WinUI application running as Administrator? - manifest

I'm trying to write a WinUI 3 desktop app the requires the Administrator role. It does some msiexec work on behalf of the user, and this pretty much demands being admin as far as I can tell.
The app itself will be an unpackaged (<WindowsPackageType>None</WindowsPackageType>) and self-contained (<WindowsAppSDKSelfContained>true</WindowsAppSDKSelfContained>). Both of these settings are in the .csproj file.
To try and get Administrator role, I've added this to the app.manifest file:
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
as part of the application element. I understand that this should be sufficient to ensure that either the application is being run "as Administrator", or pops up the UAC dialog to request such permissions.
To check whether we are indeed running as Administrator, I've added this function which is called to check on admin status:
public static bool IsAdmin()
{
var identity = WindowsIdentity.GetCurrent();
var principal = new WindowsPrincipal(identity);
return principal.IsInRole(WindowsBuiltInRole.Administrator);
}
If I build my app and run it outside of Visual Studio, it reports that it is not running as Administator. No UAC, just runs the app as a standard user (if that's the correct terminology).
If I right-click and select the Run as administrator option, then the app runs and reports that it is running as Administrator.
If I run it in the Visual Studio debugger, it's always running as Administrator. But I do run Visual Studio as admin, so maybe it's just picking that up from the parent process. Not sure.
So the question is why does just running the app normally neither run as Administrator, nor pop up the UAC dialog to elevate itself to that state? Am I doing something fundamentally wrong in the app.manifest file? Should it work?
Very much a novice when it comes to manifests, C#, WinUI etc, so please be patient if I'm making invalid assumptions or I don't quite understand your answer. Happy to fill in any blanks that I've missed.

I'm not sure if elevated unpackaged apps are supported at the latest WinAppSDK v1.2. But dropping WindowsApSDKSelfContained seems to work.
This is what I tried:
Create a plain WinUI 3 app and make it unpackaged. (No self-contained)
<WindowsPackagedType>None</WindowsPackagedType>
<!--<WindowsAppSDKSelfContained>true</WindowsAppSDKSelfContained>-->
Edit Package.appxmanifest.
<Capabilities>
<rescap:Capability Name="runFullTrust" />
<rescap:Capability Name="allowElevation" />
</Capabilities>
Edit app.manifest.
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
Add your code to check if it's running as administrator.
MainWindow.xaml
<Window
x:Class="ElevationTest.MainWindow"
xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
xmlns:d="http://schemas.microsoft.com/expression/blend/2008"
xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"
mc:Ignorable="d">
<Grid>
<TextBlock x:Name="AdministratorStatusTextBlock"/>
</Grid>
</Window>
MainWindow.xaml.cs
using Microsoft.UI.Xaml;
using System.Security.Principal;
namespace ElevationTest;
public sealed partial class MainWindow : Window
{
public MainWindow()
{
this.InitializeComponent();
AdministratorStatusTextBlock.Text = IsAdmin() is true
? "Running as admin."
: "NOT running as admin.";
}
public static bool IsAdmin()
{
var identity = WindowsIdentity.GetCurrent();
var principal = new WindowsPrincipal(identity);
return principal.IsInRole(WindowsBuiltInRole.Administrator);
}
}
Build in Release mode and run the created *.exe file.
The app should ask for permission and the text should show "Running as admin.".

