views:

389

answers:

4

I know that user accounts in Windows 7 are limited by default, so a program cannot just write anywhere on the system (as it was possible in Win XP).

But I thought that it would be possible that e.g. a c# app is allowed to write inside it's own exe-directory or it's subfolders at least (not everything is 'user settings' or should be written to "MyDocuments"...).

So currently my c# app throws an UnauthorizedAccessException when trying to write inside the exe dir.

Is there anything you can do in c# code to allow writing inside the exe dir?

A: 

Yes, you should make sure you're program runs with admin privileges.

You can do this manually by rightclicking on the exec and click "Run as Administrator" or you can demand from code that the program runs with admin privileges.

WindowsPrincipal pricipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
bool hasAdministrativeRight = pricipal.IsInRole(WindowsBuiltInRole.Administrator);
if (!hasAdministrativeRight)
{
   RunElevated(Application.ExecutablePath);
   Environment.Exit(0);
}

private static void RunElevated(string fileName)
{
    ProcessStartInfo processInfo = new ProcessStartInfo();
    processInfo.Verb = "runas";
processInfo.FileName = fileName;
    try
    {
        Process.Start(processInfo);
    }
    catch (Win32Exception)
    {
        MessageBox.Show("Program needs administrator rights");
    }
}
Henri
Running the application under an administrative account is not a very good idea as it might be a potential security risk.
Darin Dimitrov
+4  A: 

No, if the user your application is running under doesn't have permissions to write to this folder you cannot write to it. When installing your application (probably through an MSI) you could grant the necessary rights.

You could also provide a manifest file with your application.

Darin Dimitrov
You *could* do this, but I'd wager you *shouldn't*. Denying access to that folder is done for a reason; it's very likely that there is a more sensibly recommended solution to fritz's problem.
Dan Puzey
Thanks, i could solve the problem by granting the correct rights in my setup tool. In innosetup this can be done by:[Dirs]Name: {app}; Permissions: everyone-modify;
fritz
@fritz: Note, though, that this opens a security hole, since every "normal" user can now replace your exe with something else, something evil.
Heinzi
+2  A: 

Is there anything you can do in c# code to allow writing inside the exe dir?

Yes, but this code (that changes the permissions) would need to be executed with admin permission, so you're back at the start.

In my opinion, the correct way would be to set up appropriate write permissions to a directory below C:\ProgramData (actually: Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData)) in a custom action during the installation of your software.

Heinzi
You don't need to take any action to gain Write permissions under ProgramData
Henk Holterman
@Henk: It's a bit more complicated: Yes, every (non-admin) user can create folders and files in ProgramData, but, by default, other (non-admin) users cannot modify these files, so I guess that's not what fritz needs.
Heinzi
+1  A: 

Yes.

Install the program in a location where user's have write/modify rights.

(Of course this opens you to those same users modifying your program.)

Richard