Closed moeller-at-hoelscher closed 4 months ago
You added &msixauth=aad
inside the .appinstaller
file? If so, it may be fixed by changing it to &msixauth=aad
. Since the .appinstaller
is an XML file, &
has to be escaped. Although it's not clear to me how that would cause that error.
That error message seems to not have been updated since before Windows 11 came out, I'll update it.
I'm using the "Create App Installer file" task from within a classic release pipeline, and add the &msixauth=aad
to its "Main Packagre/Bundle URI" parameter. And if I review the resulting .appinstaller
file, it is escaped as you suggested. So I think this is all fine.
I then checked the logs at %localappdata%\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState
and what I do see there is
[Fri Nov 17 15:22:19 2023]{25000d} GetIsAuthenticatedLinkSupported -> False
So, to me it looks as if either Windows or my user account is not configured correctly to use this feature?
And one last question maybe: The documentation tells that only the .msix
file is allowed to require authentication, while the .appinstaller
file must be publicly accessible. But the log file at least checks on the .appinstaller
whether its using auth or not:
[Fri Nov 17 15:22:17 2023]{25000d} Parsed AppInstaller URI: source: [https://*******.azurewebsites.net/MyApp.appinstaller], activationUri: [N/A], checkForUdpates: [N/A], msixauth [no]
So, maybe the documentation is wrong and it must be protected, too?
That log line for GetIsAuthenticatedLinkSupported
is a red herring, it always returns false and the check that is actually used for the feature is performed after that. I need to fix that.
The line you're actually interested in is the one that says GetIsAuthenticatedLinkForAzureSupported
right after that. Authenticated links are only supported on Windows 11.
So, maybe the documentation is wrong and it must be protected, too?
.appinstaller
files protected behind AAD auth are only supported in the latest version of App Installer (v1.21+). Previous versions do check for msixauth as you see in the logs, but there was a bug that prevented it to work properly for .appinstaller
files.
Thanks for the reply, but I'm not sure what to do with it. I'm a bit confused with versions, names and projects (App-Installer
vs. msixCore
vs. msix-cli
vs. win-get
).
So, maybe you can be answer thefollowng questions:
Small update: This seems to be the version I'm using, if I don't confuse anything here:
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.22.3172.0_x64__8wekyb3d8bbwe
how can I check the curently installed version of app-installer?
Programmatically?
TryGetAppInstallerVersionForCurrentUser()
{
var package = PackageManager.FindPackageForUser("", "Microsoft.DesktopAppInstaller_8wekyb3d8bbwe")
if found return package.Id.Version
}
Interactively?
powershell -c Get-AppxPackage Microsoft.DesktopAppInstaller
I'm a bit confused with versions, names and projects (
App-Installer
vs.msixCore
vs.msix-cli
vs.win-get
)
Yeah, it's pretty confusing...
I don't know what msix-cli
is
Most of these things have independent version numbers, except for App Installer (app) and winget. winget is included in the same package as App Installer (Microsoft.DesktopAppInstaller), but it has a different version number. For example, the latest release version of App Installer is 1.21.3133.0, which includes winget 1.6.3133.0. The second part of the version has an offset, but the first and third part are the same. The next preview version has App Installer v1.22 and winget v1.7.
- Is this msixauth feature currently supposed to work on Windows 11 23H2?
Yes.
- what is the required version of app-installer to get this to work?
v1.21. In previous versions you could use msixauth but only with packages, not .appinstaller files
- how can I check the curently installed version of app-installer?
There are multiple ways
Get-AppPackage *AppInstaller*
and you don't need to remember the Microsoft.Desktop
part.winget --info
. You can also do winget --version
but then you would have to map that to the package version
- where can I get the latest version if not installed?
From the Microsoft Store listing, or from the winget Releases page. If you get it from the winget Releases, you will get a .msixbundle that you will then have to install. There are also the short links https://aka.ms/GetWinGet
and https://aka.ms/GetWinGetPreview
- Is there anything else I have to make sure that it is installed / configured?
There shouldn't be.
App Installer
Describe the bug I added the "msixauth=aad" suffix to the link to my msix file (inside my appinstaller file), but when I now run the appinstaller file, I get an error stating that "App installer authentication is not supported on this OS version. Please update to the latest version of Windows 10".
To Reproduce Just place the msix file on a secured location (mine is a static file on an azure web app) and add the "&msixauth=aad" suffix to the link to it.
Expected behavior Asking for authentication and then download the msix for installation.
Platform I have tested this on Windows 10 22H2 and Windows 11 23H2, with both updating the App-Installer from the store to the latest version available.