Related

Google map and firebase don't work together

UPDATE: This is the code that kills functionality of firebase. If I try to download from firebase a couple of seconds after this code (waiting with await Task.Delay, no other code running), it starts sending the code -13000, httpResult = 0 exception. The same request earlier works. Map works.
GoogleMapFragment gmf = new GoogleMapFragment(context, this);
FragmentTransaction ft = activity.FragmentManager.BeginTransaction();
ft.Add(mapLayout.Id, gmf, "my_fragment");
ft.Commit();
I wanted to have google map on layout in the same activity where I work with firebase. Map works, but somehow it interferes with firebase, which work only before creating Google map. Any ideas what can cause this?
Update 2: If I download small file before initializing google maps, I can later use firebase, so I 'solved' the issue in a little dirty way but at least I can continue working. After this 'fix' I get following error in the output but file is downloaded anyway. I must continue digging, for now I hope the worst is over...
error getting token java.util.concurrent.ExecutionException: com.google.firebase.FirebaseApiNotAvailableException: firebase-auth is not linked, please fall back to unauthenticated mode.
Old version of question:
I checked all possible answers here on SO for my question, but nothing brought me to right way. There's quite obvious output telling me that something is wrong, but I have no idea how to solve the issue. There's an answer in this question that one of possible reasons for HttpResult = 0 is that google play version on phone isn't actual enough. I used the method recommended for check and I have Google Play services 11.5.18 installed on phone. I have Xamarin.Firebase.Storage 42.1021.1 (10.2.1) installed and using Visual Studio 2015. Quite often I had to clean and rebuild and it sometimes worked, but not this time. In android properties I have Compile using android version 7.1 Nougat. I created firebase account just recently, not knowing much about this, added it in google console to existing project (as I already use google maps), filled sha1 code the same way I did with maps. Added google-services.json and set it's build action on GoogleServiceJson. No more actions I know about.
Here is my code, I tried various ways to download, upload, but this one seems to be good example:
FirebaseApp fba=FirebaseApp.InitializeApp(context);
firebaseStorage = FirebaseStorage.Instance;
firebaseStorageReference = firebaseStorage.GetReferenceFromUrl("gs://alien-chess.appspot.com");
firebaseStorageReference=firebaseStorageReference.Child("settings.dat");
byte[] bytes = new byte[1000];
firebaseStorageReference.PutBytes(bytes).AddOnFailureListener(new FirebaseFailureListener(this));
Here is my manifest file
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="AlienChessAndroid.AlienChessAndroid" android:versionCode="1" android:versionName="1.0" android:installLocation="preferExternal">
<uses-sdk android:minSdkVersion="19" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<application android:label="Alien Chess" android:icon="#drawable/Alien" android:largeHeap="true">
<meta-data android:name="com.google.android.gms.version" android:value="#integer/google_play_services_version" />
<meta-data android:name="com.google.android.maps.v2.API_KEY" android:value="AIzaxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" />
</application>
And here are what I think are important parts from the output window
Failed to retrieve remote module version: V2 version check failed
Local module descriptor class for com.google.android.gms.firebasestorage not found.
Considering local module com.google.android.gms.firebasestorage:0 and remote module com.google.android.gms.firebasestorage:0
NetworkRequestFactoryProxy failed with a RemoteException:
com.google.android.gms.dynamite.DynamiteModule$zza: No acceptable module found. Local version is 0 and remote version is 0.
....
Unable to create a network request from metadata
android.os.RemoteException
....
StorageException has occurred.
An unknown error occurred, please check the HTTP result code and inner exception for server response.
Code: -13000 HttpResult: 0
There isn't much c# sources for visual studio and I can't read that easily recommendations for android studio as they are quite different for unskilled programmers.
Any ideas what other things should I check?

.ASPX: How do I restrict web access to logged on users only?

