.NET 2.0 Process Elevation for App Installation
Posted
by Brian Gillespie
on Stack Overflow
See other posts from Stack Overflow
or by Brian Gillespie
Published on 2010-03-31T23:38:15Z
Indexed on
2010/03/31
23:43 UTC
Read the original article
Hit count: 358
We have an application written in both C++ and .NET that installs for all users in the Program Files folder. This application downloads new versions of itself (as MSI installers) and spawns the new installer process to replace itself.
The install process as it exists today:
- Copy an install manager app (C#, .NET 2.0) to the temp directory. Call this 'Manager'
- Manager is executed with elevated privs per this article.
- The original application exits.
- Manager spawns the MSI installer (with elevated privs, since the copy is elevated)
- Manager spawns the new version of the app.
The bug:
The newly installed app is running in an elevated state. This causes problems I won't enumerate here.
Ideally, the launch of the newly installed app would be run with the permissions of the original user.
I can't figure out how to demote the app back to being the standard user after elevation.
An inelegant hack:
(yeah, yeah, this whole process is inelegant anyway)
- Copy the install manager to the temp directory
- Run the install manager with standard user privs. Lets call this instance 'LowlyManager'.
- Original application exits.
- LowlyManager spawns the app again, this time with elevated privs. Let's name this instance 'UpperManagement'
- UpperManagement spawns the installer
- UpperManagement exits gracefully, returning the exit code of the installer.
- LowlyManager interprets the error code from UpperManagement, and spawns the newly installed application. This time as the original invoker.
Is there a better way to do this?
(I've left out a bunch of other details before and after these steps that make the process smoother for the user, but this should be enough to understand the core of the problem I'm trying to solve.)
Other requirements:
- We can't install as a per-user app
- The user shouldn't be presented with an authentication dialog box if UAC would have simply asked "are you sure you want to allow this?". I think this might kill a solution using WindowsImpersonationContext, but I'm not sure.
- The system needs to work on XP, Vista, and Windows 7 (even if there is a separate process for XP).
© Stack Overflow or respective owner