Please see sample projects at https://github.com/jurocha-ms/LowILAccessDenied.
An E_ACCESSDENIED error is thrown when attaching a debugger (Visual Studio) to a Windows process with Low Integrity Level.
This is a snippet of the failing code:
using namespace winrt::Windows::Foundation;
using namespace winrt::Windows::Web::Http;
...
auto client = HttpClient{};
auto response = co_await client.GetAsync(
Uri{L"https://raw.githubusercontent.com/microsoft/react-native-windows/main/.yarnrc.yml"});
auto body = co_await response.Content().ReadAsStringAsync();
Follow the repo's README for building instructions.
Open with Visual Studio.
Start project SandboxLauncher.
This will launch process SandboxTest with Lower Integrity Level.
When prompted, attach the Visual Studio Debugger to SandboxTest.exe, then press ENTER.
The program will fail with the following message:
[0x80070005] A network capability is required to access this network resource
Remarks:
If SandboxLauncher is started without attaching the debugger when SandboxTest prompts for it, the program will succeed.
If the SandboxTest project is launched directly, it will have a Medium Integrity Level (or High, if running Visual Studio as an Administrator) and attaching the debugger won't cause the failure. The program will succeed.
The problem doesn't show if the HTTP call is made via plain WinInet APIs. There may be some interaction issues between Visual Studio's debugger and WinRT/COM.
This is not the issue with Universal (UWP) apps that lack the "private network client" capabilities. Normal Win32 (Desktop) apps do not have a manifest that grants such capabilities.
Is there a specific set up needed for Low IL processes and debuggers?
Related
Microsoft announced the expiration of Basic Authentication in Exchange Online except STMP AUTH, but no guarantee on using it for long term. So, I decide to start the change with our Reports delivery in SSRS 2016 which mainly via SMTP email right now.
After reading many sources, I found that SSRS has Report Delivery Extension which we can build assembly to customize new Delivery Method, and from here I can send the Report Email through Microsoft Graph & Azure Identity.
Link of delivery extension
In the Project, I added Nuget Package of:
Microsoft Graph package version 4.47
Azure Identity version 1.8
the VS automatically add other dependencies to project and I can build the project successfully without any Warnings or Error
However, deploying the assembly to SSRS, after the subscription runs, I got the error in the log as following:
notification!WindowsService_0!59ac!11/18/2022-16:42:08:: i INFO: Notification 27e69a92-12b9-4ab8-984f-d5910af77de7 completed. Success: True, Status: Error: Could not load file or assembly 'Microsoft.Identity.Client, Version=4.46.0.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
I check carefully the dependency of other assembly in nuget website, but nothing indicates that I'm using wrong version. The Microsoft.Identity.Client.dll file is copied to Bin folder of ReportServer.
I tried to update the Microsoft.Identity.Client.dll file with version 4.46.0 in nuget (ignore the dependencies), but another assembly version mismatch comes up:
notification!WindowsService_0!4d94!11/17/2022-23:59:03:: i INFO: Notification b82bb214-3880-4f80-857b-cdf42cde8ff0 completed. Success: True, Status: Error: Could not load file or assembly 'System.Diagnostics.DiagnosticSource, Version=4.0.4.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
And now, I could not find the System.Diagnostics.DiagnosticSource.dll with version 4.0.4.
I can only find version 4.0.0 or 4.3 above.
Now I'm stuck here.
Does anyone have experience on this?
How can I bypass this dependency check?
I even try to downgrade version of Azure.Identity version to lower one, but still stop at the System.Diagnostics version 4.0.4
Then I create a Console Application which I just send a test email with all latest version of assembly Azure.Identity and Microsoft.Graph on the same server (same .Net Framework 4.7.2 and same firewall configuration). It can be sent sucessfully.
I'm in doubt that SSRS 2016 has any assembly confliction which point to lower version of those assemblies.
I have the exact same problem, but with building an add-on for Act! for Windows. My code works outside Act! in a standalone .NET 4.7.2 app, but I get the exact same conflict as described above when loaded within Act!. That said, Act! itself doesn't even use Microsoft.Identity.Client (that dll is not part of it)
I created an Android Studio project from this sample NDK project provided by Google and changed a couple things so I could try to leverage Houdini arm to x86 translation:
In app/build.gradle I set abiFilters to armeabi-v7a.
