ? – Drawer 27/12, 2018 at 8:23

Recommended topics

Hot tags