search

CommunityToolkit / Microsoft.Toolkit.Win32

ARCHIVE - This repository contained XAML Islands wrapper controls and tooling for XAML Islands with WinUI 2, see readme for more info about XAML Islands with WinUI 3 and the WindowsAppSDK.
https://aka.ms/windowsappsdk
Other
383 stars 89 forks source link

WebView control incompatible with low-integrity processes #267

Closed forderud closed 1 year ago

forderud commented 4 years ago

Describe the bug

I'm unable to add a Microsoft.Toolkit.Forms.UI.Controls.WebView control in my C# WinForms application if the process is running in low integrity mode. This makes me unable to display web content with a more modern browser than IE in a security sandboxed .Net application.

Steps to Reproduce

Steps to reproduce the behavior:

  1. Build a C# WinForms application that contain the following code 
    var tmp = new Microsoft.Toolkit.Forms.UI.Controls.WebView();
((System.ComponentModel.ISupportInitialize)tmp).BeginInit();
((System.ComponentModel.ISupportInitialize)tmp).EndInit();
  2. Start command prompt with admin permissions and run "icacls <appname>.exe /setintegritylevel Low" so that it will run in low integrity.
  3. Start the application
  4. Observe System.UnauthorizedAccessException (E_ACCESSDENIED) exception when calling EndInit() if the process is running in low integrity.

Process Explorer can be used to check if a process runs under the low, medium or high integrity.

Expected behavior

The WebView control should start normally, as for medium or high-integrity processes. The legacy System.Windows.Forms.WebBrowser also support low-integrity.

Environment

NuGet Package(s): 
Microsoft.Toolkit.Forms.UI.Controls.WebView
Package Version(s): 
6.0.1

Windows 10 Build Number:
- [ ] Fall Creators Update (16299)
- [ ] April 2018 Update (17134)
- [ ] October 2018 Update (17763)
- [x ] May 2019 Update (18362)
- [ ] Insider Build (build number: )

App min and target version:
- [ ] Fall Creators Update (16299)
- [ ] April 2018 Update (17134)
- [ ] October 2018 Update (17763)
- [ ] May 2019 Update (18362)
- [ ] Insider Build (xxxxx)

Device form factor:
- [ x] Desktop
- [ ] Xbox
- [ ] Surface Hub
- [ ] IoT

Visual Studio 
- [ ] 2017 (version: )
- [x ] 2019 (version: ) 
- [ ] 2019 Preview (version: )

Additional context

Stack trace from failure

System.AggregateException: One or more errors occurred. ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
   at System.StubHelpers.StubHelpers.GetWinRTFactoryObject(IntPtr pCPCMD)
   at Windows.Web.UI.Interop.WebViewControlProcessOptions..ctor()
   at Microsoft.Toolkit.Win32.UI.Controls.Interop.WinRT.WebViewControlProcessOptions.ToWinRtWebViewControlProcessOptions(WebViewControlProcessOptions options) in d:\a\1\s\WebView.Shared\Interop\WinRT\WebViewControlProcessOptions.cs:line 52
   at Microsoft.Toolkit.Forms.UI.Controls.WebView.Initialize() in d:\a\1\s\Microsoft.Toolkit.Forms.UI.Controls.WebView\WebView.Init.cs:line 129
   at Microsoft.Toolkit.Forms.UI.Controls.WebView.System.ComponentModel.ISupportInitialize.EndInit() in d:\a\1\s\Microsoft.Toolkit.Forms.UI.Controls.WebView\WebView.Init.cs:line 67
ghost commented 4 years ago

Hello forderud, thank you for opening an issue with us!

I have automatically added a "needs triage" label to help get things started. Our team will analyze and investigate the issue, and escalate it to the relevant team if possible. Other community members may also look into the issue and provide feedback 🙌

Kyaa-dost commented 4 years ago

pagoe-msft ⬆️ FYI

ghost commented 4 years ago

Hello forderud, thank you for opening an issue with us!

I have automatically added a "needs triage" label to help get things started. Our team will analyze and investigate the issue, and escalate it to the relevant team if possible. Other community members may also look into the issue and provide feedback 🙌

michael-hawker commented 4 years ago

@forderud we just added a capability to WebViewCompatible to fallback if the process is elevated. I'm not sure if that'll also help in this scenario. Can you test out the build from our MyGet feed or we'll have a 6.1-preview out on NuGet soonish as well. Thanks!

forderud commented 4 years ago

@michael-hawker I've now tried both WebView and WebViewCompatible from the latest Microsoft.Toolkit.Forms.UI.Controls.WebView 6.1.0-preview1 on your MyGet feed. Unfortunately, both still fail with a E_ACCESSDENIED when being created from a low-integrity process.

Exception stack trace:

System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
   at System.StubHelpers.StubHelpers.GetWinRTFactoryObject(IntPtr pCPCMD)
   at Windows.Web.UI.Interop.WebViewControlProcessOptions..ctor()
   at Microsoft.Toolkit.Win32.UI.Controls.Interop.WinRT.WebViewControlProcessOptions.ToWinRtWebViewControlProcessOptions(WebViewControlProcessOptions options) in d:\a\1\s\WebView.Shared\Interop\WinRT\WebViewControlProcessOptions.cs:line 52
   at Microsoft.Toolkit.Forms.UI.Controls.WebView.Initialize() in d:\a\1\s\Microsoft.Toolkit.Forms.UI.Controls.WebView\WebView.Init.cs:line 129
   at Microsoft.Toolkit.Forms.UI.Controls.WebView.System.ComponentModel.ISupportInitialize.EndInit() in d:\a\1\s\Microsoft.Toolkit.Forms.UI.Controls.WebView\WebView.Init.cs:line 67
   at Microsoft.Toolkit.Forms.UI.Controls.WebViewCompatible..ctor() in d:\a\1\s\Microsoft.Toolkit.Forms.UI.Controls.WebView\WebViewCompatible.cs:line 27
forderud commented 1 year ago

Gentle reminder.

michael-hawker commented 1 year ago

@forderud the WebView components in this repo or no longer maintained see notice here. You should try WebView2 and see if it has the same issue; if so, please report a new issue on their repository.

forderud commented 1 year ago

I've already registered a corresponding issue on https://github.com/MicrosoftEdge/WebView2Feedback/issues/1969.

michael-hawker commented 1 year ago

Thanks @forderud, I'll close this issue here then, as we don't plan to update any of the code here.