UWP Application - Internal Server could not connect via VPN

Question

UWP Application - Internal Server could not connect via VPN

GS 6

We are developing the UWP application using the Cordova windows. The application connects with server to get the information. The application works perfectly if we connect the "external server host / Public host"

Issue :

If I have tried to connect the "Internal Server" using VPN in application, it does not connect. If run the Fiddler in back ground, it starts to connect the "Internal server" but, every time I could not ask customer to run the fiddler in background.

Kindly Guide me.
Do I need to any configuration inside the UWP application?
Is this a default behavior of UWP application?

Anonymous

2020-11-06T06:02:52.797+00:00

Could you please try to connect the Internal Server with other desktop applications via VPN? Please confirm if this issue happens to all apps using VPN or it happens on specific app types.
GS 6 Reputation points

2020-11-06T12:37:27.53+00:00

Hi,

I have tested the internal server address in browser and terminal. I can connect those servers.

I have tried with the internal address in "Network monitor pro(free edition) even that is also not connecting . I have tried with my UWP application and it is also not working.

I have tried with disable the IPV6 option in systems, it starts to connect.

But Could you please explain the reason for this? But again, Is the only way to work the application using this?

Is there any specific configuration need to add it UWP app?
Anonymous

2020-11-09T07:11:18.203+00:00

Have you enabled the privateNetworkClientServer capability in your app? Another thing that I want to confirm is that have you enabled the local loopback?
GS 6 Reputation points

2020-11-09T11:37:28.977+00:00

1)If we add capability in Remote mode,App will fail in window store validation? Please confirm

2)So have changed from Remote mode to Local mode by adding preferrence
"<preference name="WindowsDefaultUriPrefix" value="ms-appx://" /> " and added "privateNetworkClientServer" cabability as well.

3)API was able access with VPN now but App show CSP warning , so added below meta for inline javascript in CSP

content="default-src gap://ready file:// ; style-src 'self' http:// https:// 'unsafe-inline'; script-src 'self' http:// https:// 'unsafe-inline' 'unsafe-eval'

4)App using google map API inside application.
$.getScript(mapScriptSrc, function (data, textStatus, jqxhr) {

But,
App is not to loading the map. could you please share the possibilities to show inline javascript?
And will there be any issue while submitting to Windows store with above changes?
Anonymous

2020-11-10T03:17:00.397+00:00

The privateNetworkClientServer capability is a general-use capability, it won't fall in windows store validation. And please check the local loopback I mentioned previously as well.
Aishwarya Vengadesan 1 Reputation point

2020-11-10T05:16:08.877+00:00

1)As per the below link if privateNetworkClientServer capability is added in Remote mode App(<uap:Rule Match="ms-appx-web:///" Type="include" WindowsRuntimeAccess="all" />) it will lead to failing windows store certification,
https://social.msdn.microsoft.com/Forums/en-US/5a227957-ae87-44f2-b1af-b3a3c4d71b25/windows-store-uwp-applicationcontenturirule-with-all-or-allowforwebonly?forum=windowsstore
So to overcome this changed Remote mode to local mode, where it ended up with Google map API issue.
Is it fine to use privateNetworkClientServer capability in Remote mode?

2)BTW trying local loopback on other side as well
GS 6 Reputation points

2020-11-10T10:54:33.237+00:00

Do we need to enable this local loopback in app installing machine or build taking machine or server ? Please confirm.

I have tried in loopback option in app installing machine but it does not work. It does not connect the VPN machine.

We have tried the privateNetworkClientServer in Remote mode. It works fine. But please confirm, whether Windows store allow this build to submit it or not. Some of the link says windows rejects these application.
Anonymous

2020-11-12T06:28:49.59+00:00

I just noticed that you are using Cordova windows in your app, I'm not sure if the third-party library would work with the capability or not. But you could try it.
GS 6 Reputation points

2020-11-12T06:32:59.383+00:00

This "privateNetworkClientServer" capabilities it works in windows - Cordova windows application. The application is in "RemoteMode"

My only concern is after introduce this capability, the windows store validation gets fail or not.

I hope, It wont reject it. Kindly confirm
Anonymous

2020-11-13T08:50:39.343+00:00

I've asked other engineers about this.
GS 6 Reputation points

2020-11-16T04:44:24.247+00:00

Thank you.. If you have received any updates, Kindly let me know.
GS 6 Reputation points

2020-11-30T12:05:34.417+00:00

Hi RoyLi,

We are planning to upload the Cordova windows app in "RemoteMode" with enabled the "PrivateNetworkClientServer" capability. I hope ,the store does not reject the application during the certification verification process.

