views:

445

answers:

3

I am writing an IE Extension (BHO) in C#. When run in protected mode (IE's new UAC-compliant mode which forces all extensions to run at low-integrity), it fails because it cannot access user.config in the appdata folder.

Is there some way to mark files are readable by lower-integrity processes?

Failing that, is there some way to force the BHO to run at medium-level integrity?

Failing that, is there some way to create a low-integrity symlink in the low-integrity folders which points to a medium-integrity file in AppData?

Failing that, is there some way to force the application to use a user.config file in the LocalLow folder? How do I get the path for this folder in .net (it's not listed under Environment.SpecialFolder)? Will I be able to fall back with users running XP or who turn protected mode off, without losing all their user.config data?

A: 

I suggest you to write your own SettingsProvider that saves files in System.IO.IsolatedStorage.

Sheng Jiang 蒋晟
+2  A: 

There's one approach that is not especially elegant but you can start another (broker)process with medium level integrity which can do the 'dirty work' and use IPC to communicate with it. To make your life easier I would suggest you to use sockets for communication because they don't require security check which can be tricky when you have communication between processes with different integrity levels.

In order to skip UAC warning when you spawn new process you can modify BHO registration script and add few registry values that will inform IE to silently elevate new process to medium level.

You can find more information here: http://msdn.microsoft.com/en-us/library/bb250462(VS.85).aspx#wpm_elebp

Mladen Jankovic
lovely, yet another MS hack to allow a low trust app to start a higher trust app.
David
@David: Except you needed High Trust to install the BHO in the first place.
Billy ONeal
A: 

I would start with the Protected Mode Internet Explorer Reference.

Luke
The user.config is in a high-integrity folder, this only gives you access to low-integrity folders.
BlueRaja - Danny Pflughoeft