► Problem: Anyone can access a webpage, but I only want logged in users to be authorized to access it.
Background:
Web Server = IIS 8
Server OS = Windows Server 2012
Framework = .NET 4.5
Environment = .\WebFolder\logon.aspx, .\WebFolder\inside.html
Website = Simple logon page ("logon.aspx") that guards an html page ("inside.html").
Users = External people (ie, non-intranet)
Sample URLs:
A. "www.webpage.com/logon.aspx"
B. "www.webpage.com/inside.html"
Desired Outcome:
Everyone can access the "logon.aspx" page
Only logged on users can access the "inside.html" page
Any direct attempts to access "B" will trigger a redirect to "A"
No additional use of program code
Prior Attempts:
I've been fiddling with the web.config file (authentication & authorization), but to no avail (501 Server Error, 401 Authorization Error, Runtime Application Error).
Web.Config File:
<system.web>
<authentication>
<forms name=".ASPXFORMSAUTH" loginUrl="logon.aspx" protection="All" timeout="1" path="/" slidingExpiration="true" requireSSL="false" />
</authentication>
<authorization></authorization>
</system.web>
Bottom line: I'm sure this is a very basic/easy thing to configure, it's just that I haven't been able to do it so far. Plus, I do not want to write any additional code in order to accomplish a seemingly fundamental task.
Thanks in advance!
Okay, I figured it out (after 7 hours). It requires four things (based on the example file structure):
1. Using the FormsAuthentication module
VS2012 → Project → Your credentials/authentication code → Use FormsAuthentication.RedirectFromLogin(_var1_, _var2_) instead of Response.Redirect(inside.html)
2. Adding a new node in the web.config file
<system.webServer><handlers><add name="HTMLHandler" type="System.Web.StaticFileHandler" path="*.html" verb="GET" /></handlers>
3. Including the 'defaultUrl' attribute in the Forms tag
<forms name=".ASPXFORMSAUTH" loginUrl="logon.aspx" defaultUrl="inside.html" protection="All" timeout="1" path="/" slidingExpiration="false" requireSSL="false" />
4. Adding a location tag authorization restriction to the 'web.config' file
<location path="inside.html"><system.web><authorization><deny users="?" /></authorization></system.web></location>
See my comments (below) for an explanation of each of these four pieces.

Winphone 8.1, Winphone 10 and Moga pro connection

I'm making a game support MogaPro run on both WP10 and WP8.
Here is the Capabilities code on packet manifest
<Capabilities>
<Capability Name="internetClientServer" />
<DeviceCapability Name="proximity" />
</Capabilities>
Create gamepad object:
if (!g_GamePad)
{
try
{
g_GamePad = ref new Moga::Windows::Phone::ControllerManager();
g_GamePad->Connect();
}
catch (Platform::Exception^ e)
{
return false;
}
if (!g_GamePad)
return false;
}
And code check connection:
if ((g_GamePad) && ((Moga::Windows::Phone::ControllerManager^)g_GamePad)->GetState(Moga::Windows::Phone::ControllerState::Connection) == Moga::Windows::Phone::ControllerResult::Connected){//code callback}
The problem is when I run on WP10 device, a system popup appear ask user want to use moga pro on this app or not. If I chose Yes, game run perfect. If I chose No, the Moga and Game never connect until I Uninstall and reinstall app.
But in WP8.1 I doesn't see any confirm popup and can not connect moga pro and game. Always assert at code check connection.
What is different between WP10 and WP8.1, and how I connect Moga and WP8.1.
Please help,
Thanks.
It looks like some incompatibility between MOGA control and Windows Phones; it's not possible to answer your question without access to the MOGA source code, but issue definitely not in your code.
I recommend you to try my open source library: worked perfectly with MOGA Mobile and should work with MOGA Pro.

Windows Phone 8.1 Voice Commands App Activation

I want to integrate some voice commands in my windows phone 8.1 app.
The first thing I want to do is to open my app by a voice command and navigate to a certain page.
According to MSDN article Quickstart: Voice commands (XAML) I can use the override of protected virtual void OnActivated(IActivatedEventArgs args) method in App.xaml.cs to meet my requirements. But it does'nt work the way I though it would!
I have the method with the following structure:
protected override void OnActivated(IActivatedEventArgs args)
{
if (args.Kind == ActivationKind.VoiceCommand)
{
var commandArgs = args as VoiceCommandActivatedEventArgs;
if (commandArgs != null)
{
// ... some logic here
}
}
}
The problem is when I'm activating my app by saying "Open 'name of my app' [optional words]" the app opens but the Activated event never fires! The app opens and OnLaunched event fires. So I can't even enter the OnActivated method.
Does anyone know the problem? Why can't I enter OnActivated method using voice commands?
P.S. I tried it with a simulator as well as with a real device.
you can see this article,
http://t.co/Q5hRxRPvwR
is in spanish, but you will understand.
After you install the app and run it, the xml should be installed, like said in documentation.
After ask to cortana "What can I say?" it will show all you can said, and the apps that supports cortana. Choose you app and you will see what you can say for your app, like
If you say what your app can listen, your app will be activated.

