READ_EXTERNAL_STORAGE is always denied on Android 13 device - android-13

My application targets api level 32. When running on Android 13 device, ActivityResultContracts.RequestMultiplePermissions() always returns PERMISSION_DENIED even if the user presses on "Allow".
Also, when checking in settings->app->permissions, the IMAGE, AUDIO and VIDEO permissions get granted.
The documentation clearly states that applications targeting api level < 33 should continue asking for READ_EXTERNAL_DEVICE, and the IMAGE, AUDIO and VIDEO will be granted automatically
Tried allowing READ_EXTERNAL_STORAGE permission.
Expected to open Gallery.
Actually, permission was denied.

Apparently, From android 13 and beyond You need to put permissions for READ_MEDIA_VIDEO,READ_MEDIA_IMAGES,READ_MEDIA_AUDIO, not Just requesting READ_EXTERNAL_STORAGE will work alone, won't even show in the permission page in the settings
<!-- Required only if your app needs to access images or photos
that other apps created. -->
<uses-permission android:name="android.permission.READ_MEDIA_IMAGES" />
<!-- Required only if your app needs to access videos
that other apps created. -->
<uses-permission android:name="android.permission.READ_MEDIA_VIDEO" />
<!-- Required only if your app needs to access audio files
that other apps created. -->
<uses-permission android:name="android.permission.READ_MEDIA_AUDIO" />
<!-- If your app doesn't need to access media files that other apps created,
set the "maxSdkVersion" attribute to "28" instead. -->
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"
android:maxSdkVersion="32" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"
android:maxSdkVersion="29" />

Related

Google Play Permissions compliance

We have Xamarin Android App for an Airline, the core use of the app is for Booking and Purchasing ticket, recently we have added new functionality which allows customers to pay with USSD Option, and purchase their ticket. While uploading the app to play store. it is asking us to select the Core functionality of the app.
among the lists which core functionality do I have to select?
we have added the below permissions on manifest
<uses-permission android:name="android.permission.CALL_PHONE" />
<uses-permission android:name="android.permission.CALL_PRIVILEGED" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-permission android:name="android.permission.MODIFY_PHONE_STATE" />
<uses-permission android:name="android.permission.PROCESS_OUTGOING_CALLS" />
If you have SMS-based fincancial transactions, that's the option you should select.
It's not a matter of what you choose that will get your app selected or rejected either way.

push notification not receiving when app is closed in xamarin.forms

I have implemented push notification in my xamarin.forms app.
I used gsm notification in android and for IOS used plugin.
that works fine when app is in foreground or background.but if i close(kill) app then don't receive notification.
any one have idea about this.
please help.
thank you.
Did you added permissions
iOS:
info.plist
<key>UIBackgroundModes</key>
<array>
<string>voip</string>
<string>fetch</string>
<string>remote notification</string>
</array>
Android:
Manifest file:
<uses-permission android:name="android.permission.WAKE_LOCK" />
<permission
android:name="co.my.packagename.permission.C2D_MESSAGE"
android:protectionLevel="signature" />
<uses-permission android:name="co.my.packagename.C2D_MESSAGE" />
<uses-permission android:name="com.google.android.c2dm.permission.RECEIVE" />
<uses-permission android:name="android.permission.VIBRATE" />
And once deploy application using release mode then try

