Normally you can’t have ClickOnce applications that are deployed over the web run with Vista UAC elevation prompts. It’s not something Microsoft supports. Not sure why. I guess it’s once-bitten twice-shy, coming from the whole ActiveX mess. So I guess I do kind of understand why.

There is a workaround, if you really need UAC elevation, which you shouldn’t. But at a high level, it works like this. You create your ClickOnce app like you would normally. To go with it, you create a helper app that you equip with an embedded elevation manifest. You then add a test to your ClickOnce app to see if it’s running elevated. If it isn’t you make it call the helper app. It will cause a UAC elevation prompt and in turn launch the ClickOnce app anew. Since the helper got elevated, the ClickOnce app now runs elevated too. Of course, by doing this you might end up with users not accepting the elevation request. But from what I’ve seen real users do with those elevation prompts, it won’t matter much. Anyway.

The trick is getting the helper app included in the regular ClickOnce app. There may be better ways, but here’s one I’ve spent quite some time on to work out. Maybe it will help someone out there save time, like I’ve saved time by reading posts on elevation checks using managed code. So here are the steps I’ve followed to make this work:

1. Modify your ClickOnce app’s entry point to include elevation checks as described at http://www.itwriting.com/blog/?p=198. If the app is not running elevated, make it run the helper application and exit. The launch looks something like this:

   ProcessStartInfo

   psi = new ProcessStartInfo(“Helper.exe”);
   psi.UseShellExecute = true;
   Process.Start(psi);

   The UseShellExecute flag makes sure the UAC prompt will happen.

2. Create your helper application with an elevation manifest (the process for that is at Catherine Heller’s blog) and have it launch your app with something like this:
   
   string appExe = Environment.GetFolderPath(Environment.SpecialFolder.Programs) + @”\YourClickOnceApp\ClickOnceApp.appref-ms”;
   Process.Start(appExe);

   As you can see the whole scenario only works if you let the ClickOnce app create a Start Menu entry.

3. Build and publish both applications, making sure they use the option to rename the published files to .deploy extensions. This helps tremendously with web deployment.

4. Find the published helper .deploy files and copy them to the folder that contains the ClickOnce application’s .deploy files.

5. Open the ClickOnce application’s .exe.manifest file using MageUI. Go to the Files section and click the Populate button to include the helper app and its manifest in the fileset for the ClickOnce app. Save and sign the manifest. I used a stored certificate for the signing.

6. Open the ClickOnce application’s .application deployment manifest using MageUI. This is probably in the directory above the .deploy files. Open the Application Reference section. Click the Select Manifest… button and browse down to the manifest you modified in step 5. Save and sign the manifest. I used the stored certificate from step 5.

7. Now you have all the needed files packaged for uploading to your web server.

This is what will happen when the user downloads the app for the first time: A verification window shows briefly, followed by a download warning, followed by a download progress window. Now the UAC prompt will come, and if accepted, another verification window. Then the app will show.

On subsequent launches of the app the user will see the verification window, followed by the UAC prompt, followed by another verification window. Then the app will show.

It’s not pretty, but at least it works.

If you try these steps out and they don’t work, I’d appreciate an opportunity to correct them.

————————————————-

P.S.: The manifest generation step looks like this for C# projects:

“$(DevEnvDir)..\..\VC\bin\mt.exe” -manifest “$(ProjectDir)$(TargetName).exe.manifest”  ?outputresource:”$(TargetDir)$(TargetFileName)”;#1

The .exe.manifest for the helper needs to look something like this (you can leave out the commented parts):

xml version=“1.0“ encoding=“utf-8“ ?>

<assembly xmlns=“urn:schemas-microsoft-com:asm.v1“ manifestVersion=“1.0“>

<assemblyIdentity version=“1.0.0.0“ processorArchitecture=“msil“ name=“Helper“ type=“win32“ />

<description>Helper</description>

<trustInfo xmlns=“urn:schemas-microsoft-com:asm.v3“>

<security>

<requestedPrivileges>

<requestedExecutionLevel level=“requireAdministrator“ />

<!–<requestedExecutionLevel level=”asInvoker” />–>

<!– <requestedExecutionLevel level=”highestAvailable” /> –>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

Categories: Software development, Vista
7 Comments »