StrataFrame Forum

App with security requieres execute as administrator in Vista

http://forum.strataframe.net/Topic17220.aspx

By Juan Carlos Pazos - 6/21/2008

Hi

I was creatin an app with security integrated, I test only inside VS that runs with administrator privileges in Windows Vista and all time tha app works fine.

Then I go to Bin folder and run the app, tested and when I try to close the security window, the app gives me an error regarding the Regisry. If I run the application as admiistrator works fine.

My problem is that must users with Vista does not run the applications as administrators, and certainly I don't want my application requieres to run as administrator.

Is there a way to override the write/read from registry in the security. I think that is all I need.

I have not deployed the app, just testing since my computer.

Regards

By Trent L. Taylor - 6/23/2008

You can run in as tight a permissions environment as you like.  More than likely this doesn't have anything to do with the RBS but rather the connection string paths.  In the SetDataSources method in the AppMain.vb or program.cs file, set the Connection Data Folder prior to calling the SetConnections method:

ConnectionManager.ConnectionDataFolder = "C:\MyPath\"

This allows you to direct the connection files to any path that you like to prevent any type of security issues. 

By Juan Carlos Pazos - 6/23/2008

Hi Trent

Thanks for your answer, please apologize me for put this comment here in DDT, if you can change it to the correct forum or delete this. I can create a new one in the correct section.

I believe I found the problem. After a little digging , I noticed that you put in the Registry values to:

HKEY_LOCAL_MACHINE\Software\MicroFour\StrataFrame\Security\LoginForm

I open the source of the security project and found this values for registry too.

For Vista Microsoft not allows that an application creates values to HKEY_LOCAL_MACHINE if not running as administrator, I get the "Windows Vista Application Development Requirements for User Account Control Compatibility" and found this:

Registry Virtualization:

·      Virtualize (HKEY_LOCAL_MACHINE\SOFTWARE)

·      Redirect to: HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\<Application Registry Keys>

·      Keys excluded from virtualization

·      HKEY_LOCAL_MACHINE\Software\Classes

·      HKEY_LOCAL_MACHINE \Software\Microsoft\Windows

·      HKEY_LOCAL_MACHINE \Software\Microsoft\Windows NT

In my application I change the Registry entry for the login form to this:

HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Datafox\Operaciones\Security\LoginForm

and running the application without problems. But if I launch the security the again teh registry problem apper.

As I noticed if I recreate the security DLL, using HKEY_CURRENT_USER and not HKEY_LOCAL_MACHINE the application will run without administrator permission.

Waiting for your comments.

Regards

By Trent L. Taylor - 6/23/2008

There is a new ForceCurrentUserOnRegistrySettings property on the SecurityBasics class that will be included in the next SF beta update.  I will try and get this built and posted today so that you can test this.  You will just need to set this in the InitApplication or prior to the LoginForm appearing.

SecurityBasics.ForceCurrentUserOnRegistrySettings
By Juan Carlos Pazos - 6/23/2008

Thanks Trent

I will use this new property today.

Regards