Alfresco Login with google credentials

I want to login into Alfresco Dashboard with google credentials. I have seen a sample application below.
https://github.com/gdepourtales/share-oauth-sso
but it is not working for me.
I am using Alfresco 5.0 enterprise version.
I have downloaded the project and i have followed all the steps
I have build the project which was mentioned and deployed the jars.
I have added below snippet in web.xml file
<filter>
<description>Oauth Authentication Support</description>
<filter-name>OAuthAuthenticationFilter</filter-name>
<filter-class>ch.gadp.alfresco.OAuthSSOAuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>OAuthAuthenticationFilter</filter-name>
<url-pattern>/page/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>OAuthAuthenticationFilter</filter-name>
<url-pattern>/p/*</url-pattern>
</filter-mapping>
I have added the below configuration in share-config.custom.xml file
<config evaluator="string-compare" condition="OAuthFilter"> <!-- the condition must always be OAuthFilter -->
<repository>
<!-- The host of the Alfresco repository webapp -->
<host>localhost</host>
<!-- The port of the Alfresco repository webapp. Put 80 for standard HTTP-->
<port>8081</port>
<!-- The protocol to access the Alfresco repository -->
<protocol>http</protocol>
<!-- The API access URI. If you use standard Alfresco, this should not change -->
<api>/alfresco/service/api</api>
<!-- The admin user who is able to create new users -->
<admin>admin</admin>
<!-- The password of the admin user -->
<password>admin</password>
<!-- The unique password for all users authenticated with OAuth. Choose one very complicated :) -->
<user-password>gotpxdKFjA_uxzG5SdGu</user-password>
<!-- The domains for which incoming user should be restricted to. If blank, any valid email will be accepted -->
<user-domains>nxc.no</user-domains>
</repository>
<oauth-api>
<!-- The key of your API application -->
<key>my key</key>
<!-- The URI from which get the user profile informations -->
<uri>https://www.googleapis.com/oauth2/v1/userinfo</uri>
<!-- The secret of your API application -->
<secret>my secret</secret>
<!-- The scope(s) for getting data -->
<scope>https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email</scope>
<!-- This is a constant and my be different in future releases -->
<name>GoogleApi</name>
</oauth-api>
</config>
and i have started the server but I am not seeing any change.
How I can Know the process of user login to the dashboard.Because everything written in alfresco is a web-script how can i make a google user to login into Dashboard.
Any answer will help me a lot Thank you!.
You can extend the following project - https://github.com/FlexSolution/SocialLogin. It uses oauth2 to login Alfresco by using LinkedIn account
The video how it works is available on youtube - https://www.youtube.com/watch?v=4dpueBkL-Jo&index=5&list=PLjxSLwMQLhLifbIIC5qkVio8VoakzncXg
You'd want to use Google2Api these days. Also prompt setting is missing in your config.
<!-- This is a constant and my be different in future releases -->
<name>Google2Api</name>
<!-- Whether to re-prompt the user for consent -->
<prompt>auto</prompt>

VS 2013 / IIS Express - serve site from localhost:port/myapp instead of localhost:port

In prod my site (mvc5) is hosted on https://company.no/myApp/ where myApp is an Application on IIS.
In dev my site is hosted on IIS Express on http://localhost:54307/
As this causes some truble with server relative paths I would like to also do my debugging on http://localhost:54307/myApp.
This is what I've tried:
Setting project url in property pages to http://localhost:54307/myApp and clicking Create Virtual directory
Tried the override application root with or without the myApp url.
Tried modify the applicationhost.config. Currently my setting looks like this:
<site name="MyApp.Web-Site" id="38">
<application path="/" applicationPool="Clr4IntegratedAppPool">
<virtualDirectory path="/" physicalPath="C:\Projects\OP\MyApp\Main\src\MyApp.Web" />
</application>
<application path="/MyApp" applicationPool="Clr4IntegratedAppPool">
<virtualDirectory path="/" physicalPath="C:\Projects\OP\MyApp\Main\src\MyApp.Web" />
</application>
<bindings>
<binding protocol="http" bindingInformation="*:54307:localhost" />
<binding protocol="https" bindingInformation="*:44307:localhost" />
</bindings>
</site>
When I try to open page from the myApp folder I get the follownig error:
Module IIS Web Core
Notification BeginRequest
Handler Not yet determined
Error Code 0x800700b7
Config Error Cannot add duplicate collection entry of type 'add' with unique key attribute 'name' set to 'WSFederationAuthenticationModule'
Config File \\?\C:\Projects\OP\MyApp\Main\src\MyApp.Web\web.config
Requested URL http://localhost:54307/MyApp
Physical Path C:\Projects\OP\MyApp\Main\src\MyApp.Web
That indicates web.config loaded twice. Any idea what I'm doing wrong?
Thanks for any help
Larsi
I hear you with IIS Express causing problems with server relative paths. You can set this up with a couple steps that don't include manually editing your applicationhost.config. I try to avoid editing the applicationhost.config manually, it seems to cause more problems than it solves. I would remove the website from your local IIS to clear out any of that stuff and then do the steps below:
right-click on your web project and select properties.
Click on the "Web" menu
change the dropdown to Local IIS and enter the URL you would like the app to resolve to then click create virtual directory, save the file and build.
You can still debug without the port number, the debugger will just attach to this new website in your local IIS instance as long as you have a debugger option checked on the web tab.
open your local IIS and make any other configurations that are required for your app to run (Authentication, Application Pools, etc.).
open your browser and navigate to http://localhost/YourAppName
since this is a website as far as your local iis is concerned, you can hit it anytime in a browser without needed Visual Studio running.

