maui
maui copied to clipboard
dotnet
SecureStorage doesn't work on Mac
Description
Welll is not working on Mac
I have try to add entitlements.plits in MacCatalyst folder Didnt help...
How to use
SecureStorage.SetAsync,
and
SecureStorage.GetAsync
if its not working..
Steps to Reproduce
https://github.com/PirasathLuxchumykanthan/IHOS
and run it
In the IHOS/CrossPlatform.BlazorApplication/MainPage.xaml.cs
i have made like a small test work well in iOS,Android and windows but not in mac..
Version with bug
6.0.400 (current)
Last version that worked well
Unknown/Other
Affected platforms
macOS
Affected platform versions
Mac
Did you find any workaround?
No response
Relevant log output
No response
Seems like when i try run the MAUI in mac it does not copy the entitlements.plist
I found out is bigger then just SecureStorage .. the plist missing in iOS and Mac.. well if u run the iOS on windows it will show it work.. but.. hmm
well for real is missing the plist..
For those looking to add entitlements, just use the following in your csproj
<PropertyGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'ios'">
<CodesignEntitlements>Platforms\iOS\Entitlements.plist</CodesignEntitlements>
</PropertyGroup>
Exchange iOS for maccatalyst as needed
@davidbritch is this another one you could help with conceptual docs around using?
@redth Manually adding this to the csproj should not be needed as it is added via the single project targets...
I'll have to check to see if this is an issue with the targets or maybe the ios SDK is losing it...
We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process.
Is there any known workaround that completely works?
.csprojseems to be correct, looks just as what AllanRitchie said.Bundle Signingproperty has thecustom entitlementset to theEntitlements.plist.Entitlements.plisthas the correct xml as per the docs.Build actionis set toNone
Am I missing anything or will this just not work until it is fixed?
I'm having the same issue with Visual Studio 17.5.5 trying to debug a MacCatalyst app on my Mac Mini... but for me it's related to code signing the bundle. If I code sign the bundle, the app doesn't start (the icon flashes.. and then I get a "could not attach to debugger" message), if I don't sign the bundle, the app starts, but SecureStorage doesn't work as it needs the Entitlement (which can't be added without a signed profile)
Suprised but not shocked to see this is an ongoing issue. This is not documentated so here is a full solution to those experiencing this issue:
-
Create a blank entitlements file in your
Platforms/MacCatalystfolder:<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> </dict> </plist> -
Add csproj reference, with code signing (this REQUIRES code signing)
<PropertyGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'maccatalyst'"> <CreatePackage>false</CreatePackage> <CodesignProvision>Automatic</CodesignProvision> <CodesignKey>Mac Developer</CodesignKey> <CodesignEntitlements>Platforms\MacCatalyst\Entitlements.plist</CodesignEntitlements> </PropertyGroup> -
Ensure mac developer provisioning profile exists for your apple developer account, is valid & on your Mac (Testing this in XCode with manual provisioning is significantly easier than using visual studio)
-
Run
Having tested this locally, there is a possibility the app crashes on startup with a nasty apple crash window. The solution is to create a blank macOS app in Xcode, setup the codesigning to match your app above, run the app and accept any codesigning permission prompts. Back in visual studio, this should now work!
As a bonus while you are here, set your mac catalyst app to use app sandbox. This is not enabled by default in Maui but is for swift / object (macOS apps made with Xcode & Apples tooling). There is an open issue discussing why having this enabled by default is a good idea, but it is stale!
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
</dict>
tl;dr;
- create a new signing certificate for "Apple Development" on developer.apple.com
- create a new provisioning profile using new certificate on developer.apple.com
- do not change the app identifier on developer.apple.com if you have an existing app
- manually modify project file using complete names of new cert and new provisioning profile
You are my hero @Axemasta. I've been fighting this problem for 10 days. Your post today saved me. I had such high hopes for Maui after 8 years of fighting Xamarin Forms, but it appears it is more of the same. I'm so tired of this trial and error troubleshooting praying that someone like you has found the solution more than a year after the bug was reported and confirmed.
Additional information for anyone who is struggling with this issue. Despite Axemasta's excellent instructions, it still took me hours to get it working in my own solution.
If you are migrating from Xamarin Forms, you may assume that your certificates and provisioning profiles you already have setup should work. Not true. My existing certificate was setup for MacOS Development. This type of certificate cannot be used to create a Mac Catalyst provisioning profile. You need to create an "Apple Development Certificate" in order to be able to create a "Mac OS" with "Mac Catalyst" provisioning profile. The instructions for doing this were accurate and worked for me. https://learn.microsoft.com/en-us/dotnet/maui/mac-catalyst/deployment/publish-ad-hoc
There is a "Mac Catalyst" "Capability" on the Application "Identifier" (the place where you specify on developer.apple.com what your app can do). You do not need to check this box. It appears this is some type of legacy Mac Catalyst to modern Mac Catalyst flag that doesn't apply to Maui.
In my debugging efforts, in an attempt to not screw up my working Mac certificates and profiles, I created a new Identifier and setup a new provisioning profile using the new app identifier. I then changed the App Id in my Visual Studio solution to match. This created other crash problems. I could not figure out how to change the app identifier of my very large migrated project. Something was cached somewhere or I had mismatch configuration that I could not track down. If you have attempted to use a new app Id, make sure you can run your project with the new ID, before trying to solve the keychain problem. Changing too much at once lead to issues for me and bad assumptions on what was causing crash.
As Axemasta said, getting the provisioning profiles to actually register on your machine can be a struggle. This is nothing new. Using Xcode may work, manually installing may work, using Visual Studio "Preferences" "Apple Developer Account" "View Details" "Download All Profiles" may work.