The permissions granted to user ' are insufficient for performing this operation. (rsAccessDenied)"}

I created a report model using SSRS (2005) and published to the local server. But when I tried to run the report for the model I published using report builder I get the following error.
Report execution error:The permissions granted to user are insufficient for performing this operation. (rsAccessDenied)
It's because of lack of privilege for the user you are running the report builder, just give that user or a group a privilege to run report builder.
Please visit this article
Or for shortcut:
Start Internet Explorer using "Run as Administrator"
Open http://localhost/reports
Go to properties tab (SSRS 2008)
Security->New Role Assignment
Add DOMAIN/USERNAME or DOMAIN/USERGROUP
Check Report builder
I know it's for a long time ago but you (or any other new comers) can resolve this issue by
Add the [Domain\User] to Administrator, IISUser, SQLReportingUser groups
Delete Encryption Key in SSRS configuration tools
ReRun the Database Change in SSRS configuration tools
Open WebServiceUrl from SSRS configuration tools (http://localhost/reportserver)
creating Reports Folder manually
go to Properties of created folder and add these roles to security (builtin\users , builtin\Administrator, domain\user)
Deploy your reports and your problem resolved
Right Click Microsoft BI -> Click Run as Administrator -> either open your existing SSRS report or create your new SSRS report and then deploy your report after that complied you will be received one web URL for to view your report. Copy that URL and paste to web browser(Run as Administrator) and you will get your report view.
You could use Internet Explorer, which would be essential for web service
If it is wrong means,Please forgive me since i did like this so that i just written.
Make sure you have access configured to the URL http://localhost/reports using the SQL Reporting Services Configuration. To do this:
Open Reporting Services Configuration Manager -> then connect to the report server instance -> then click on Report Manager URL.
In the Report Manager URL page, click the Advanced button -> then in the Multiple Identities for Report Manager, click Add.
In the Add a Report Manager HTTP URL popup box, select Host Header and type in: localhost
Click OK to save your changes.
Now start/ run Internet Explorer using Run as Administator...
(NOTE: If you don't see the 'Site Settings' link in the top left corner while at http://localhost/reports it is probably because you aren't running IE as an Administator or you haven't assigned your computers 'domain\username' to the reporting services roles, see how to do this in the next few steps.)
Then go to: http://localhost/reports (you may have to login with your Computer's username and password)
You should now be directed to the Home page of SQL Server Reporting Services here: http://localhost/Reports/Pages/Folder.aspx
From the Home page, click the Properties tab, then click New Role Assignment
In the Group or user name textbox, add the 'domain\username' which was in the error message (in my case, I added: DOUGDELL3-PC\DOUGDELL3 for the 'domain\username', in your case you can find the domain\username for your computer in the rsAccessDenied error message).
Now check all the checkboxes; Browser, Content Manager, My Reports, Publisher, Report Builder, and then click OK.
You're domain\username should now be assigned to the Roles that will give you access to deploy your reports to the Report Server. If you're using Visual Studio or SQL Server Business Intelligence Development Studio to deploy your reports to your local reports server, you should now be able to.
Hopefully, that helps you solve your Reports Server rsAccessDenied error message...
Just to let you know this tutorial was done on a Windows 7 computer with SQL Server Reporting Services 2008.
Reference Article: http://techasp.blogspot.co.uk/2013/06/how-to-fix-reporting-services.html
You can also make sure that the Identity in your Application Pool has the right permissions.
Go to IIS Manager
Click Application pools
Identify the application pool of the site you are deploying reports on
Check that the identity is set to some service account or user account that has admin permissions
You can change the identity by stopping the pool, right clicking it, and selecting Advanced Settings...
Under Process Model is the Identity field
I have used following steps and it is working for me.
