ghostidentity
commented
1 month ago The console based project with admin does work but not winui3 - package.
Closed ghostidentity closed 1 month ago
ghostidentity
commented
1 month ago The console based project with admin does work but not winui3 - package.
GregDomzalski
commented
1 month ago Does converting to adding the WinUI3 package force you into the UWP sandboxed environment? Or are you still a standard win32 process?
Based on the exception, it seems like we were unable to enumerate the underlying HID FIDO device at all. As a fallback, we'll try connecting to the smart card device, but that too looks like you have insufficient permissions to open a handle to it.
Kind of feels like you got stuck in the sandbox somehow...?
ghostidentity
commented
1 month ago Hello,
I confirmed that when running the project on IDE with admin permission,it's not able to establish fido2 sesion. But running the compiled app directly as administrator able to start the fido2 session.
But the development workflow is problematic, because I should be able to start the fido2 session if the IDE has admin permission ?
On the screenshot, the prompt window able to return the public key as part of makeCredential process.
GregDomzalski
commented
1 month ago Yeah - that seems very strange. Perhaps check your run configuration / run settings in the IDE? https://learn.microsoft.com/en-us/visualstudio/debugger/project-settings-for-csharp-debug-configurations-dotnetcore?view=vs-2022
This kind of seems more like a Visual Studio / configuration issue than SDK - but I'm happy to still bounce ideas on what to investigate.
I'd try and repro, but I'm devving on macOS using JetBrains Rider. 😁 Maybe if @DennisDyallo has some spare cycles, he can try as well?
Also - what is the Sdk attribute and TargetFramework element values set to in your csproj?
ghostidentity
commented
1 month ago Yeah - that seems very strange. Perhaps check your run configuration / run settings in the IDE? https://learn.microsoft.com/en-us/visualstudio/debugger/project-settings-for-csharp-debug-configurations-dotnetcore?view=vs-2022
This kind of seems more like a Visual Studio / configuration issue than SDK - but I'm happy to still bounce ideas on what to investigate.
I'd try and repro, but I'm devving on macOS using JetBrains Rider. 😁 Maybe if @DennisDyallo has some spare cycles, he can try as well?
Also - what is the
Sdkattribute andTargetFrameworkelement values set to in your csproj?
Here are the details:
Windows SDK Buildtools: 10.0.22621.3233 Runtime: .Net 8 Microsoft.WindowsAppSDK: 1.5.240404000
But I dont understand that even using challenge response ex. ChallengeResponseResponse challengeResponseResponse = connection.SendCommand(challengeResponseCommand); will require administrator priviledge.
ghostidentity
commented
1 month ago I will close the issue, as its related to IDE specifically when targetting WinUI 3 - Package setup.
GregDomzalski
commented
1 month ago @ghostidentity Were you able to find a resolution through the tooling? If so, would you mind sharing it back on this thread to help others that may come across the same thing?
ghostidentity
commented
1 month ago I have some solution in mind but I have not tried it yet, so basically, the file: Package.appxmanifest does not support admin elevation so even if the IDE runs as admin it cant start the program with elevated access.
The possible approach is not to use WindowsApSDKSelfContained and edit app.manifest file:
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>reference: https://stackoverflow.com/questions/75175782/winui-application-running-as-administrator
Is there an existing issue for this?
Current Behavior
Hello,
There is a bug where it can't establish fido2 session even the IDE is running with Admin priviledge.
To stablish a fido2 sesion, only the yubikey reference is needed, i can confirm the prcoess able to detect the yubikey because it outputs serial number however, when attempting to create a session, it throws an issue.
IYubiKeyDevice yubiKey = YubiKeyDevice.FindAll().FirstOrDefault(); Fido2Session fido2Session2 = new Fido2Session(yubiKey);
Exception thrown at 0x00007FFAFA7E565C in Client.exe: Microsoft C++ exception: unsigned long at memory location 0x00000051A3378E18. Exception thrown: 'Yubico.PlatformInterop.SCardException' in Yubico.Core.dll
Unable establish fido2 session.Encountered an error while attempting to transmit data to a smart card. SCARD_E_NO_ACCESS: Access is denied to the file. The thread 45000 has exited with code 0 (0x0). Exception thrown at 0x00007FFAFA7E565C (KernelBase.dll) in Client.exe: WinRT originate error - 0x80000013 : 'The given object has already been closed / disposed and may no longer be used.'. The thread 'DManip Delegate Thread' (21176) has exited with code 0 (0x0). Exception thrown at 0x00007FFAFA7E565C (KernelBase.dll) in Client.exe: WinRT originate error - 0x80070005 : 'The caller is not allowed to perform this operation on this object.'.
Do note that prior to fido2 session call, i can confirm that i can interact on the yubikey to encrypt/decrypt value using RSA, which means the yubikey is working except establishing fido2 session.
Expected Behavior
The expected behavior is that it should be able to establsh fido2 session since the ide is running with admin priviledge.
Steps To Reproduce
Create a winui3 project - package, then try to connect with the provided code.
IYubiKeyDevice yubiKey = YubiKeyDevice.FindAll().FirstOrDefault(); Fido2Session fido2Session2 = new Fido2Session(yubiKey);
Version
1.10.0
Version
Yubikey 5 FIPS Series
Anything else?
No response