Verify the Mac knows about your provisioning profile under the Mac's "System Settings" , "Privacy and Security" "Profiles" (at the bottom). That may work.
Finally, the project settings as Axemasta listed above.
<CodesignProvision>Automatic</CodesignProvision>
<CodesignKey>Mac Developer</CodesignKey>
The CodeSignKey is the full name of the certificate used to sign the provisioning profile. For me this was like this (changed to obscure actual values).
<CodesignKey>Apple Development: FirstName LastName (11AABCXC22)</CodesignKey>
Automatic did not work for the CodesignProvision for me. I needed to copy and past in the full provisioning profile name.
Once you setup the project file with these correct values, in Visual Studio, under project properties, Mac Catalyst, Binding Signing ... this tab will now be blank (broken).
I did not go back and check once I got my solution working, but it appears that Visual Studio does not populate the signing certification drop down with "Apple Development Certificates", but instead "Mac OS Development" certificates. This is a big misdirect because as stated above, Mac Catalyst provisioning profiles cannot be attached to Mac OS certs". You need to use and "Apple Development" cert, which was not included in the dropdown (if I remember correctly).
Hopefully this additional information helps someone. I can't guarantee my information and assumptions are 100% correct. After days of struggle, I did not take the time to revert everything on developer.apple.com, and on my Mac keystone, and in my Visual Studio project to guarantee my reproduction steps were all correct and necessary.
Visual Studio Community 2022 for Mac Version 17.6.3 (build 421)
Thanks so much @Axemasta !
Just thinking about what we can still do to make it better here. It seems that this works, but the docs and default template are not helping enough?
For our new version of the templates we have now this to include an Entitlements.plist file by default. And the actual plist file will include the sandbox part for when running as Release.
Obviously we can't setup the rest as that is dependant on your own account and certificates and stuff.
What would help you be more successful in this area still?
I think currently there is a technical solution available to this issue.
The only thing needed is the docs being updated, if you experience this issue before its documented i'd expect people to find this issue and see a solution, so its not a huge priority to fix asap.
I think the entitlements and release sandbox are a good start, I'd argue Debug needs to use sandbox aswell since its made clear the AppDataDirectoy folder on a non sandboxed mac catalyst app is in a public folder (we are all so used to being within a sandbox). I have seen multiple xamarin projects in the past delete all files in the app data directory, the potential for massive damage to your developer machine is crazy given the following code:
var directory = FileSystem.AppDataDirectory;
var folders = Directory.GetDirectories(directory);
I created a folder in my ~Library and was able to delete it from my maui app without being prompted or notified:
It makes me quite uneasy knowing I can damage my mac when debugging a mac catalyst application. I think Mac Catalyst should always be running in a sandbox and developers that require no sandbox can opt into it at their own risk.
A file new cocoa swift app will automatically use Sandbox in Debug & Release modes, so this mirrors the experience of native tooling.
Verified this issue with Visual Studio 17.6.4 (build 454). Can repro on macOS platform with sample project. Android and iOS work fine. IHOS-master.zip
@jfversluis there is more than just a documentation issue here. When you manually set the
This is still an issue with .NET 8 now that it's GA.
I tried the above workaround with the explicit provisioning profile without success.
As soon as I try to add the entitlement, the app does no longer start.
Experiencing the same issue. cannot set or get anything from securestorage, getting Missing Entitlement exception. Can approve that workarounds above do not work for me.
So do we able to use SecureStorage in MAUI or not? If not, then MAUI is not a framework to work with
Just created the provisioning profile in xcode with a similar named xcode project (iOS, remove macOS and add macCatalyst). Using this profile, Securestorage works. This profile is not showing up in my Apple Developer account, however.
Since moving from Xamarin to MAUI I have not been able to access the storage storage on Mac. This seems to be due to a certificate issue as a developer certificate works but a distribution one does not, despite the API I invoke being the same. Does anyone know why this would be the case?
Still facing the same issue.
I added the Entitlements.plist as mentioned above.
<PropertyGroup Condition="'$(Configuration)|$(TargetFramework)|$(Platform)'=='Debug|net8.0-maccatalyst|AnyCPU'">
<MTouchLink>None</MTouchLink>
<CreatePackage>True</CreatePackage>
<EnableCodeSigning>False</EnableCodeSigning>
<EnablePackageSigning>True</EnablePackageSigning>
<CodesignKey>Mac Developer: Andreas xxx</CodesignKey>
<PackageSigningKey>3rd Party Mac Developer Installer: Andreas xxx</PackageSigningKey>
<CodesignEntitlements>Platforms\MacCatalyst\Entitlements.plist</CodesignEntitlements>
<CodesignProvision>Development Maui App Basement</CodesignProvision>
</PropertyGroup>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>$(AppIdentifierPrefix)com.andreasreitberger.xxx</string>
</array>
<key>com.apple.developer.ubiquity-kvstore-identifier</key>
<string>$(AppIdentifierPrefix)$(CFBundleIdentifier)</string>
<key>com.apple.developer.networking.wifi-info</key>
<true/>
<key>com.apple.developer.icloud-container-identifiers</key>
<array>
<string>iCloud.com.andreasreitberger.xxx</string>
</array>
<key>com.apple.developer.icloud-services</key>
<array>
<string>CloudKit</string>
</array>
<key>com.apple.security.application-groups</key>
<array>
<string>group.com.andreasreitberger.xxx</string>
</array>
<key>com.apple.developer.group-session</key>
<true/>
</dict>
</plist>
However, I still get the MissingEntiltement exception when accessing the SecureStorage on MacOS.
I'm using Maui 8.0.40
Any news on this?
