How to access AppData in Protected Mode


  • I am writing a managed BHO in C#.  When run in protected mode (IE's new UAC-compliant mode which forces all extensions to run at low-integrity), it fails because it cannot access user.config in the appdata folder.
    Is there some way to mark files are readable by lower-integrity processes?
    Failing that, is there some way to force the BHO to run at medium-level integrity?
    Failing that, is there some way to create a low-integrity symlink in the low-integrity folders which points to a medium-integrity file in AppData?
    Failing that, is there some way to force the application to use a user.config file in the LocalLow folder?  How do I get the path for this folder in .net (it's not listed under Environment.SpecialFolder)?  Will I be able to fall back with users running XP or who turn protected mode off, without losing all their user.config data?
    Saturday, January 02, 2010 8:36 PM


  • You want to use IEGetWritableFolderPath() to decide where to put your configuration files.  I'm not sure if you can get Visual Studio to automagically put the user.config in that folder, you'd have to go over and ask in the Visual Studio C# forum.  However, you can (and probably should) just write your own property store and persist it at the path returned by IEGetWritableFolderPath().

    There is no way to make your BHO run as medium integrity, as integrity levels are process-wide, and your BHO runs in the IE process.  I don't think your sim-link trick will work.

    You could have your BHO launch a medium integrity process and then do marshalled COM calls to it, but that's probably more work than just writing your own data-store and putting it in the right place.
    • Marked as answer by BlueRaja Saturday, February 12, 2011 5:01 PM
    Sunday, January 03, 2010 11:22 PM