I want to programmatically create a logon account in Windows Vista with UAC enabled.
I have an OCX that creates a user account and it has worked for years on NT and XP, but now our application fails with Access Denied when creating the account on Vista. If our customers turn off UAC then setup that app it works fine. However, it is not acceptable to have our users turn off UAC AND REBOOT before finishing configuring our app.
If you run your application with administrator privileges in Vista, then does it work?
You can also create a COM object with elevated privileges using this code:
HRESULT __stdcall CreateElevatedComObject(HWND hwnd, REFCLSID rclsid, REFIID riid, __out IUnknown ** ppv)
{
OSVERSIONINFO ver={sizeof(ver)};
if (GetVersionEx(&ver) && ver.dwMajorVersion > 5)
{
BIND_OPTS3 bo;
WCHAR wszCLSID[50];
WCHAR wszMonikerName[300];
if (StringFromGUID2(rclsid, wszCLSID, ELEMENTS(wszCLSID)))
{
HRESULT hr = StringCchPrintf(wszMonikerName,
ELEMENTS(wszMonikerName),
L"Elevation:Administrator!new:%s",
wszCLSID);
if (FAILED(hr))
return hr;
memset(&bo, 0, sizeof(bo));
bo.cbStruct = sizeof(bo);
bo.hwnd = hwnd;
bo.dwClassContext = CLSCTX_LOCAL_SERVER;
return CoGetObject(wszMonikerName, &bo, riid, (void **)ppv);
}
return E_FAIL;
}
else
return ::CoCreateInstance(rclsid,NULL,CLSCTX_ALL,riid,(void**)ppv);
}
Running under UAC, it will present an elevation dialog. The object will run out of process in dllhost (I think) but with full admin privileges.
Also look at the step by step guide for UAC in Vista.
Here's another article about dealing with UAC when deploying. Having been through some vista deployment issues already, all I can say to you is good luck. :)
Related
I have two domains A and B, with a user Administrator in each. Both admins have different objectGuids, SIDs and passwords. There's an IIS 8.5 in B configured with Windows Authentication (Methods Negotiate/NTLM, Extended Security disabled, Kernel mode auth enabled). Domain B trusts domain A (one-way trust).
When I now open IE as A\administrator, and connect to the IIS in B, the IIS returns to me that the user logged in is B\administrator (should be A\administrator).
This is my code:
public class UserController : ApiController
{
// GET api/<controller>
public User Get()
{
var usr = ((WindowsIdentity)User.Identity).User;
return new User() {
Name = User.Identity.Name,
SID = usr==null?"":usr.ToString()
};
}
}
Also, the same is in the IIS log:
2018-05-07 09:19:10 172.17.41.31 GET /winauthtest/User - 80 B\Administrator 172.17.42.11 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+10.0;+WOW64;+Trident/7.0;+.NET4.0C;+.NET4.0E) - 404 0 2 31
Is this intended behaviour or a bug, and if it's a bug, where to report the bug?
Can I fix it by changing Windows Authentication settings, or what else could I do about it?
Do you know any other possibility to get the true SID of the user that is accessing my IIS?
OMG, I had the same problem and your problem gave me a hint as to why this is happening. So, running my project in Chrome gives me the wrong domain, while opening in Edge gives me the correct domain. I have my project set up using Windows Authentication and it seems Chrome is in some way blocking Windows Authentication.
This link gives more info.
https://specopssoft.com/blog/configuring-chrome-and-firefox-for-windows-integrated-authentication/
In the end, another of my coworker had the same issue and we couldn't fix it properly. It would misbehave randomly. The only solution that seemed to work was restarting the PC.
I've been a .Net developer for some years now and quite a bit of experience connecting my ASP.Net and winform applications to web services. Recently I started working with Navision, specifically 2009 R2.
I have created a number of applications for ASP.Net and Winforms that connect to Navision's web services successfully and was recently asked to look into developing a Windows Phone 8.1 application to replace an existing application that runs on tablet pcs, and thats where its all gone horribly wrong...
After reading up and a few cases of trial and error, it seems that when I open Visual Studio 2013 and create a Windows Phone 8.1 Runtime application, it has no way of adding a Web Reference or Service Reference to the Navision Web Services.
I started again with w Windows Phone 8.1 (Silverlight) application and at least I get the option to add a Service Reference.
I added the Service Reference that point to my Web Service but the web service requires that the user set a set of credentials (a Windows Domain user account) and at no point was I prompted to enter these. Ok, maybe they're set at runtime...
After following a post in an Microsoft blog that covers connecting to Navision web services using Silverlight 3, I had most of my code in place, but there was still no option to enter any user credentials. It seems that there's a difference between regular Silverlight and the version used in the Windows Phone development environment.
