Administrative rights: Winforms vs WPF - wpf

I have been porting a Winforms app to WPF and have noticed the following regarding administrative rights.
The application launches a command line exeternal app as part of its execution using 'ProcessStartInfo'. The Winforms app has no application manifest and runs the app correctly.
However the WPF version won't launch the external app correctly UNLESS I give the WPF application administrative rights. ()
I'd prefer not to do this because of the somewhat annoying UAC confirmation dialog.
I've tried adding the 'ProcessStartInfo' Verb = "runas" but that has no effect.
Does anyone know why the Winforms version is OK but the WPF version requires admin rights? FYI. The external app process a file and writes the output file into a folder in the programdata directory)

It seems that external process launched from Wpf apps don't have access to the ProgrammData folder, although the parent app does. (Yes I do actually need to write to folders within PrgrammData. I have system services that need to consume data and these services have no knowledge of users...)
By having the external app write to Environment.SpecialFolder.ApplicationData and then have the parent app move the files from Environment.SpecialFolder.ApplicationData to programdata... things work as in the Winforms apps

Writing to Program Files is not advised. If you have control over those system services, modify them to take the data from Environment.SpecialFolder.CommonApplicationData folder, this location is not user-specific and shared across the system. Then your executable will write its output to Environment.SpecialFolder.CommonApplicationData.
Where ProgramData is located? If it's under Program Files, then both your WinForms and WPF applications should have administrator rights to write to it.

Related

WPF application installed in program files just exits - but runs in another folder

Using Visual Studio 2017 on Windows 10, I have a WPF application with an installer created using the Visual Studio Installer extension. When I install it on another PC, the application starts but then exits within the same second. Nothing in logs.
If I add a manifest to force admin mode, its starts correct.
If I copy the files to another folder (outside program files) it starts correct.
Apparently the "program files" is restricted or something? Am I missing something in my setup/installer project? Any other ideas more than welcome!
EDIT:
I've tried to create the installer using WIX and then it runs fine. Seems to be some settings in the VS Installer extension.
You can modify the ACLs on the folder in question to allow write access by regular users (not great) or you could write the settings file somewhere else where write permission for users is standard.
There are many ways: Resolve lacking permissions.
There is another, similar answer here.
Adding a couple further links:
WiX and deployment links, various topics.

Why a virtualized file system for in-browser trusted-mode SL5 apps?

In Silverlight 5, applications can access the file system without restriction via FileInfo and related classes when running with elevated privileges. Also since SL5, an app can run inside the browser with elevated trust.
However, when running in-browser, all access to the file system appears to end up being routed to a special directory AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C....
This is a different behavior from running without elevated trust altogether, which throws a SecurityException. Out-of-browser, the behavior is as expected.
Note that in all cases I run the app through visual studio, which is, as far as in-browser support is concerned, all I'm interested in.
Is this desired behavior? Can I change it?

WPF app won't run in kiosk mode

I have a WPF application that is designed for a touchscreen kiosk. Users will not have access to a keyboard or mouse. The application runs fine when started normally from the program icon in windows. However, when it is set up to run automatically at startup (by replacing the Windows shell using a registry key), the application does not function properly.
The application reads an XML file that lists available videos, then displays buttons to show the videos. When run in "kiosk mode," it does not seem to have access to the files in its media directory (the XML file and presumably the videos as well). I suspect that because the application is running in place of the windows explorer, it is missing resources it needs for file access that are normally loaded by windows explorer.
I have not been able to find any info on this - there is plenty of info on how to get an app to run at startup, but not much on how to make sure it will actually function in that environment. The PC is running Windows 7 Professional.
Is my assumption about the problem correct, or is it likely something else (e.g. permissions - we checked the permissions, but maybe they operate differently when you replace the windows shell?) If it is because needed resources are not loaded, does anyone have pointers on how to make sure my app loads them?
Perhaps you have file access occurring via a file dialog? This might explain a bit further. What is the minimum functionality needed to create Shell Replacement for Windows?
because you have stopped windows default running explorer.exe , your program can not get access to default xml directory therefore you should specify the complete path for example like below:
stream = File.Open(#"C:\x86\Debug\xml.xml", FileMode.OpenOrCreate);

