1

I am finding myself out of my depth when trying to programatically add a Windows 8 'Metro' application to the Loopback exceptions list using the code provided by Microsoft below:

// Call this API to enumerate all of the AppContainers on the system 
[DllImport("FirewallAPI.dll")] 
internal static extern uint NetworkIsolationEnumAppContainers(out uint pdwCntPublicACs, out IntPtr ppACs); 

// Call this API to free the memory returned by the Enumeration API 
[DllImport("FirewallAPI.dll")] 
internal static extern void NetworkIsolationFreeAppContainers(IntPtr pACs); 

// Call this API to load the current list of Loopback-enabled AppContainers
[DllImport("FirewallAPI.dll")] 
internal static extern uint NetworkIsolationGetAppContainerConfig(out uint pdwCntACs, out IntPtr appContainerSids); 

// Call this API to set the Loopback-exemption list 
[DllImport("FirewallAPI.dll")]
internal static extern uint NetworkIsolationSetAppContainerConfig(uint pdwCntACs, SID_AND_ATTRIBUTES[] appContainerSids); 

// Use this API to convert a string SID into an actual SID 
[DllImport("advapi32.dll", SetLastError=true)]
internal static extern bool ConvertStringSidToSid(string strSid, out IntPtr pSid); 

// Use this API to convert a string reference (e.g. "@{blah.pri?ms-resource://whatever}") into a plain string 
[DllImport("shlwapi.dll", CharSet=CharSet.Unicode, ExactSpelling=true)] 
internal static extern int SHLoadIndirectString(string pszSource, StringBuilder pszOutBuf, int cchOutBuf, IntPtr ppvReserved);

For those unaware of the Windows 8 application security, 'Metro' apps are not allowed to communicate with localhost unless added to the exceptions list. The above code facilitates this (apparently), but I cannot work out for example how to add Internet Explorer to the exceptions list.

Can anybody provide any examples on how to use this code? I'm really lost!

user4344582
  • 31
  • 2
  • Why aren't you using the CheckNetIsolation.exe tool? http://msdn.microsoft.com/en-us/library/windows/apps/Hh780593.aspx – Matt Small Jan 12 '15 at 14:13
  • I want to include the ability to disable/enable it as part of the code in my app. Yes, I know I could just execute checknetisolation.exe but that seems pretty lame. – user4344582 Jan 12 '15 at 14:54
  • Seems lame... to use a tool which was designed to do exactly this. – Matt Small Jan 12 '15 at 19:09
  • Yes. Launching a command line app which may be different in future versions of Windows is asking for trouble. Further, would you use `System.Diagnostics.Process.Start("CMD.exe",....);` or `System.IO.File.Copy` to copy a file? – user4344582 Jan 12 '15 at 19:22
  • If they change the command line then they'll probably change the underlying code as well. Where did you find the instructions for doing this programmatically? You're not planning on submitting this to the store, are you? Also, I would use a brokered component to do this. – Matt Small Jan 13 '15 at 13:22

1 Answers1

0

Example adding Edge to exceptions:

// We need construct PSID from this string sid
const string EDGE_SID = "S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194";
IntPtr pSid = IntPtr.Zero;
ConvertStringSidToSid(EDGE_SID, out pSid); // Pinvoked

List<SID_AND_ATTRIBUTES> list = PI_NetworkIsolationGetAppContainerConfig(); // For simplicity, this is borrowed from complex example below.

SID_AND_ATTRIBUTES item = new SID_AND_ATTRIBUTES(); // This Struct can be found in complex example too
item.Sid = sid;
list.Add(item);

uint r = NetworkIsolationSetAppContainerConfig((uint)list.Count, list.ToArray());

Here is complex example of usage.

Vizor
  • 239
  • 2
  • 14