The following code is a method taken from my test application...
protected void ConnectToNav()
{
try
{
string serviceURL = "http://192.168.0.50:7047/DynamicsNAV/WS/TestCompany/Page/svcUser";
svcUser_PortClient userService = new svcUser_PortClient("svcUser_Port", new EndpointAddress(serviceURL));
userService.ClientCredentials.UserName.UserName = #"Domain\User";
userService.ClientCredentials.UserName.Password = #"Password";
userService.ReadMultipleCompleted += delegate(object sender, ReadMultipleCompletedEventArgs e)
{
display(e.Error.Message);
if (e.Result.Length > 0)
{
display("10 Users:");
for (int i = 0; i < e.Result.Length; i++)
{
display(e.Result[i].ToString());
}
}
};
List<svcUser_Filter> filters = new List<svcUser_Filter>();
userService.ReadMultipleAsync(filters.ToArray(), null, 10);
}
catch (Exception ex)
{
display(ex.Message);
}
}
public void display(string s)
{
this.OutputTextBox.Text += s + Environment.NewLine;
}
and this is the error that gets returned...
The remote Server returned an unexpected response: (401) Unauthorized. In Silverlight, a 404 response code may be reported even when the service sends a difference error code.
I'd love to hear from anyone that has either got this working, or know of any good reference for this and how to get it working.
I would recommend using Windows Phone Runtime for easy of migration going forward. What you could do is use ASP.NET Web API and consume the NAV web service in that, while you then call the Web API from your Windows Phone app. Would this work for you?
Here's a good resource on ASP.NET Web API.
I am trying to create a local workspace so I can map it to VisualStudio online account. Here is the command I am trying to run.
tf workspace -new -login:"Windows Live ID"\user,pass -collection:https://shaggyinjun.visualstudio.com/DefaultCollection
For some reason I am seeing an error. The command does have a domain/user,pass. What is this new username and password it is asking me for ?
Federated authentication to this server requires a username and password.
Apparantly this is issue is caused even when using java clients. Here is what Visual Studio Online has to say for it's questionable behavior.
Alternate authentication credentials
Some applications that work outside the browser (including Team Explorer Everywhere
command line client and the git-tf utility) require basic authentication credentials.
Other applications do not properly handle using an e-mail address for the user name
during authentication.
To work with these applications, you need to enable alternate credentials, set a
password, and optionally set a secondary user name not in the form of an e-mail address. > Please note that alternate credentials cannot be used to sign in to the service from a web
browser or outside of these applications.
Here is another question that I posted and was shot down. Just documenting here for future reference
I am able to login using my Visual Studio online credentials via the CLC, but When I try to do the same with a java program, I get an Authentication exception. Is there anything special that needs to be done for Java and / or Visual Studio Online ?
Java Code
public static final String NATIVE_LIBS_SYSTEM_PROPERTY = "com.microsoft.tfs.jni.native.base-directory";
public void connect() {
System.setProperty(NATIVE_LIBS_SYSTEM_PROPERTY, TFS_NATIVE_LIBS_HOME);
Credentials credentials = new UsernamePasswordCredentials("Windows Live ID\\user", "password");
TFSConnection connection = null;
try {
connection = new TFSConfigurationServer(new URI("https://shaggyinjun.visualstudio.com/DefaultCollection"), credentials);
connection.authenticate();
} catch (URISyntaxException ex) {
Exceptions.printStackTrace(ex);
}
}
}
Exception
com.microsoft.tfs.core.ws.runtime.exceptions.UnauthorizedException: Authorization failure connecting to 'https://shaggyinjun.visualstudio.com/DefaultCollection/TeamFoundation/Administration/v3.0/LocationService.asmx' (authenticating as Windows Live ID\user)
at com.microsoft.tfs.core.ws.runtime.client.SOAPService.executeSOAPRequestInternal(SOAPService.java:709)
at com.microsoft.tfs.core.ws.runtime.client.SOAPService.executeSOAPRequest(SOAPService.java:473)
at ms.ws._LocationWebServiceSoap12Service.connect(_LocationWebServiceSoap12Service.java:384)
at com.microsoft.tfs.core.clients.framework.location.internal.LocationWebServiceProxy.connect(LocationWebServiceProxy.java:70)
Caused: com.microsoft.tfs.core.exceptions.TFSUnauthorizedException: Access denied connecting to TFS server https://shaggyinjun.visualstudio.com/ (authenticating as Windows Live ID\venkatram.akkineni#gmail.com)
at com.microsoft.tfs.core.exceptions.mappers.TECoreExceptionMapper.map(TECoreExceptionMapper.java:75)
at com.microsoft.tfs.core.exceptions.mappers.LocationExceptionMapper.map(LocationExceptionMapper.java:32)
at com.microsoft.tfs.core.clients.framework.location.internal.LocationWebServiceProxy.connect(LocationWebServiceProxy.java:76)
at com.microsoft.tfs.core.clients.framework.location.LocationService.connect(LocationService.java:754)
at com.microsoft.tfs.core.clients.framework.location.LocationService.authenticate(LocationService.java:928)
at com.microsoft.tfs.core.TFSConnection.authenticate(TFSConnection.java:748)
