locked
[UWP]SmartCardProvisioning.RequestVirtualSmartCardCreationAsyncRequires Elevation RRS feed

  • Question

  • Hello All,

    I'm having an issue when trying to provision a new virtual smart card. There does not seem to be any useful documentation on this issue either. 

    When the code gets to the RequestVirtualSmartCardCreationAsync method, it throws "The requested operation requires elevation. (Exception from HRESULT: 0x800702E4)"  Then when I run VS with elevation, the app won't run either because apparently you can't execute store apps with elevation. 

    private async void Button_Click(object sender, RoutedEventArgs e) { var pinPolicy = new SmartCardPinPolicy(); var bytes = new byte[24] { 0, 0, 0, 0,0, 0, 0, 0,0, 0, 0, 0,0, 0, 0, 0,0, 0, 0, 0,0, 0, 0, 0 }; var adminKey = bytes.AsBuffer();

    // FAILES WITH: The requested operation requires elevation. (Exception from HRESULT: 0x800702E4) var provisioning = await SmartCardProvisioning.RequestVirtualSmartCardCreationAsync("My-First-SC", adminKey, pinPolicy); if (provisioning != null) { using (var context = await provisioning.GetChallengeContextAsync()) { var response = ChallengeResponseAlgorithm.CalculateResponse(context.Challenge, adminKey); await context.ProvisionAsync(response, true); } } else { this.ToString(); } }



    - Rashad Rivera www.omegusprime.com


    • Edited by Barry Wang Thursday, October 13, 2016 11:39 AM title tags
    Tuesday, October 11, 2016 11:30 PM

All replies

  • Hello All,

    I'm still a novice to Win10 UWP, but I noticed a strange issue when trying to run an application that requires elevation.  While debugging it locally on my Win 10 anniversary build with VS 2015 Update 3, I get "Element not found" error. This is before the application has a chance to execute.

    Does anyone know why this is? 


    - Rashad Rivera www.omegusprime.com

    • Merged by Xavier Xie-MSFT Friday, October 14, 2016 6:06 AM the same question
    Tuesday, October 11, 2016 11:24 PM
  • Hello Rashad Rivera,

    I see that UWP sample used the same API without any problem:

    https://github.com/Microsoft/Windows-universal-samples/blob/master/Samples/SmartCard/cs/Scenario1_ProvisionTPM.xaml.cs

    So when you run the UWP sample did you get the same error?

    I'm not so sure whether this is a coding issue or environment issue.

    Best regards,

    Barry


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, October 13, 2016 11:38 AM
  • Xavier,

    What I mean is I'm hitting F5 and the Target Device is set to "LOCAL MACHINE".


    - Rashad Rivera www.omegusprime.com

    Thursday, October 13, 2016 11:10 PM
  • Barry,

    It might be an environment issue, but it would be helpful if there was an event log entry saying exactly what the issue is.  Also, there is no documentation from Microsoft on the minimum TMP configuration necessary to create virtual smartcards. 

    It would help if someone could say where these VSC (virtual SmartCard) get created; be it in the registry, file system or other.  Then I could check the permissions for these areas.

    I ran ProcMon on my app and there is a lot of activity, but nothing with an "ACCESS_DENIED" other than the following:

    • RegCreateKey on HCU\S-1-5-19\Software\Microsoft\Cryptography\TMP\Telemetry => ACCESS DENIED
      Desired Access: All Access
    • QuerySecurityFile on D:\$\Temp\App9\App9\bin\x86\Debug\AppX\App9.exe => BUFFER OVERFLOW
      Information: Owner
    • RegCreateKey on HCU\S-1-5-19 => ACCESS DENIED
      Desired Access: Maximum Allowed

    ... the rest is all REPARSE, NAME NOT FOUND, and NO MORE ENTRIES or SUCCESS.

    I'm open to suggestions. 


    - Rashad Rivera www.omegusprime.com



    Thursday, October 13, 2016 11:11 PM
  • @Rashad Rivera,

    >>It might be an environment issue

    Can we understand your problem like this. When you run UWP official sample you can also get the same error, this makes you to think that your problem is a environment related issue?

    >>Also, there is no documentation from Microsoft on the minimum TPM configuration necessary to create virtual smartcards. 

    TPM recommendations

    TPM virtual smart cards are stored in the TPM.  We want to make sure that your system has TPM, can you check and make sure about it first? For more document about TPM you can search with your favorite search engine.

    Best regards,

    Barry


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Sunday, October 16, 2016 5:34 AM
  • My workstation has BitLocker enabled on all HD devices. Could that be affecting Virtual Smart Cards?

    - Rashad Rivera www.omegusprime.com

    Tuesday, October 18, 2016 2:06 AM
  • @Rashad Rivera,

    In my point of view, I don't think BitLocker will affecting Virtual Smart Cards. Have you checked your BIOS to see whether you've enabled TPM?

    Best regards,

    Barry


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, October 20, 2016 3:10 AM
  • Hi,

    I have encountered the same error (The requested operation requires elevation) when calling SmartCardProvisioning.RequestVirtualSmartCardCreationAsync.... In my case, I got this issue when I tried to run the smart card API UWP sample program with a non-admin (Local User) account. In other words, if I run the program with an admin account then everything worked fine.

    Were you also running the program with a non-admin account? Did you find a fix or workaround for this issue? The issue being that the SmartCard API can only be run with an admin account since it requires elevated rights and UWP does not allow UAC prompt.

    Regards,

    Jaime

    Tuesday, August 22, 2017 6:40 PM