l-proger avatar image
0 Votes"
l-proger asked RoyLi-MSFT edited

Calling the AppServiceConnection's openAsync() method fails if the app is started with administrator privileges

I wrote a UWP app (let's call it "server") with the UWP service inside it and a C++ desktop app (let's call it "client") that connects to the server's UWP service using the WinRT API.

The following code works as expected if the client application is run as a login user::

 //Executed inside newly created thread
 connectionStatus = _appServiceConnection->OpenAsync().get();

But this code doesn't work if I run the "client" application "as an administrator". (connectionStatus == AppServiceConnectionStatus::Unknown and I see "access denied" exception deeply inside windows libraries).

I don't need to use the WinRT API with admin rights, but other parts of the "client" app sometimes need to do this. Thus, the user should be able to run the "client" with or without administrator rights.

I have a separate thread dedicated to connecting to the UWP service and processing connection. I tried to drop the elevated rights of the thread security token, but was unsuccessful.

Steps to reproduce:

  1. Clone sample UWP service application ("server"):

  2. Clone sample service client application ("client"):

  3. Build and deploy UwpService application

  4. In VisualStudio in project UwpService open "Package.appxmanifest" file in designer. Go to tab "Packaging", copy value of "Package family name" field.

  5. Open UwpServiceClient project, open file "UwpServiceClient.cpp", go to line 14, replace PackageFamilyName with your own, copied in step 4

  6. Build and run UwpServiceClient application.

Working case: In step 6 you will see "Connect success!" message in console output.

Not working case: Run VisualStudio with administrator privileges, repeat step 6, you will see "Connect fail!" message in console output. Or run compiled UwpServiceClient executable from Explorer by right-clicking it and selecting "Run as administrator". Or run powershell terminal as administrator and run UwpServiceClient executable using terminal.

Do you have any suggestions?

· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

After did some researching on using AppService between win32 app and UWP app. I have some questions about your scenario. First, may I know if your C++ desktop app is a console app or other kind of app like WPF? Second, when using AppService to communicate between win32 app and uwp app, they are packaged in the same desktop bridge app. The win32 app will be launched by the UWP app. Could you please tell me how did you run the win32 app as an administrator?

0 Votes 0 ·

My "client" app is just a regular x64 C++ console application (/SUBSYSTEM:CONSOLE). It is not packaged with the UWP "server" application. To access the UWP service from the desktop world, I link "client" app with "windowsapp.lib" and used WinRT C++ API. Since my "client" console application is not packaged with the UWP server application in any way, there is no problem running it as an "administrator". I tested under VisualStudio running as an administrator. Either right-click the executable file in Explorer and select Run as administrator, or run the executable file in the powershell console with administrator rights.

Without administrator rights, the "client" console application can connect to the UWP service as expected. When running with admin rights, I get " AppServiceConnectionStatus:: Unknown "as a result of "appServiceConnection->OpenAsync().get()" .

0 Votes 0 ·

I updated Issue text with example projects and steps to reproduce.

0 Votes 0 ·

OK, I can reproduce this issue, but I'm not sure why caused this, I will ask the team to confirm it.

1 Vote 1 ·

Hi, according to the reply from team, app service connections are not supported in elevated processes.

0 Votes 0 ·
Show more comments

0 Answers