Application's AppPool permisions on parent Site folder structure

ApplicationHost.config Context
<!-- App Pool -->
<add name="Site - Intranet" autoStart="true" managedRuntimeVersion="v4.0" />
<add name="App - App1" autoStart="true" managedRuntimeVersion="v4.0" />
<add name="App - App2" autoStart="true" managedRuntimeVersion="v2.0" />
<!-- Site -->
<site name="Intranet" id="1" serverAutoStart="true">
<application path="/" applicationPool="Site - Intranet">
<virtualDirectory path="/" physicalPath="D:\Web\Sites\Intranet" />
</application>
<application path="/Apps/App1" applicationPool="Application - App1">
<virtualDirectory path="/" physicalPath="D:\Web\Apps\App1" />
</application>
<application path="/Apps/App2" applicationPool="Application - App2">
<virtualDirectory path="/" physicalPath="D:\Web\Apps\App2" />
</application>
</site>
As you can see, I have one Site with its own 4.0 CLR app pool and identity, which hosts two separate Applications, each with their own app pools and identities. All three are sandboxed into separate file system locations.
NTFS Permissions for AppPoolIdentity Accounts
Permissions must be given to each AppPoolIdentity on its respective folder (ex. IIS AppPool\Site - Intranet needs Read/Execute permissions on D:\Web\Sites\Intranet).
At this point, Application App1 should not be able to read/execute files in it's parent Site's physical folder structure. And vice versa, the hosting Site Intranet should not be able to read/execute files within App1's physical folder structure. Am I understanding that right?
When I visit a child application (ex http://intranet/apps/app1) I get a server error stating that it cannot read the parent Site's web.config file due to insufficient permissions.
If I grant the Application's identity account read/execute permissions on the parent Site's physical folder structure (ex. IIS AppPool\App - App1 access to D:\Web\Sites\Intranet) the issue is resolved.
Question(s)
Why does the child Application need to read web.config or any other files from the parent site?
Note: My parent site's web.config is already breaking child app/vdir inheritance using the <location path="." inheritInChildApplications="false"> technique.
Given that this identity account has by nature Write permissions on many folders - IIS AppPoolIdentity and file system write access permissions - doesn't this introduce a security risk? For instance, couldn't any child application now potentially write to the parent Site's App_Data folder or elsewhere?
For #1, child folders/apps inherit the web.config settings of their parent folders by default. I would assume that ASP.NET doesn't check your element before trying to access those parent web.config files. Makes sense to me though it's not what you would want.
For #2, not too sure there. If your app pool identity is a member of users (as your references answer states) then it does have read access to lots of places, but not write to too many. I wouldn't go by what the questioner says there. Not sure about the child writing to parent folders. You should be able to block that with appropriate file system permissions (keeping in mind whatever groups your app pool identity is a member of). I've never had this config so I'm not sure.

Resources