Search

Two requestedPrivileges manifest values are placed in clickonce manifest when publishing by Keith Dorken

Closed
as By Design Help for as By Design

1
0
Sign in
 to vote
Type: Bug
ID: 532962
Opened: 2/11/2010 11:18:09 AM
Access Restriction: Public
0
Workaround(s)
0
User(s) can reproduce this bug
Our program has a .manifest file defined that provides the trustInfo manifest for our application as required for Windows 7 and Vista Certification requirements. This manifest is specified in the project Application properties page as an embedded Resource manifest.

When trying to Publish the same application as a ClickOnce application, the generated published manifest includes 'our' trustInfo manifest (at the end) AND one at the beginning defined as
<trustInfo>
    <security>
     <applicationRequestMinimum>
        <PermissionSet version="1" class="System.Security.NamedPermissionSet" Name="LocalIntranet" Description="Default rights given to applications on the local intranet" Unrestricted="true" ID="Custom" SameSite="site" />
        <defaultAssemblyRequest permissionSetReference="Custom" />
     </applicationRequestMinimum>
     <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <!--
         UAC Manifest Options
         If you want to change the Windows User Account Control level replace the
         requestedExecutionLevel node with one of the following.

        <requestedExecutionLevel level="asInvoker" uiAccess="false" />
        <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
        <requestedExecutionLevel level="highestAvailable" uiAccess="false" />

         If you want to utilize File and Registry Virtualization for backward
         compatibility then delete the requestedExecutionLevel node.
    -->
        <requestedExecutionLevel level="asInvoker" uiAccess="false" />
     </requestedPrivileges>
    </security>
</trustInfo>
The Publish option for including the trustInfo from the application manifest is turned OFF, yet the information still seems to be included.
The Enable ClickOnce security settings are enabled on the Security properties page (Full trust application)

When you try to run the clickonce application with both trustInfo sections in the manifest, you get an error:

Activation context generation failed for "C:\Users\kadorken\AppData\Local\Apps\2.0\4WR85383.E2G\PRGV7E7N.J61\main..tion_0000000000000000_0003.0003_8616b506a2e9467b\mainboss.exe.Manifest".Error in manifest or policy file "C:\Users\kadorken\AppData\Local\Apps\2.0\4WR85383.E2G\PRGV7E7N.J61\main..tion_0000000000000000_0003.0003_8616b506a2e9467b\mainboss.exe.Manifest" on line 1005. Multiple requestedPrivileges elements are not allowed in manifest.
Details (expand)

Product Language

English

Version

Visual Studio 2010 Release Candidate

Operating System

Windows 7

Operating System Language

English

Steps to Reproduce

Create a resource manifest with
<?xml version="1.0" encoding="utf-8"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<!-- COMMENT TO TRACK USAGE -->
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
in it;
Specify in the application properties for the program to include the above manifest when building the application.

Turn off the 'Use application manifest for trust information' in the Publish properties page (under Options -> Manifests)

Publish the application and check the application.exe.manifest file to see if two <trustInfo> sections are included. Observe one of them has the <-- COMMENT .. line

Actual Results

Two trustInfo sections in generated manifest

Expected Results

one trustInfo section (should get the application one if the option is set, else the other one)
      You can indicate your satisfaction with how Microsoft handled this issue by completing this quick 3 question survey. [Details]

 

File Attachments
0 attachments
Sign in to post a comment.
Posted by Keith Dorken on 2/16/2010 at 6:35 AM
Thanks for confirmation of the problem. I would suggest this be documented in the help page for Visual Studio so future users can avoid the problem.
Posted by Microsoft on 2/12/2010 at 1:14 PM
Yes the namespaces need to match up exactly to what clickonce expects otherwise the publish tasks will insert the missing namespaces automatically.

Thanks
Saurabh Bhatia
Posted by Microsoft on 2/12/2010 at 12:21 AM
Thanks for your feedback.

We are rerouting this issue to the appropriate group within the Visual Studio Product Team for triage and resolution. These specialized experts will follow-up with your issue.

Thank you
Posted by Keith Dorken on 2/11/2010 at 11:58 AM
I think I worked around it; I changed our manifest file to 'look similar' to the one being insisted upon by Visual Studio Enable ClickOnce security settings:

<?xml version="1.0" encoding="utf-8"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
     <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false" />
     </requestedPrivileges>
     <applicationRequestMinimum>
        <defaultAssemblyRequest permissionSetReference="Custom" />
        <PermissionSet ID="Custom" SameSite="site" Unrestricted="true" />
     </applicationRequestMinimum>
    </security>
</trustInfo>
</assembly>

and now I only end up with one trustInfo section in the generated manifest.
Sign in to post a workaround.
© 2012 Microsoft Corporation. All rights reserved. Microsoft Connect Terms of Use | Trademarks | Privacy Statement