Closed moeller-at-hoelscher closed 4 months ago
florelis
commented
7 months ago You added &msixauth=aad inside the .appinstaller file? If so, it may be fixed by changing it to &msixauth=aad. Since the .appinstaller is an XML file, & has to be escaped. Although it's not clear to me how that would cause that error.
That error message seems to not have been updated since before Windows 11 came out, I'll update it.
moeller-at-hoelscher
commented
7 months ago I'm using the "Create App Installer file" task from within a classic release pipeline, and add the &msixauth=aad to its "Main Packagre/Bundle URI" parameter. And if I review the resulting .appinstaller file, it is escaped as you suggested. So I think this is all fine.
I then checked the logs at %localappdata%\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState and what I do see there is
[Fri Nov 17 15:22:19 2023]{25000d} GetIsAuthenticatedLinkSupported -> False
So, to me it looks as if either Windows or my user account is not configured correctly to use this feature?
And one last question maybe: The documentation tells that only the .msix file is allowed to require authentication, while the .appinstaller file must be publicly accessible. But the log file at least checks on the .appinstaller whether its using auth or not:
[Fri Nov 17 15:22:17 2023]{25000d} Parsed AppInstaller URI: source: [https://*******.azurewebsites.net/MyApp.appinstaller], activationUri: [N/A], checkForUdpates: [N/A], msixauth [no]
So, maybe the documentation is wrong and it must be protected, too?
florelis
commented
7 months ago That log line for GetIsAuthenticatedLinkSupported is a red herring, it always returns false and the check that is actually used for the feature is performed after that. I need to fix that.
The line you're actually interested in is the one that says GetIsAuthenticatedLinkForAzureSupported right after that. Authenticated links are only supported on Windows 11.
So, maybe the documentation is wrong and it must be protected, too?
.appinstaller files protected behind AAD auth are only supported in the latest version of App Installer (v1.21+). Previous versions do check for msixauth as you see in the logs, but there was a bug that prevented it to work properly for .appinstaller files.
moeller-at-hoelscher
commented
7 months ago Thanks for the reply, but I'm not sure what to do with it. I'm a bit confused with versions, names and projects (App-Installer vs. msixCore vs. msix-cli vs. win-get).
So, maybe you can be answer thefollowng questions:
moeller-at-hoelscher
commented
7 months ago Small update: This seems to be the version I'm using, if I don't confuse anything here:
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.22.3172.0_x64__8wekyb3d8bbwe
DrusTheAxe
commented
7 months ago how can I check the curently installed version of app-installer?
Programmatically?
TryGetAppInstallerVersionForCurrentUser()
{
var package = PackageManager.FindPackageForUser("", "Microsoft.DesktopAppInstaller_8wekyb3d8bbwe")
if found return package.Id.Version
}Interactively?
powershell -c Get-AppxPackage Microsoft.DesktopAppInstaller
florelis
commented
7 months ago I'm a bit confused with versions, names and projects (
App-Installervs.msixCorevs.msix-clivs.win-get)
Yeah, it's pretty confusing...
I don't know what msix-cli is
Most of these things have independent version numbers, except for App Installer (app) and winget. winget is included in the same package as App Installer (Microsoft.DesktopAppInstaller), but it has a different version number. For example, the latest release version of App Installer is 1.21.3133.0, which includes winget 1.6.3133.0. The second part of the version has an offset, but the first and third part are the same. The next preview version has App Installer v1.22 and winget v1.7.
- Is this msixauth feature currently supposed to work on Windows 11 23H2?
Yes.
- what is the required version of app-installer to get this to work?
v1.21. In previous versions you could use msixauth but only with packages, not .appinstaller files
- how can I check the curently installed version of app-installer?
There are multiple ways
Get-AppPackage *AppInstaller* and you don't need to remember the Microsoft.Desktop part.winget --info. You can also do winget --version but then you would have to map that to the package version
- where can I get the latest version if not installed?
From the Microsoft Store listing, or from the winget Releases page. If you get it from the winget Releases, you will get a .msixbundle that you will then have to install. There are also the short links https://aka.ms/GetWinGet and https://aka.ms/GetWinGetPreview
- Is there anything else I have to make sure that it is installed / configured?
There shouldn't be.
App Installer
Describe the bug I added the "msixauth=aad" suffix to the link to my msix file (inside my appinstaller file), but when I now run the appinstaller file, I get an error stating that "App installer authentication is not supported on this OS version. Please update to the latest version of Windows 10".
To Reproduce Just place the msix file on a secured location (mine is a static file on an azure web app) and add the "&msixauth=aad" suffix to the link to it.
Expected behavior Asking for authentication and then download the msix for installation.
Platform I have tested this on Windows 10 22H2 and Windows 11 23H2, with both updating the App-Installer from the store to the latest version available.