In part 1 of this tutorial I have presented how to run an application with and without elevation by specifying this from another process.
However there are some situations when an application cannot be run without administrative rights. For example a system configuration utility requires administrative rights to change some global policies.
In order to force an application to run only if the current user is administrator or can provide administrative credentials you must add a manifest to the C# project.
The manifest is an XML file named <application_name>.exe.manifest with the following content:
< ?xml version="1.0" encoding="UTF-8" standalone="yes"?>
What is important is the requestedExecutionLevel element. It specifies what permissions (execution level) the application needs in order to start. If the current user does not have the required level then an elevation window is displayed (see part one of the tutorial that describes the elevation window).
The default value of requestedExecutionLevel if it is not specified in the manifest or the manifest does not exist is asInvoker. Except asInvoker and requireAdministrator there is another execution level. All three are described below:
|asInvoker||The application runs with the same access token as the parent process.||Recommended for standard user applications. Do refractoring with internal elevation points, as per the guidance provided earlier in this document.|
|highestAvailable||The application runs with the highest privileges the current user can obtain.||Recommended for mixed-mode applications. Plan to refractor the application in a future release.|
|requireAdministrator||The application runs only for administrators and requires that the application be launched with the full access token of an administrator.||Recommended for administrator only applications. Internal elevation points are not needed. The application is already running elevated.|
In order to embed the manifest in the aplication’s executable you can choose one of the following options: