Introduction

Are you using / developing applications for Windows Vista? What if your application requires administrator privileges to perform a task? (For example, probably this would happen when you develop a host application for your WCF Service). To make your application to run with privileged rights, instead of running the applications by simply double clicking or keying enter after selecting it, right click your mouse on the concerned application and select the option “Run as Administrator”. Kindly make sure that the application you run with administrator privileges are from trusted source. Similarly, when you run applications through pressing the start button in the taskbar, typing the application name and pressing Control + Shift + Enter. or  the same thing can also be permanently applied to an application or application shortcut right-clicking the shortcut/executive and selecting “Properties” option in the context menu. But the later is not recommended. The highly recommended approach is running applications with privileges only during the required situations.

See the screenshot below showing compatibility tab in properties dialog of an application installed in Vista.

Compatibility tab of the Properties dialog of an application

Why this restriction?

Usually not all users (particularly, users surfing in the internet, play games etc.,) require administrator privileges (for example, for installing an application or running an application just downloaded from internet) that potentially harmful to the system. So, only when required the rights have to be acquired by either logging as administrator or atleast getting permission from user (incase of the user is privileged). This is the major evidence of security in Windows Vista than its predecessors.

Making your .Net projects to run with privileges

Microsoft named this restriction as User Access Control (UAC). You might have noticed that some applications by default are asking administrator privileges every time they are running. If you are a .Net application developer, and when you develop applications that run in Windows Vista, you can make the applications to run in privileged mode by setting up the manifest file for your applications. Its very simple to add manifest files rightclick the project in solution explorer of Visual Studio.Net, from the menu, select Add > New item.

Add new item from Solution explorer of Visual Studio

From the add new item dialog box, select Application Manifest file and press enter. Now open the newly added app.manifest file.

Adding Manifest File to Visual Studio Project

A typical manifest file will look like this,
<?xml version=”1.0″ encoding=”utf-8″?>
<asmv1:assembly manifestVersion=”1.0″ xmlns=”urn:schemas-microsoft-com:asm.v1″ xmlns:asmv1=”urn:schemas-microsoft-com:asm.v1″ xmlns:asmv2=”urn:schemas-microsoft-com:asm.v2″ xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance”>
<assemblyIdentity version=”1.0.0.0″ name=”MyApplication.app”/>
<trustInfo xmlns=”urn:schemas-microsoft-com:asm.v2″>
<security>
<requestedPrivileges xmlns=”urn:schemas-microsoft-com:asm.v3″>
<!– UAC Manifest Options If you want to change the Windows User Account Control level replace the requestedExecutionLevel node with one of the following.
<requestedExecutionLevel  level=”asInvoker” uiAccess=”false” />
<requestedExecutionLevel  level=”requireAdministrator” uiAccess=”false” />
<requestedExecutionLevel  level=”highestAvailable” uiAccess=”false” />
If you want to utilize File and Registry Virtualization for backward compatibility then delete the requestedExecutionLevel node.
–>
<requestedExecutionLevel level=”asInvoker” uiAccess=”false” />
</requestedPrivileges>
</security>
</trustInfo>
</asmv1:assembly>

In the manifest file, the “requestedExecutionLevel” tag has a parameter named level. change this from “asInvoker” to “requireAdministrator”. Rememeber, it is case sensitive. Note this instruction is given in a commented text inside the manifest file.

Kindly note, when it is changed and the project is compiled in release mode, the application manifest file has to be copied,from “Release” folder to “Debug” folder manually (both the folders are located in “bin” folder of the project).

After doing it so, when you run the application you will be prompted to restart the Visual Studio development environment in privileged mode. To proceed with debugging your application you must do this; the changes you made will be automatically restored when the devenv restarts with privilege. If the devenv is already started with privileged mode (by any one of the way that we have considered in the beginning of this article), then its fine, go ahead with debugging without getting this prompt.

If your application manifest file is not added with the appropriate “requestedExecutionLevel” set and if your application code is attempting to do any operation that requires higher level privilege, then an exception will occur and you will not going to proceed debugging further.

See the screenshot below showing an exception occurred during hosting of a WCF service when it is trying to access the specified port address in the IIS which requires privilege to do so.

Exception raised from devenv showing denied accessing a port in IIS