70

Is it possible to require administrator rights for one single method?

Something like this:

[RequireAdminRightsForThisMethod()]

private void TheMethod(){

    // Do something

}
H.B.
  • 166,899
  • 29
  • 327
  • 400
llullulluis
  • 3,472
  • 3
  • 27
  • 30

2 Answers2

88

You can add a PrincipalPermission attribute to your method to demand administrative privileges for its execution:

[PrincipalPermission(SecurityAction.Demand, Role = @"BUILTIN\Administrators")]
public void MyMethod()
{
}

This is described in more detail in the following article:

Security Principles and Local Admin Rights in C# .Net

If you are looking for a way to elevate an already existing process I doubt that this is possible as administrator privileges are given on process-level to a process upon startup (see this related question). You would have to run your application "as administrator" to get the desired behavior.

However, there are some tricks that might allow you to do what you want, but be warned that this might open up severe security risks. See the following thread in the MSDN forums:

Launching MyElevatedCom Server without prompting Administrator credentialls from Standard User

Update (from comment)

It seems that if an update requires elevation your application update is best done by a separate process (either another executable, or your application called with a command line switch). For that separate process you can request elevation as follows:

var psi = new ProcessStartInfo();
psi.FileName = "path to update.exe";
psi.Arguments = "arguments for update.exe";
psi.Verb = "runas";

var process = new Process();
process.StartInfo = psi;
process.Start();   
process.WaitForExit();
Community
  • 1
  • 1
Dirk Vollmar
  • 172,527
  • 53
  • 255
  • 316
  • It is possible if you have credentials to change the thread to impersonate those admin credentials. I haven't done it in .NET, but I have in C++/Win32. – kenny Jan 07 '10 at 16:49
  • @kenny: Yes, that's surely true, but I doubt that it is possible to elevate the current process (which would be required for certain tasks). See the discussion here: http://social.msdn.microsoft.com/Forums/en-IE/windowscompatibility/thread/831ffd77-6bc4-4857-9947-d74923184b0b. – Dirk Vollmar Jan 07 '10 at 16:54
  • The reason I need that is because when the application has an update it needs to copy files to the application folder. I couln't do this without administrator rights. What I want is to fire the UAC when the "CoppyFiles()" method is called. Hope this helps to understand my question. – llullulluis Jan 07 '10 at 16:58
  • @lluis you know you could use the directoryservices object / namespace and check if the user is an administrator then implement the rest of the program...meaning if(admin)//do this else //dont do this – JonH Jan 07 '10 at 17:01
  • Thanks to everyone. I will restart the application asking for administrator permissions when I need to copy updated files. – llullulluis Jan 07 '10 at 17:15
  • any help for http://stackoverflow.com/questions/8713995/c-sharp-delete-folder-from-registry-permission-issues :( – Sangram Nandkhile Jan 03 '12 at 15:25
  • 1
    Throws `Request for principal permission failed.` I'm using WPF & trying to write a file inside `Program Files`. – Mangesh Mar 02 '15 at 05:24
  • @MangeshGhotage: The request will only work if you run elevated. – Dirk Vollmar Mar 02 '15 at 11:27
  • Seems like this answer is no longer valid: Principal is obsolete and no longer honored by the runtime. – Kot Mar 02 '21 at 23:21
16

A method can require administrative privileges to run, but it's not possible to automatically elevate to Admin when executing a method.

SLaks
  • 868,454
  • 176
  • 1,908
  • 1,964
  • But if we elevate the whole application using admin, then that application can access admin folders through browse window? So, if we can only elevate that function with admin credentials through program(c#), that would be helpful. Any suggestions ? – Susarla Nikhilesh Dec 27 '18 at 08:23