2

I receive random reports from random users about UnauthorizedAccessException when reading or writing(creating files) to random folder. Usually on their own Documents folder. And more problem is that when app is unable to write its data to {USER}\AppData\Roaming.

The application is running as admin** and usually reports are from Windows 7 and Windows 8 users.

Is there any way to fix this without setting the permission manually.

**To determine if app is running as admin

AppDomain myDomain = Thread.GetDomain(); myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); WindowsPrincipal myPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal; boolean isRunningasAdmin = myPrincipal.IsInRole(WindowsBuiltInRole.Administrator));

edit : in app.manifest

<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
Improve this question
8
  • Off the top of my head: Even if you are an administrator, you can't read or write arbitrary files - you have to grant yourself access to them first, or you can impersonate the user. Commented Jun 22, 2015 at 23:21
  • How is the app deployed? Commented Jun 23, 2015 at 17:30
  • Dont trust the report(s) from (random) users. There is likely some common deniminator at play such as folder or file name. Catch the exception and log the specifics to identify the real cause. Commented Jun 23, 2015 at 18:00
  • 1
    Is it possible to run multiple instances of you application? Files could be locked by an instance and you might get an exception when another instance tries to access the same.? Commented Jun 25, 2015 at 9:04
  • 2
    It is also possible that an antivirus program was trying to scan a file created by your application Commented Jun 25, 2015 at 9:08

1 Answer 1

Reset to default
1
+50

With respect to the question: Is it possible to avoid permission related exceptions while attempting to write to the disk?

In short, the answer is: yes this can be accomplished through the use of impersonation.

SOLUTION NOTES

IMPERSONATION & PERMISSIONS

Impersonation is the ability of a thread to execute using a different security information than the process that owns the thread. Typically, a thread in a server application impersonates a client. This allows the server thread to act on behalf of that client to access objects on the server or validate access to the client's own objects. [SOURCE: A Complete Impersonation Demo]

As highlighted by Aasmund Eldhuset, running as an administrator does not guarantee that you will have the appropriate permissions to access the file system.

As a sanity check, you could create a simple application to ensure that everything is working as expected.

  1. Create a simple WinForms application that will write a text file to disk using impersonation.
  2. Create a test environment with folders/directories and different user permissions
  3. Verify that everything works:
    • Run the test application and have it write to a directory where you DO have permission.
    • Run the test application and have it write to a directory where you **DO NOT* have the appropriate permissions.

APPLICATION DESIGN

I suggest that you take user feedback with a grain of salt as it is not uncommon for users to provide inaccurate or incomplete descriptions of problems they are encountering.

In your scenario, I would have your application attempt to write to the directory/folder in question when the application starts. If the write fails, then you can record relevant information (e.g. the name of the user that is executing the write operation) to an event log (e.g. text file) for later review.

ADDITIONAL READING

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

The problem with this method is that it requires to know the password of impersonating account for calling LogonUser. Also, I start to believe there is no other way. But, thats a very good answer and nicely written.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.