11

For a regular .exe file i can always right click and select "run as..". How can i run a Click-Once application under different credentials in a similar way?

I am talking about the application itself, not the installer.

Vitalik
  • 2,724
  • 4
  • 32
  • 43

3 Answers3

24

This is actually possible, you just need to do it in two steps. First you'll need to launch ClickOnce (dfsvc.exe) as the user you are trying to impersonate and then you can launch the deploy application using rundll32, something like this:

(From the command line)

1.- Click once:

runas /user:domain\user "c:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe"

2.- Launch app:

runas /user:domain\user "rundll32 c:\Windows\System32\dfshim.dll,ShOpenVerbApplication http://someurl.com/tool.application"

Note that you only need to run dfsvc.exe once if you need to launch multiple apps and it will go away after a while once you close all your impersonated click once applications.

jpaugh
  • 6,634
  • 4
  • 38
  • 90
Alan
  • 1,301
  • 9
  • 12
  • 1
    This answer saved my life! I was able to use the trick described to open a ClickOnce application between two un-trusted domains using NTLM authentication. – Louie Bao Aug 02 '13 at 13:11
  • @Santo two times `user` ? – turbanoff Aug 08 '14 at 08:28
  • 1
    @turbanoff yes you need to do it twice, otherwise the second one will launch the clickonce app under the logged in user's context. Is that what you were asking? – Alan Aug 11 '14 at 23:09
  • @Santo I can not understand: where I need to specify the username and where the string `user` – turbanoff Aug 12 '14 at 08:09
  • You need to do it from a command line (Windows Key + R, type cmd and press enter), and enter both commands, just replace domain\user in both cases with the domain and user you are trying to run as. If this is a user from the local machine, then use the machine name as the domain. I hope this helps. – Alan Aug 22 '14 at 17:00
1

Are you talking about a one off process, or something that needs to happen every time your code is run on multiple computers? Because if you simply want to personally run a ClickOnce app with elevated permissions, its pretty simple. Click once apps reside at %LOCALAPPDATA%\Apps\2.0[ObfuscatedFolderName]. Simply find your app folder ( timestamp should be enough information ), then rightclick your EXE and run as admin.

If you want to do it in code, the easiest solution is probably to make a shell launcer application around your code, that requests elevated permissions in code. Here is such an example.

Serapth
  • 7,122
  • 4
  • 31
  • 39
  • Do you know if the location of the app may change after an auto-update? – Vitalik Sep 01 '10 at 01:05
  • What i am really trying to do is to run a click-once up under domain account from a computer that is not part of the domain (but on the same network). – Vitalik Sep 01 '10 at 01:05
  • I don't believe you can rely on the path staying consistent, no. – Serapth Sep 01 '10 at 01:08
  • How are you deploying your clickOnce app? FileShare or IIS hosted? If IIS, check this out. Actually, check it out anyways. You should be able to get by passing login via URL. Such as (someserver/SomeClickOnceApp.application?username=Joe&password=CORocks) http://msdn.microsoft.com/en-us/library/aa480721.aspx#adminc_topic5 – Serapth Sep 01 '10 at 01:16
  • Also my guess both approaches will not perform auto-update since i am going against .exe directly. – Vitalik Sep 02 '10 at 14:20
1

The answer really is no, you shouldn't do this. ClickOnce applications are installed under the user profile and belong only to that user. THey will not and do not work as an all-user installation.

Also note that if you double-click on the [exe] file (the location of which changes every time there is an update), it will not look for updates, it will not check the files to make sure they haven't been tampered with. In other words, it will not run as a ClickOnce application.

I also think passing the username and password in the query string is ill-advised because anybody running fiddler or charles or any other network traffic sniffer will be able to see the credentials.

RobinDotNet
  • 11,723
  • 3
  • 30
  • 33
  • See the answer below, which achieves this with no hard-coding of passwords. Whether this is advisable or not isn't really the question. I don't suppose people would do this in normal operation, but it is sometimes necessary for testing other users' experiences in dev. – Stephen Holt Sep 19 '18 at 09:43