0

When my application starts I run some code to encrypt certain connection strings in my config file(s). The config files are located in the installation directory in "C:\Program Files (x86)\myapplication".

When the user starting the application is not an admin (which is always the case) the application gives an error because it cannot edit a file in program files if not an admin.

I have some difficulties in trying to impersonate an admin user. I tried some different approaches I found on the net but with no success.

I hope someone can provide me with a way of achieving this.

What I DON'T want is a prompt for an admin user to login, or change the config file's manifest to require admin privileges to continue. I DO want to temporarily gain admin access (impersonate admin) to encrypt\modify the config file and then continue as the real user.

NickGames
  • 312
  • 1
  • 18
  • 3
    Wouldn't you rather start off with encrypted settings that are *decrypted* on startup? Encrypting them on startup seems, well, too late anyway, even if the file was writable. This sounds like the sort of thing that should become part of your installation -- either encrypt things there, or ensure the configuration can live in a writable location (AppData and such). Giving the application to ability to elevate to write to protected locations seems like trouble waiting to happen. – Jeroen Mostert Oct 10 '19 at 12:04
  • 1
    Perhaps you should be using user settings: [Using Application Settings and User Settings](https://learn.microsoft.com/en-us/dotnet/framework/winforms/advanced/using-application-settings-and-user-settings). – Andrew Morton Oct 10 '19 at 12:06
  • @JeroenMostert The problem here is that our Administrator has to be able to replace the config files (for example when a connection string changes). So when he replaces a config file on the user's PC the application has to encrypt the new connection strings again on application startup. – NickGames Oct 10 '19 at 12:28
  • @AndrewMorton thanks for your suggestion but I am not allowed to move our configuration settings. We have to keep our config files on the current location and cannot change the application to use User Settings instead – NickGames Oct 10 '19 at 12:31
  • 1
    You could give the administrator a tool to pre-encrypt the file before replacing it, or immediately afterwards (that tool could be the application itself, if it used command line arguments to act differently, so it could be invoked through, say, Group Policy or a scheduled task). If you ask the administrator, I should hope they wouldn't mind the slight additional complication compared to having the application run as an administrator itself, which would require embedding credentials somewhere and is hard if not impossible to keep secure. – Jeroen Mostert Oct 10 '19 at 12:33
  • @JeroenMostert Thanks for your suggestion. I consider this a viable option, but is there no other way of achieving this in the application's code? – NickGames Oct 10 '19 at 12:44
  • There certainly is no *secure* way of doing it. You can certainly do things like described in [this question](https://stackoverflow.com/q/4624113/4137916) to have the application launch itself (again, with some command line parameters to tell it to just encrypt the file and exit) but this will still require embedding admin credentials, which is a big security hole -- you give a sufficiently crafty end user the ability to become an administrator. Using [impersonation](https://stackoverflow.com/q/125341/4137916) is also possible, but that's even trickier (and *still* insecure). – Jeroen Mostert Oct 10 '19 at 12:50
  • Essentially, keep in mind that "I will have the application temporarily impersonate an administrator" is almost the same thing as saying "I'll embed an escalation of privilege vulnerability right in my application and hope nobody will ever take the time to exploit it". That may be safe in small environments with trusted people, but it's much better to take the opportunity to practice secure habits. – Jeroen Mostert Oct 10 '19 at 12:52
  • @NickGames Perhaps you can make a business proposition, to whoever says the settings can't be moved, for locating (some part of) the settings where they can be modified with normal user-level access rights instead of adding a security problem. – Andrew Morton Oct 10 '19 at 13:09

0 Answers0