0

I am developing windows desktop application in vb.net/c# to install on Windows 7.

( I am not going to use any internet service for this, it will be stand-alone application for desktop with 2 users, Admin and Regular user.)

I want to write program,where my application can read the files/folders which needs admin rights.

The application will install on the regular users account, regular user can not access restricted file location but this application should able to read these files.

I want to pass the credential through code, as you can see below if user trying to access the admin file/folder it ask for the credentials.

enter image description here

I want to read the files and folders through code, by sending credentials (Username and password) by code only.

how to do this ?

Community
  • 1
  • 1
bnil
  • 1,531
  • 6
  • 35
  • 68
  • Given that you are supplying the user with a mechanism to read these files, why not just give the users read-access to the relevant files? You could do what you want with Impersonation, and using the Data Protection API to securely store the password, but that seems a lot more effort... – RB. Dec 09 '16 at 16:52
  • The problem is , user may copy or transfer the files. Using this I can show only req. data not all stuff. Its client req. :) – bnil Dec 09 '16 at 18:19
  • Understood - in that case research impersonation (to run as the prviileged user temporarily) and DPAPI (to secure the password) :-) – RB. Dec 09 '16 at 18:27

1 Answers1

0

First of all, be aware that if you hard-code a password in your program it is not secure. Passwords can be extracted from your compiled executable. Obfuscators can slow down a determined attacker, but cannot halt them indefinitely.

Moving on to your actual question... in order to access protected files, you need a program running as an administrator or some other privileged user account. What I've done in the past is just launch another copy of my own application using a command-line argument that tells it to do administrator stuff. The verb "runas" means to run the program as Administrator. Windows will ask for the password as needed:

var startInfo = new ProcessStartInfo("myprogram.exe");
startInfo.Arguments = "do_admin_stuff";
startInfo.UseShellExecute = true;
startInfo.Verb = "runas";
Process.Start(startInfo);

You can pass information back to your original process using WCF, or temp files, or whatever other method is easiest for you.

If you actually want to hard-code a specific username and password into your application then you could try reading the solution to this similar question about starting a process as another user.

Community
  • 1
  • 1
RogerN
  • 3,761
  • 11
  • 18
  • Total agree, but sometimes it just have to get done. Its clients req. :) I want to pass username and password in code only. user should not know the password, what changes I have to make in your code ? I have saw the ref. question you have mentioned, but cant find the `.Username` property while adding that code in my application. – bnil Dec 09 '16 at 18:38
  • I did the runas verb thing before, and I did combine it with and command line argument check (like the do_admin_stuff) to make sure it only got admin rights if needed. Worked like a charm :-) – Cleptus Dec 09 '16 at 18:55
  • OK...but I am wondering if I don't pass username and password it will prompt for it and I don't want to user should know the password. It should be at background. Have you use the `.username` property in your code ? because right now I cant find `.username` property in `ProcessStartInfo` – bnil Dec 09 '16 at 18:59
  • The `UserName` property of `ProcessStartInfo` has been available since version 2.0 of the .NET Framework. Are you targeting a really old framework? – RogerN Dec 09 '16 at 19:02
  • Sorry, its my mistake, actually I am following 2 solutions right now, so... I apologize for it... Working on it, let you know in sometime... – bnil Dec 09 '16 at 19:15