In Application.mk I changed APP_ABI from all to armeabi-v7a so that x86 native libraries won't be created.
Also in Application.mk, I changed APP_STL from stlport_static to gnustl_shared.
You can see the modified code in this repo.
Then I ran the app in the BlueStacks emulator, which supports Houdini. I get the following error:
11-21 00:42:19.742 9947-9947/? D/houdini: [9947] Loading library(version: 4.0.8.45720 RELEASE)... successfully.
11-21 00:42:19.742 9947-9947/? D/houdini: [9947] Unsupported feature (ID:0x10600cae).
11-21 00:42:19.742 9947-9947/? D/houdini: [9947] Open Native Library /data/app-lib/com.sample.teapot-2/libTeapotNativeActivity.so failed.
...
java.lang.RuntimeException: Unable to start activity ComponentInfo{com.sample.teapot/com.sample.teapot.TeapotNativeActivity}: java.lang.IllegalArgumentException: Unable to load native library: /data/app-lib/com.sample.teapot-2/libTeapotNativeActivity.so
If I make APP_STL any of the supported values with shared I get this error, and with static it works fine. I'd like to get shared working, to solve this issue in React Native. Does shared STL not work with Houdini? Any workarounds?
I created a test App with brokered copmonent and it runs smooth on my machine, but when moved it to a tablet and did all the required settings (regsvr32, icacls), it throws an exception. then I went and downloaded the Microsoft Northwind sample and it act the same. works fine on my machine but not on the other tablet. Am I missing any thing here? here is the exception, it's casting exception and Access denied exception:
Unable to cast COM object of type 'NorthwindRT.DAL.FileWatcher' to interface type 'NorthwindRT.DAL.IFileWatcherClass'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{23F40340-AEB1-5774-5705-64488C9BDD3A}' failed due to the following error: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).
but I did on the tablet the same things I did on the developing machine!
I moved the required files to the correct directory and enabled read/execute to all applications and I registered the proxy using regsvr32. Also the user can access the directory where the implementation dll is located so Access is denied exception is weird.
I did my research about brokered comp and I am doing exactly like the available documentations!
Any Ideas? Am I missing anything here? Is there extra settings I need to do? is my system missing any required dlls?
The App does not have access to msvcr120d.dll
add "ALL APPLICATION PACKAGES" to this dll and it will solve the issue.
I am also working on brokered component, so far I did had some success in development as well as deployment.
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
You need to run icacls in the folder where you have the proxystub.dll and the winmd implementation.
icacls . /T /grant "ALL APPLICATION PACKAGES":RX
Now if you're deploying to a device that does not have a dev environment (i.e. Visual studio), you need to install Visual C++ Redistributable for Visual Studio 2015 (you can use whatever VS version you have, it just happend that i am using VS2015). You can download it here. And one more thing, since you don't have a development environment in the device, you would like to deploy Release assemblies not Debug so that the assemblies won't be referencing libraries or dll that is for debug (i.e. msvcr120.dll instead of msvcr120d.dll) because it won't be found in a clean device.
Lastly, I have a blog about brokered component. You might want to check it out.
I am running a .NET 4.0 web application locally using the Visual Studio Development Server (built in web server with VS2010), and for the last couple months, my StructureMap bootstrapper file has worked perfectly.
I'm using StructureMap 2.6.1
I have not changed the Bootstrapper file or the Web.config file, and suddenly, I'm getting this strange error when trying to start up my web application.
Here is the error being thrown from the website:
it's a bit tough to read. It says:
Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.
