Dependency on Explorer when process is fully elevated

[olegsavelos]

I have an application using WebView2 to host its interface, the application is always running under Administrative accounts with highest elevation possible and its a requirement. By design WebView2 requires Windows Explorer to be running and initialized in order to be launched with lower privileges. My application run on Windows startup and this hard dependence on Explorer introduces multiple issues.

1. Web view is not usable if custom shell or no shell is enabled on the machine.
2. Hanged or not running Windows Explorer shell process instance can cause very long initialization times or total failures in WebView2.

This hard dependence adds multiple problems that is hard to overcome in order to have consistently working application. There are multiple proposals given in various topics such as terminating\restarting explorer in order to recover failed WebView2 initialization but they are all prone to failure and just add more headaches for us developers.

I recognize that the dependence on Explorer is due to potential security risks but why not give us the developers a way to opt-out and just launch WebView2 process fully elevated?

There are plenty of users requesting this feature and other web engines that support such scenarios so why not WebView2? I really hope that this proposal will be considered.

Thanks!

[novac42]

Thanks for reaching out. Adding @LiangTheDev to see if to add this to our backlog.

[LiangTheDev]

Acknowledge the request, and we have an internal tracking work item on this. To be honest, however, the priority of it is not high though.

[olegsavelos]

This is literally destroying my business, the trust in our product degraded and I dont know if we will be able to recover from this. Choosing Microsoft web view was one of the worst choices my company ever made, countless bugs that have been reported and never being resolved and now enormous costs that we will have to bare in order to move away from web view, honestly this is a mess.

[olegsavelos]

Is anything going to be done with this ?

[olegsavelos]

Will you be addressing this or not ? @LiangTheDev

[LiangTheDev]

This is tracked and subject to prioritization against other works. As far as I know, this feature is not in the list that we plan to address in the near future.

[olegsavelos]

@LiangTheDev Ok so would it be sensible for me to ask you for ask for an workaround? Right now its impossible to know if WebView will start successfully , terminating and restarting explorer will not always work and our application might end up in endless loop trying to start explorer. How should we handle this ? How can we probe the current Explorer stat for ability to launch start web view ?

[LiangTheDev]

That's a fair question.

A quick check would be to call GetShellWindow(). Don't try to create WebView if it returns null. And wait for a little after it returns a valid hwnd before trying to create WebView2. GetShellWindow() returns a valid hwnd means that explorer is running, but it could still in its initialization. So, we wait a little before trying to create WebVew2. If we get HRESULT_FROM_WIN32(ERROR_NOT_FOUND) error back for WebView2 creation, it means that explorer is either not ready or in a messed up state that requires restarting. There is no easy way to differentiate whether it is messed up or still in initialization. Since we have waited a while, it is likely that explorer is in a messed up state.

If the app is running right after user login and we create WebView2 right away, the machine could be busy and explorer might take a long time to be ready. If we could delay WebView2 creation until user interacts with the app, there would be a higher chance that explorer is ready and that we are not in the busy machine startup period. At least don't try to kill explorer before user interact with the app and requires WebView2 to work.

Another workaround would be to not run the WebView2 part elevated, using other ways to communicate between the non elevated process showing UI and a process that runs elevated and does stuff only elevated process can do.

[olegsavelos]

We have tried all the mentioned approaches here, none of them are infallible, in many cases explorer will be in that "messed up state" so even if we restart our app or explorer itself we are still not going to be able to launch the web view. For the use of an separate process yes sure its possible but then it beats the purpose of using WebView at all since we use BlazorWebView which allows us to avoid the complexities of having two different processes.

Currently our application runs almost on 35.000 computers and the error rate in starting is extremely high. Those problems did a huge blow to confidence our customers have in our software in its really drives me crazy since we literally cant do nothing about it. Moving away from WebView now would just be impossible to our small team.

Honestly why don't you just give the developers the choice, other web view engines don't use explorer at all and still deemed safe.

@LiangTheDev

[olegsavelos]

@LiangTheDev @novac42 GetShellWindow will not work no matter if it returns true and no matter for how long we will retry, the explorer will be in a state where its not possible to launch web view, whether its explorer or web view fault it does not matter, we need an workaround or an option to disable launching through explorer!

[olegsavelos]

@LiangTheDev can you confirm that you actually use the ShellExecute to launch explorer as mentioned here https://github.com/MicrosoftEdge/WebView2Feedback/discussions/3997#discussioncomment-7244458 Since you dont really provide any support for this I am considering hooking shell execute in our host process and launching the web view ourselves as admin putting this explorer dependency aside.