Detecting elevated privileges on Windows Server 2008 or higher

Question

I have an C#, .Net 4.6.1 Windows Forms Application running on Windows Server Platforms (2008 or higher) which requires to be "Run as Administrator". Elevated privileges are required because the application changes User Access Rights on various folders (underneath the IIS Default Web Site Root if that matters).

I have no luck in detecting if the application has been "Run as Administrator". If I start the application normally (that is not as Administrator) the following code

var isAdmin = WindowsIdentity.GetCurrent().Owner.IsWellKnown(WellKnownSidType.BuiltinAdministratorsSid);

returns true but the code which changes some User Access Rights on a Directory fails with a Insufficient Privileges Error.

If I run the application as administrator the above check also returns true, but the changing of User Access rights works just fine.

Other attempts I have made without success:

• Using the GetTokenInformation method inside the advapi32.dll as suggested here
• Adding a manifest file to the application where I set the requestedExecutionLevel to requireAdministrator

Thanks in advance for any help.

Answer 1

The following must work (I hope so; I have a Windows client and it's working with me).

var Identity = WindowsIdentity.GetCurrent();
var Principal = new WindowsPrincipal(Identity);
bool IsAdmin = Principal.IsInRole(WindowsBuiltInRole.Administrator);

Answer 2

Try to change the permissions of a known folder and if there is an exception then you know the program has not been run as administrator.