Open Reporting Services Configuration Manager -> then connect to the report server instance -> then click on Report Manager URL.
In the Report Manager URL page, click the Advanced button -> then in the Multiple Identities for Report Manager, click Add.
In the Add a Report Manager HTTP URL popup box, select Host Header and type in: localhost
Click OK to save your changes.
Then:
copied the report server URL
Run Google chrome/Internet Explorer as administrator
Paste URL in address bar and press enter.
it is working fine for me on Internet Explorer and Google Chrome but not for mozilla Firefox.
In case of Firefox asking for username and Password I am providing it but it is not working. I am admin and have full right.
I have done 1 more change set "User Account Control Settings" to never notify.
If you are getting such type of exception while deploying this report from Visual Studio then do the following things:
Open Google chrome/Internet Explorer with administrator right.
open report server URL in it.
3.Click on "New Role Assignment" add the then enter the user name and select the Roles
.
click ok.
Now deploy the report from Visual studio it will work and deploy the reports at specified server.
under Site setting in Reports manager >Configure system-level role definitions > check ExecuteReport Defination option
then
Create a System UserGroup, Give the access to that group at
Connect to your reporting Services Data base in server properties and add a group and permite the access as System User... It should work
I have SQL2008 / Windows 2008 Enterprise and this is what I had to do to correct the rs.accessdenied, 404, 401 and 503 errors:
Added NT Users to SQL Report Server Users and IIS_USR Group
I changed SQL Reporting Service to Local account (it was Domain with Local Admin)
I deleted encryption key in Reporting Services Configuration (last tab on the list)
and THEN it worked.
Open internet explorer as administrator.
Open the reports url http://machinename/reportservername
then in 'folder settings' give permission to required user-groups.
Old but relevant issue. I solved for 2012 by logging in to the reporting server and:
browse to http://localhost/reports/
Click 'Site Settings' in the top-right (was only available when logging in to the report server)
Go to the 'Security' tab and click 'New Role Assignment'
Added my DOMAIN\USERNAME as a System Administrator
Can't say that I'm comfortable with this solution, but I needed something that worked and it worked. Hope this helps someone else.
After setting up SSRS 2016, I RDP'd into the server (Windows Server 2012 R2), navigated to the reports URL (https://reports.fakeserver.net/Reports/browse/) and created a folder title FakeFolder; everything appeared to be working fine. I then disconnected from the server, browsed to the same URL, logged in as the same user, and encountered the error below.
The permissions granted to user 'fakeserver\mitchs' are insufficient
for performing this operation.
Confused, I tried pretty much every solution suggested on this page and still could not create the same behavior both locally and externally when navigating to the URL and authenticating. I then clicked the ellipsis of FakeFolder, clicked Manage, clicked Security (on the left hand side of the screen), and added myself as a user with full permissions. After disconnecting from the server, I browsed to https://reports.fakeserver.net/Reports/browse/FakeFolder, and was able to view the folder's contents without encountering the permissions error. However, when I clicked home I received the permissions error.
For my purposes, this was good enough as no on else will ever need to browse to the root URL, so I just made a mental note whenever I need to make changes in SSRS to first connect to the server and then browse to the Reports URL.
Problem:
Error rsAccessDenied : The permissions granted to user 'User\User' are insufficient for performing this operation.
Solution:
Click "Folder Setting" > "New Role Assignment"
Then type "User\User" in the 'Group or user name text box'.
Check the Roles check boxes that you would want the user to have.
What Worked for me was:
Open localhost/reports
Go to properties tab (SSRS 2008)
Security->New Role Assignment
Add DOMAIN/USERNAME or DOMAIN/USERGROUP
Check Report builder
This worked for me-
-go to the report manager, check site settings-> Security -> New Role Assignment-> add the user
