How to force a C# based WinForms applications to run with administrator rights on any environment?

The UAC management in Windows is pretty troublesome for different reasons. The most simple and usual one, is the fact that some applications will need to execute system level tasks, like stopping or starting services of Windows or even services created by you. If the user runs the application with administrator rights, everything will work properly, however we know how the users are ! We know they forget (we do as well) to run applications with the necessary privileges, so you can't expect the same always. Instead, you may want to search for a secure solution that guarantees the execution of your application with the mentioned rights.

In this article, we'll explain you briefly how to request administrator rights at the beginning of the execution of a C# based WinForms application.

1. Verify that your app has an application manifest

As first step, you need to verify if your application does have the manifest in the root directory:

Solution Explorer C# WinForms

If it doesn't exist, you will have to create it as described in the following description.

If you don't have any, create it with the default information

In case that you don't have the mentioned manifest registered in your application, then proceed to create it. Open your project in Visual Studio and do right click on your project, click on Add and New Item:

Application Manifest Add Project

In the new dialog, select from the Visual C# Items, the Application Manifest File:

Add Application Mannifest To WinForms

This will create a file with a similar content in the root directory of your application namely app.manifest:

<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <!-- UAC Manifest Options
             If you want to change the Windows User Account Control level replace the 
             requestedExecutionLevel node with one of the following.

        <requestedExecutionLevel  level="asInvoker" uiAccess="false" />
        <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />
        <requestedExecutionLevel  level="highestAvailable" uiAccess="false" />

            Specifying requestedExecutionLevel element will disable file and registry virtualization. 
            Remove this element if your application requires this virtualization for backwards
            compatibility.
        -->
        <requestedExecutionLevel level="asInvoker" uiAccess="false" />
      </requestedPrivileges>
    </security>
  </trustInfo>

  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
    <application>
      <!-- A list of the Windows versions that this application has been tested on
           and is designed to work with. Uncomment the appropriate elements
           and Windows will automatically select the most compatible environment. -->

      <!-- Windows Vista -->
      <!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->

      <!-- Windows 7 -->
      <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->

      <!-- Windows 8 -->
      <!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->

      <!-- Windows 8.1 -->
      <!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->

      <!-- Windows 10 -->
      <!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->

    </application>
  </compatibility>

  <!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
       DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need 
       to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should 
       also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config. -->
  <!--
  <application xmlns="urn:schemas-microsoft-com:asm.v3">
    <windowsSettings>
      <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
    </windowsSettings>
  </application>
  -->

  <!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
  <!--
  <dependency>
    <dependentAssembly>
      <assemblyIdentity
          type="win32"
          name="Microsoft.Windows.Common-Controls"
          version="6.0.0.0"
          processorArchitecture="*"
          publicKeyToken="6595b64144ccf1df"
          language="*"
        />
    </dependentAssembly>
  </dependency>
  -->

</assembly>

Once you know you have this file in your application, you can proceed with the last step.

2. Request Administrator Rights

In order to start the application with administrator rights, you will need to change the value of the requestedExecutionLevel child node inside the trustInfo element. The requestedExecutionLevel node identifies the security level at which the application requests to be executed. This element has no children and has the following 2 attributes:

  • Level Required. Indicates the security level the application is requesting. Possible values are:

    • asInvoker, requesting no additional permissions. This level requires no additional trust prompts.

    • highestAvailable, requesting the highest permissions available to the parent process.

    • requireAdministrator, requesting full administrator permissions.

    • ClickOnce applications will only install with a value of asInvoker. Installing with any other value will fail.

  • uiAccess

    Optional. Indicates whether the application requires access to protected user interface elements. Values are either true or false, and the default is false. Only signed applications should have a value of true.

In a default manifest you will find it with the next value:

<requestedExecutionLevel  level="asInvoker" uiAccess="false" />

However, you need to change it to the next one in order to require administrator rights:

<requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />

Once you save the changes on the app.manifest file and you start the application with the Visual Studio Debugger, you will see the following warning (only if you didn't run Visual Studio as administrator).

Visual Studio C# WinForms Administrator Rights Application

Happy coding !

This could interest you

Become a more social person