2

We are building an assistant UWP app for Windows 10 & Windows Mobile Devices. On Windows 10 we want to offer some sort of security enforcement to the user, e.g. making sure his antivirus is up to date and so on. This should be done through Powershell with Admin privileges.

Question: What would be the best approach here from architecture & user experience point of view?

Idea 1: Architecture: UWP app communicates with a service (which is written as .NET Core web.api and offers simple REST Interface) and consumes this service through http client.

The service run's as local system. We want to host it in Kestrel webservice as this is supported when targeting .net 4.6. Prototype worked so far but everything runs in debug mode & not sure if there will be some issues with the isolation of UWP apps.

From my point of view, the UWP app is consuming the service through normal http requests which should not be isolated or intercepted in any way, right? There is no difference on consuming a local hosted webapi instead compared to a cloud api from UWP isolation perspective, right?

Idea 2: User experience: User downloads the app from public store. App checks if it is running on Windows 10, if so, it checks if the helper windows service is already installed (through a API call on the webservice). If not, it offers the user the ability to download the service from a web page and install it (evaluated prompt).

What would be the best way to do it? Just giving a download link to the user? Or can I start a process from a UWP app that prompts to install an MSI? It should be as simple as possible.

henrycarteruk
  • 12,708
  • 2
  • 36
  • 40
Sebastian Zolg
  • 1,921
  • 2
  • 14
  • 35
  • 1) UWP apps cannot connect to local host in any way. 2) You cannot start a process from a UWP app, you may choose to give a download link to the user. – Mehrzad Chehraz Nov 25 '16 at 11:38
  • @MehrzadChehraz I think you are right with the second answer. But can you be more clear on answer one? I think a UWP app can communicate with a service if the service offerst a web.api REST Interface, right ? Works in my tests, but not sure if there is any other limitation like with submitting to the store... – Sebastian Zolg Nov 25 '16 at 15:26
  • If the service lives in the same machine, no matter what interface it provides, there is no way to connect to it from a UWP app. It is by design and is part of "Network isolation" that is for (they say) more security. – Mehrzad Chehraz Nov 25 '16 at 15:58
  • hmm, but why can I consume the local webservice during development in visual studio? It works right now. Something different when deploying it later through the store ? Sorry, I don't get it, as the prototype worked for me. It's hard to understand what "isolation" means, as I can connect to the outside through a simple http client within my uwp app. I don't see the point of isolation when localhost is not a valid target, but the internet is. Could provide a sample that shows where a UWP app fails to communicate? – Sebastian Zolg Nov 25 '16 at 16:37
  • 2
    It doesn't make sense but it is not allowed if you want to publish your app into Store. It works in debug mode if related configuration is set in visual studio. [Read this question](http://stackoverflow.com/questions/34589522/cant-see-localhost-from-uwp-app) – Mehrzad Chehraz Nov 25 '16 at 17:21
  • Ok, got it! I read the articles and found it very special that this behavior is disabled by default by visual studio. Looks like sideloading apps is an option. I wonder if this might be an option for LOB Apps provided by Windows Store for Business. Do you know if network loopback would work for such apps when delivered directly to the business store through devcenter & enterprise association? – Sebastian Zolg Nov 25 '16 at 20:20
  • There is a [link](https://msdn.microsoft.com/en-us/library/windows/apps/dn640582.aspx?f=255&MSPPError=-2147217396) in that question regarding to side-loaded apps/ – Mehrzad Chehraz Nov 25 '16 at 22:32
  • Yeah, I saw it but the question is if apps provided by windows store for business (LOB), are belonging to the "sideloaded" category and therefore can be consumed through the store without losing the ability to use network loopback? – Sebastian Zolg Nov 25 '16 at 22:58
  • Any other ideas beside side loading ? I'm asking my self if SignalR could do the trick in future releases of .net core wep.api. I could communication trigger through a cloud infrastructure. A little bit of an overkill, but would enable some more usecases like telemetry ? – Sebastian Zolg Nov 26 '16 at 09:11

0 Answers0