Winforms: where should assemblies that go with the application be published

Very simple Winforms application I want to deploy manually. Can all the referenced assemblies simply go in the application folder or where should they be published? (In ASP.NET they can go in the \bin folder). I would rather not put in the GAC.
By default I place the referenced assemblies in the same folder I deploy the app to (or \bin for ASP.NET), barring a Very Good Reason to deploy to the GAC.
You can use .NET probind to define a relative folder where the application should search .dlls at start. You only need to add a simple config file with your application.
For simple apps, I deploy the executable and the config file in the root directory, and place the needed libraries in a lib subdirectory:
/
|-MyApp.exe
|.MyApp.exe.config
|-lib
|-Lib1.dll
|-Lib2.dll
Use this link from a recent anwer to find out how to create the config file
Eric J's answer is probably the correct one, but there is a reason to be wary of placing the assemblies in the application folder: Windows 7. I haven't run into this problem personally, since I'm still in Vista Hell, but apparently in Windows 7 the Protected Administrator account (which you normally run under) doesn't have write access to all application folders - it only has write access to application folders that were installed by that user. So if your application was installed by a Windows XP or Vista user, and then that user upgrades to Windows 7, your default Protected Admin user will be denied write permission on the application folder (since it has a different SID under the new version of Windows).
This problem would only affect you if you try to upgrade the dependent assemblies, and it would only affect users who installed your application under an earlier version of Windows and then upgraded to Windows 7, so I don't know how big a deal this would be for you.
See this article for more details.

"Out of browser" web application running at Start-Up?

I've become familiar with the new concept of "out of browser" web applications, supported in the recent Silverlight, JavaFX, Adobe AIR etc.
Listening recently to a podcast on the subject by Scott Hanselman, I've become aware that one of the purposes behind these new architectures is to allow for "desktop-application-feel". Also, I understand some (or all) of these allow for some offline access to a sandbox of resources. This really sounds as if these frameworks could be an alternative to "real" desktop applications, as long as the application does not require messing with the user's machine (i.e. access to peripherals, certain file IO, etc).
I have a very specific question. My application needs to run at start-up. Is it possible to do so using such a framework without requiring the user to download and run a certain executable?
For example, I could always direct the user to download a small EXE that will put a .lnk file in the start-up directory, but I want to avoid such a patch.
To summarize: is it possible to have an out-of-browser web application setup itself to run at start-up without requiring file download?
To further clarify, this question does not come from an "evil" place, but rather from trying to decide whether "out-of-browser" frameworks are indeed a proper alternative to a desktop application, for my specific requirements.
The BkMark example here shows how to start an application on startup using Adobe Air. So, yes it is possible.
So, here's the deal: web apps in general will have a security context around them, and by default won't have access to write to the filesystem (outside of a temp files), access the registry, etc.
One way is, as you said, have the user run something or configure it so the lnk is executed on startup.
Another way, and I think, more in line of what you want, is that the user can run the program himself, click some button in the application, and it's configured.
I know with Java you could do this, but the user has to allow full access to their system, because your app would need to change System configuration. Then you could just configure it (by writing a lnk to your WebStart JNLP in the Startup folder)
For Internet Exploder, Javascript apps do have write access to the disk.
For other (better-secured) browsers you will either need to have a download, or Adobe AIR.
Assuming you are building for Windows, launching an executable at startup can be done several ways.
For user session startup, you can achieve this either by putting a lnk file in the appropriate folder, or with a registry entry. For operating system startup, you can achieve this with a registry entry. There are several permutations:
run application once on boot (UI not allowed)
run application every boot (UI not allowed)
start service every boot according to policy set in registry
run application once on user session start
run application every user session
Since an out of browser application has UI I expect you mean run application every user session and in this case you may as well put an LNK file in the user's startup folder.
I just created a shortcut for an SL4 OOB application, and this was the Target of the shortcut:
"C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe" 2635882436.localhost
A search of my disk revealed that location 2635882436.localhost is a folder.
C:\Users\<mylogin>\AppData\LocalLow\Microsoft\Silverlight\OutOfBrowser\2635882436.localhost
I rather doubt an OOB app of any type could place a shortcut in the Startup folder unless you somehow obtained Full Trust.

Resources