Is there any way to bring one application from default desktop to custom desktop?
For example, CredentialUIBroker.exe(microsoft service) is always appear in default desktop(Winsta0\default).
I want to make this to appear in programmatically created new desktop.
Can you suggest a solution for this?
Is this a continuation of the issues discussed in https://docs.microsoft.com/en-us/answers/questions/647721/windows-security-popup-not-shows-in-secure-desktop.html?
Yes, it is a continuation of the issue.
In our context: sample application and related WebView2 processes are created as a parent-child hierarchy, where windows security dialog, which is created under CredentialUIBroker.exe, is not a child process of our application, but is a child of windows service(winint.exe).
It seems that you are using WPF (webview2) according to the link. May I know which C++ application you are using?
Details of the issue is discussed in https://docs.microsoft.com/en-us/answers/questions/647721/windows-security-popup-not-shows-in-secure-desktop.html.
I have two application, one is a WPF application for loading and initializing WebView2 processes and the second one is a C++ application for creating a new desktop and launching the WPF application in that new desktop.
The WPF application shows browser login and when we click login with security key option, the OS popup for security key insertion is not shown in new desktop. Instead the popup appeared in the previous desktop.
Windows security dialog appeared as part of WebAuthN::AuthenticatorMakeCredential() call from WebView2, and it came as child process of Credential Manager UI Host/CredentialUIBroker.exe.
When analyzed with process explorer WebView2 testapp and WebView2 runtime processes are started in custom desktop, but CredentialUIBroker.exe started in default desktop.
As mentioned above, sample application and related WebView2 processes are created as a parent-child hierarchy, where windows security dialog, which is created under CredentialUIBroker.exe, is not a child process of our application, but is a child of windows service(winint.exe).
Thank you for taking the time to report this issue. However, this problem is more related to CredentialUIBroker , and I haven't touched on the security key.
In my Windows 10 21H1 system CredentialUIBroker.exe is identified as a local server under several AppID keys the registry (64-bit and 32-bit). You can also see it using the component services tool in DCOM config.
One of the registry values that appears under several of the AppID keys is for a value named AppIDFlags. According to https://docs.microsoft.com/en-us/windows/win32/com/appidflags "If the APPIDREGFLAGS_ACTIVATE_IUSERVER_INDESKTOP flag is set in the AppIDFlags value, COM will either bind to, or launch and bind to, the server process running in the client's desktop and the session in the activation request. For example, if the client is running "winsta0\desktop1" in session 3, the activation request for session 3 will either bind to, or launch and bind to, the COM server in "winsta0\desktop1" in session 3, even if an instance of the COM server is already running in "winsta0\default" in session 3."
I'm guessing that this flag might be the answer to the wrong desktop issue. However, I have not tested it and cannot advise exactly which of the several AppID keys for CredentialUIBroker.exe is applicable in your circumstance. Should you choose to modify the registry to set this flag I strongly suggest testing thoroughly (a virtual machine would be helpful) and with appropriate backups available.
Thank you for the reply.
First of all we have no permission to edit/update AppIDFlags value of CredentialUIBroker.exe, only TrustedInstaller has it. I tried by overriding the permission to set APPIDREGFLAGS_ACTIVATE_IUSERVER_INDESKTOP flag value.
I saw many occurances of CredentialUIBroker appid in locations such as: HKEY_CLASSES_ROOT, 64-bit and 32-bit locations. By changing HKEY_CLASSES_ROOT location CredentialUIBroker AppIDFlags value itself modify values in other location also.
But security dialog didnt show up this time in default and custom desktop aswell. Any thoughts ?
I don't know how you changed the registry. However, my idea was to set the flag that I mentioned. That means that you need to be careful not to replace the prior registry values in their entirety.
21 people are following this question.
