问题
I'm trying to create a new VPN profile in a universal windows app. I am using this api.
There are two documented ways to do that. AddProfileFromXmlAsync and AddProfileFromObjectAsync. Unfortunately for me none of them work correctly.
When I'm using AddProfileFromXmlAsync I get all the time error AccessDenied. I saw on this thread that somehow it could be related to bad xml syntax but I get the same error also when I am using the exact xml in the Microsoft example.
AddProfileFromObjectAsync works fine if you provide only the ProfileName. Otherwise it fails with error Other. This is not enough for me because I need also the configure the NativeProtocolType property. Before I am trying to add the new profile I am checking to see if the profile already exists so for sure I am not getting error Other because the profile already exists.
I am adding these capabilities to my app manifest:
<Capabilities>
<Capability Name="internetClient" />
<Capability Name="internetClientServer" />
<Capability Name="privateNetworkClientServer" />
<rescap:Capability Name="networkingVpnProvider" />
</Capabilities>
Does anyone have any idea what could be the problem?
回答1:
This is a working sample atleast on 15063 (Note that there was a bug in the Anniversary update which was causing the API not to work so either try with 15063 or make sure you have all the updates on the Aniversary update)
// Install key and cert
await
CertificateEnrollmentManager.UserCertificateEnrollmentManager.ImportPfxDataAsync(PEMKey,
Password,
ExportOption.NotExportable,
KeyProtectionLevel.NoConsent,
InstallOptions.None,
"Test VPN");
VpnNativeProfile profile = new VpnNativeProfile();
profile.AlwaysOn = true;
profile.NativeProtocolType = VpnNativeProtocolType.IpsecIkev2;
profile.ProfileName = "Test VPN";
profile.RememberCredentials = false;
profile.RequireVpnClientAppUI = true;
profile.RoutingPolicyType = VpnRoutingPolicyType.ForceAllTrafficOverVpn;
profile.Servers.Add(Constants.ConcentratorDNSName);
profile.UserAuthenticationMethod = VpnAuthenticationMethod.Eap;
profile.EapConfiguration = File.ReadAllText("profile.xml");
VpnManagementAgent agent = new VpnManagementAgent();
await agent.AddProfileFromObjectAsync(profile);
VpnManagementErrorStatus status = await agent.ConnectProfileAsync(profile);
Sample EAP XML configuration can be found @ https://docs.microsoft.com/en-us/windows/client-management/mdm/eap-configuration
Also Unfortunately the the XML in the VPNv2 CSP is different from the one in the API. Additionally on checking internally at Microsoft there seems to be a bug with the AddProfileFromXMLAsync causing it not to work.
来源:https://stackoverflow.com/questions/47225039/uwp-cant-create-a-new-vpn-profile