at org.netbeans.modules.libswrapper.Installer.restored(Installer.java:54)
at org.netbeans.core.startup.NbInstaller.loadCode(NbInstaller.java:471)
[catch] at org.netbeans.core.startup.NbInstaller.loadImpl(NbInstaller.java:394)
at org.netbeans.core.startup.NbInstaller.access$000(NbInstaller.java:105)
at org.netbeans.core.startup.NbInstaller$1.run(NbInstaller.java:346)
at org.openide.filesystems.FileUtil$2.run(FileUtil.java:447)
at org.openide.filesystems.EventControl.runAtomicAction(EventControl.java:127)
at org.openide.filesystems.FileSystem.runAtomicAction(FileSystem.java:609)
at org.openide.filesystems.FileUtil.runAtomicAction(FileUtil.java:431)
at org.openide.filesystems.FileUtil.runAtomicAction(FileUtil.java:451)
at org.netbeans.core.startup.NbInstaller.load(NbInstaller.java:343)
at org.netbeans.ModuleManager.enable(ModuleManager.java:1194)
at org.netbeans.ModuleManager.enable(ModuleManager.java:1017)
at org.netbeans.core.startup.ModuleList.installNew(ModuleList.java:340)
at org.netbeans.core.startup.ModuleList.access$2400(ModuleList.java:118)
at org.netbeans.core.startup.ModuleList$Listener.stepEnable(ModuleList.java:1409)
at org.netbeans.core.startup.ModuleList$Listener.access$1400(ModuleList.java:1007)
at org.netbeans.core.startup.ModuleList$Listener$1.run(ModuleList.java:1231)
at org.openide.filesystems.EventControl.runAtomicAction(EventControl.java:127)
at org.openide.filesystems.FileSystem.runAtomicAction(FileSystem.java:609)
at org.netbeans.core.startup.ModuleList$Listener.run(ModuleList.java:1207)
at org.openide.util.RequestProcessor$Task.run(RequestProcessor.java:1423)
at org.openide.util.RequestProcessor$Processor.run(RequestProcessor.java:2033)
If you're connecting to visualstudio.com from the cross-platform command line client, you need to set up and use "alternate credentials".
You cannot use a Microsoft Account (Live ID) because - crazy as it sounds - that only works by supplying passwords to that web page and we cannot rely on a web browsers existence on many platforms.
In my Windows Phone 7 and 7.5 apps I used to prompt a message box when the app was launched if the user was already playing music, to notify the user to stop current music to play the sounds, or to exit the app, this was working, but when I coded from the beginning for Windows Phone 8, for some reason this code doesn't work, if you are playing a sound, instead to prompt the notification, the apps opens and close itself.
This is the code I was using:
private void Application_Launching(object sender, LaunchingEventArgs e)
{
FrameworkDispatcher.Update();
if (MediaPlayer.GameHasControl != true)
{
if (MessageBox.Show("This application requires play sounds and stop your currently playlist", "Information",
MessageBoxButton.OK) == MessageBoxResult.OK)
{
MediaPlayer.Stop();
FrameworkDispatcher.Update();
}
}
}
I'm pretty sure must be some change in the Api with the MediaPlayer? I couldn't find any information about that, someone knows how can I fix that?
Thanks!!!
As you guessed,there are some changes in APIs.
First thing I notice, calling MessageBox.Show(string) from the Application_Launching event causes an exception. You app is probably shutting down due to an unhandled exception.
From MSDN: "If you call Show(String) method from the app Activated and Launching event handlers an InvalidOperationException is thrown with the message Error Displaying MessageBox."
EDIT: The documentation on MSDN is unclear whether calling .Show(string, string, messageBoxButton) raises the same exception.
App platform compatibility for Windows Phone
I have a named site collection where FBA is on und i use ActiveDirectoryMembershipProvider.
We have a farm administrator domain\administrator. He is not explicitly sitecollection administrator.
I created a sample console application that I run under the domain\administrator account.
In the code is something like that:
using (SPSite site = new SPSite(serverUrl))
{
using (SPWeb web = site.OpenWeb())
{
Console.WriteLine(web.CurrentUser.LoginName);
Console.WriteLine(WindowsIdentity.GetCurrent().Name);
string userName = "domain\\testuser";
SPUser spUser = web.EnsureUser(userName);
SPGroup group = web.SiteGroups["GroupName"];
group.AddUser(spUser);
group.Update();
}
}
The console output is domain\administrator however I become an AccessDenied exception when I try to add user to the group.
However when I run this with RunWithElevetadPrivileges (which according to all posts I read should have no influence in console app) and set AllowUnsafeUpdates = true (the same story) the code goes smoothly through, no exception thrown and the user is added to the group. The interesting thing is that the user that is written to the console output is still domain\administrator.
So my question is: WTF? Is there a better way? Why is this happenning? Has anyone already had this problem? Should I use another membershipprovider?
Small hint: When the FBA is off I become no exceptions.
RunWithElevatedPrivileges runs code with permissions of user that the application pool runs. It can be other than Administrator. Are you sure you get the same result with RunWithElevatedPrivileges?
Anyway, a better, more reliable way of elevating privileges is to pass system users User token in SPSite constructor. Try it.