Could you please get any details about this rejection? It would be helpful, if you confirm these details to us before upload the application. Since our customer does not want any store rejection after upload this application because of this fix.
Anonymous

2020-12-01T02:40:55.213+00:00

I searched a little bit about this. It is mentioned in the Cordova document - Windows Platform Guide that there are capabilities that are unavailable when deploying your Remote Mode application to the Windows Store like PrivateNetworkClientServer. In the document, it also says the solution about this. You could open your search engine and search for "Cordova document - Windows Platform Guide" to check that.
GS 6 Reputation points

2020-12-01T08:07:31.7+00:00

Thank you RoyLi.

We have already checked the site,so that we got doubt about the window store(if we publish application in store as public mode) rejection.

In the Cordova windows application, we. have used the $.ajax to make web service call. $.ajax internally uses the XMLHttpRequest to make the call.

But, Still the application does not allow to access the servers via VPN.

Do I really need to add any other possibilities / capability in UWP application end since "PrivateNEtworkClientSErver" is unavailable in remoteMode.

Do I need to add any configuration in server side? But the request is not reach to server from the UWP application. The request status is 0 so the UWP(Client) application has problem.

Kindly guide us any other possibilities. We are sticking with this issues more 6 months. Tried with lot of possibilities. But No fix as of now.
Anonymous

2020-12-02T03:25:05.043+00:00

I've confirmed with other engineers, PrivateNEtworkClientSErver is the only solution that makes sure your remote Cordova app could run correctly in a VPN environment, and in the meantime, you could not publish your app to the store due to store policy. You will need to distribute your app on your own.
GS 6 Reputation points

2020-12-24T05:02:27.663+00:00

Thank you RoyLi.

Will the store allow to publish the application as LOB If "PrivateNetworkClientServer" capability has enabled?

OR

Is Sideloading only option to distribute the application?

Kindly confirm.
GS 6 Reputation points

2021-01-05T19:32:22.973+00:00

Hi @Anonymous ,
It would be very helpful if you clarify below queries

1) Will the store allow to publish the application(Cordova UWP) as LOB If "PrivateNetworkClientServer" capability has enabled?

2) Is Sideloading(FTP or some other shared path) only option to distribute the application(Cordova UWP)?

3) It is a limitation of the UWP-Cordova application since it is "Remote Mode" so If we enable the PrivateNetworkClientServer capability, the store rejects based on their policy. right. We have N number of customer to use this application. We are little worry about the "Sideloading" distribution bit overhead to us. Kindly Guide us.

Kindly confirm.
Anonymous

2021-01-06T05:46:48.42+00:00

Sorry for the delay.

Will the store allow to publish the application(Cordova UWP) as LOB If "PrivateNetworkClientServer" capability has enabled?

No, you can't.

Is Sideloading(FTP or some other shared path) only option to distribute the application(Cordova UWP)?

Yes, sideload should be the only way.

For the last, to sideload a UWP app, you will need to tell the users to enable the sideload mode first. You could find it in Settings->For developers. Then you will need to package your project and guide the users to install the package following this document: Create an app package using the packaging wizard.
GS 6 Reputation points

2021-01-06T10:04:25.957+00:00

Hi @Anonymous ,

Thank you so much for your quick support.

We have tried to find a way to enable to "PrivateNetworkClientServer" dynamically(RunTime) but we could not make it.

We have referred the below document also, https://learn.microsoft.com/en-us/windows/uwp/devices-sensors/enable-device-capabilities
.(Please refer sections : Use the Windows Runtime API for communicating with your device)

1) Will it possible to enable the "PrivateNetworkClientServer" dynamically for UWP application?
2) Sideloading app can install in the systems using Powershell or Manual installation, But
a) any default MDM available to share app to different organization people?

Kindly clarify it.
Anonymous

2021-01-07T01:47:37.087+00:00

Will it possible to enable the "PrivateNetworkClientServer" dynamically for the UWP application?

I have to say no, there is no such way to do it.

Sideloading app can install in the systems using Powershell or Manual installation, But any default MDM available to share app to different organization people?

Generally, I suggest installing the app manually. If the MDM could let the user download the complete package and dependencies and run the Powershell, then it should work.