Are you talking about a one off process, or something that needs to happen every time your code is run on multiple computers? Because if you simply want to personally run a ClickOnce app with elevated permissions, its pretty simple. Click once apps reside at %LOCALAPPDATA%\Apps\2.0[ObfuscatedFolderName]. Simply find your app folder ( timestamp should be enough information ), then rightclick your EXE and run as admin.

If you want to do it in code, the easiest solution is probably to make a shell launcer application around your code, that requests elevated permissions in code. Here is such an example.

This is actually possible, you just need to do it in two steps. First you'll need to launch ClickOnce (dfsvc.exe) as the user you are trying to impersonate and then you can launch the deploy application using rundll32, something like this:

(From the command line)

1.- Click once:

runas /user:domain\user "c:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe"

2.- Launch app:

runas /user:domain\user "rundll32 c:\Windows\System32\dfshim.dll,ShOpenVerbApplication http://someurl.com/tool.application"

Note that you only need to run dfsvc.exe once if you need to launch multiple apps and it will go away after a while once you close all your impersonated click once applications.

The answer really is no, you shouldn't do this. ClickOnce applications are installed under the user profile and belong only to that user. THey will not and do not work as an all-user installation.

Also note that if you double-click on the [exe] file (the location of which changes every time there is an update), it will not look for updates, it will not check the files to make sure they haven't been tampered with. In other words, it will not run as a ClickOnce application.

I also think passing the username and password in the query string is ill-advised because anybody running fiddler or charles or any other network traffic sniffer will be able to see the credentials.