-Also, go to Datasets in report manager -> your report dataset -> Security -> New Role Assignment -> add the user with the required role.
Thanks!
I know it's for a long time ago but may be helpful to any other new comers,
I decided to pass user name,password and domain while requesting SSRS reports, so I created one class which implements IReportServerCredentials.
public class ReportServerCredentials : IReportServerCredentials
{
#region Class Members
private string username;
private string password;
private string domain;
#endregion
#region Constructor
public ReportServerCredentials()
{}
public ReportServerCredentials(string username)
{
this.Username = username;
}
public ReportServerCredentials(string username, string password)
{
this.Username = username;
this.Password = password;
}
public ReportServerCredentials(string username, string password, string domain)
{
this.Username = username;
this.Password = password;
this.Domain = domain;
}
#endregion
#region Properties
public string Username
{
get { return this.username; }
set { this.username = value; }
}
public string Password
{
get { return this.password; }
set { this.password = value; }
}
public string Domain
{
get { return this.domain; }
set { this.domain = value; }
}
public WindowsIdentity ImpersonationUser
{
get { return null; }
}
public ICredentials NetworkCredentials
{
get
{
return new NetworkCredential(Username, Password, Domain);
}
}
#endregion
bool IReportServerCredentials.GetFormsCredentials(out System.Net.Cookie authCookie, out string userName, out string password, out string authority)
{
authCookie = null;
userName = password = authority = null;
return false;
}
}
while calling SSRS Reprots, put following piece of code
ReportViewer rptViewer = new ReportViewer();
string RptUserName = Convert.ToString(ConfigurationManager.AppSettings["SSRSReportUser"]);
string RptUserPassword = Convert.ToString(ConfigurationManager.AppSettings["SSRSReportUserPassword"]);
string RptUserDomain = Convert.ToString(ConfigurationManager.AppSettings["SSRSReportUserDomain"]);
string SSRSReportURL = Convert.ToString(ConfigurationManager.AppSettings["SSRSReportURL"]);
string SSRSReportFolder = Convert.ToString(ConfigurationManager.AppSettings["SSRSReportFolder"]);
IReportServerCredentials reportCredentials = new ReportServerCredentials(RptUserName, RptUserPassword, RptUserDomain);
rptViewer.ServerReport.ReportServerCredentials = reportCredentials;
rptViewer.ServerReport.ReportServerUrl = new Uri(SSRSReportURL);
SSRSReportUser,SSRSReportUserPassword,SSRSReportUserDomain,SSRSReportFolder are defined in web.config files.
The report might want to access a DataSource or DataView where the AD user (or AD group) has insuficcient access rights.
Make sure you check out the following URLs:
http://REPORTSERVERNAME/Reports/Pages/Folder.aspx?ItemPath=%2fDataSources
http://REPORTSERVERNAME/Reports/Pages/Folder.aspx?ItemPath=%2fDataSets
Then choose Folder Settings
(or the appropriate individual DataSource or DataSet) and select Security. The user group needs to have the Browser permission.
What worked for me was:
Go to Site Setting
Click on "Configure site-wide security"
Click "New Role Assignment" button in top bar
Give the new role the following name "Everyone"
Of the available roles, grant it "System User" only
Click "Apply"
That should do it,
Good luck!
Just like Nasser, I know this was a while ago but I wanted to post my solution for anyone who has this problem in the future.
I had my report setup so that it would use a data connection in a Data Connection library hosted on SharePoint. My issue was that I did not have the data connection 'approved' so that it was usable by other users.
Another thing to look for would to make sure that the permissions on that Data Connection library also allows read to the select users.
Hope this helps someone sooner or later!
For SQL Reporting Services 2012 - SP1 and SharePoint 2013.
I got the same issue:
The permissions granted to user '[AppPoolAccount]' are insufficient for performing this operation.
I went into the service application settings, clicked Key Management, then Change key and had it regenerate the key.
Thanks for Sharing. After struggling for 1.5 days, noticed that Report Server was configured with wrong domain IP. It was configured with backup domain IP which is offline. I have identified this in the user group configuration where Domain name was not listed. Changed IP and reboot the Report server. Issue resolved.
Run BIDS as administrator despite of existing membership of Administrators group.