Exception Details: System.Security.SecurityException. Request Failed.
here is the code in my bootstrapper file:
public class BootStrapper
{
public static void ConfigureStructureMap()
{
ObjectFactory.Initialize(x =>
{
x.AddRegistry<ProductRegistry>();
});
}
}
public class ProductRegistry : Registry
{
public ProductRegistry()
{
For<IFirmRepository>()
.Use<FirmRepository>().Ctor<string>("connectionString").Is(ConfigurationManager.ConnectionStrings["FeesAndFlows"].ConnectionString);
For<ICryptographyService>()
.Use<Rijndael>();
For<IUserRepository>()
.Use<UserRepository>().Ctor<string>("connectionString").Is(ConfigurationManager.ConnectionStrings["FeesAndFlows"].ConnectionString);
For<IAuthenticationService>()
.Use<AuthenticationService>();
For<ILogger>()
.Use<DatabaseLogger>();
}
}
The error is being thrown on this line:
x.AddRegistry<ProductRegistry>();
I've already tried adding each of these lines to my Web.config file, one at a time, and they didn't fix the problem:
<trust level="Full" />
and
<securityPolicy>
<trustLevel name="Full" policyFile="internal"/>
</securityPolicy>
Does anyone have any ideas or might have heard of a problem like this? It's pretty important, b/c without StructureMap starting up correctly, my entire application will not run.
Thanks,
Mike
UPDATE:
Ok, so it appears my problem is local. Other developers here can download the code, and runs it just fine on their local machines. Weird. They bootstrap StructurMap just fine and all instances are resolved...
Any ideas on why just my machine can't bootstrap StructureMap when running in debug mode locally for my web project?
Are you running the code from a network drive by any chance (ie is your documents folder redirected onto a network drive)? Are you in an enterprise environment running on a domain?
If the former it's likely that the code is running in the intranet security context. If the former isn't true but the later is, then its quite possible that a network administrator has changed the enterprise wide CAS policy.
Okay, so this was the problem. The StructureMap.dll was blocked by Win 7. I don't know how is become blocked or where it became blocked, but apparently, when I downloaded the StructureMap.zip file onto my system, the .zip file was blocked, which in turn, led to all the items extracted from the .zip file being blocked as well.
Every time I unblocked it, it went back to blocked when I tried to run the web app.
The way I fixed it was to go back to the original .zip file, unblock it, extract it, and then replace my StruectureMap.dll reference with one that was not blocked.
Insane.
I don't even know WHAT causes file to suddenly become blocked or what process in Windows 7 determines what file(s) should be blocked, but this strange operating system "feature" cost me a day's worth of work.
I had the exact same issue at the exact same place, ObjectFactory.Initialize:
Server Error in '/X.ServiceHost' Application.
Inheritance security rules violated while overriding member:
'StructureMap.StructureMapException.GetObjectData(System.Runtime.Serialization.SerializationInfo,
System.Runtime.Serialization.StreamingContext)'. Security
accessibility of the overriding method must match the security
accessibility of the method being overriden.
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.
Exception Details: System.TypeLoadException: Inheritance security
rules violated while overriding member:
'StructureMap.StructureMapException.GetObjectData(System.Runtime.Serialization.SerializationInfo,
System.Runtime.Serialization.StreamingContext)'. Security
accessibility of the overriding method must match the security
accessibility of the method being overriden.
Getting the latest StructureMap package from NuGet (2.6.4.1) fixed the issue.
StructureMap NuGet Package
We have an .NET desktop application that crashed in production. How do we diagnose the error? I'd like to know the type of exception that occurred, the error message, and the stack trace.
Because the exception wasn't handled by our code, we received the "This application has encountered a problem and needs to close" Windows message box. The only option was to close, there was no debug button.
This MSDN article suggested looking in the Windows Event registry. I checked there, and here's the information inside it:
Faulting application Initect.Server.UI.exe,
version 0.12.9084.90,
time stamp 0x49cac472,
faulting module KERNEL32.dll,
version 6.0.6001.18000,
time stamp 0x4791a81d,
exception code 0xe0434f4d,
fault offset 0x0002f35f,
process id 0x44c,
application start time 0x01c9ada7f320cab0
How can this information tell me the exception type, the stack trace, and the error message?
That information isn't enough to get you a stack trace, exception type, error message, etc.
You can configure Windows Error Reporting (which showed you the problem & needs to close UI) on Windows Server 2008 to always collect a dump file that you can then debug. This doesn't require you to install Visual Studio or any other debugger in your production environment.
http://blogs.technet.com/askperf/archive/2008/02/05/ws2008-windows-error-reporting.aspx shows the proper registry settings to do this.