After weeks of testing, we were finally ready to release a first version of our Windows 8 app to our key user. So I created a package and copied all the files on an USB stick to ‘side load’ the application on his machine. After running the Powershell installation script, installing the developer certificate, the moment was finally there. The application started and the main hub was shown.
However the moment, the user started to click around and HttpWebRequests were send out to our backend services, the application failed with the following error message:
Unable to connect to the remote server
An attempt was made to access a socket in a way forbidden by its access permissions
We were clueless why it failed. We tested the application for weeks without any issue. The only difference is that we hosted the backend API somewhere else. Could this cause the issue? We were using a DNS that was mapped differently depending if you connect internally or externally.
The first thing we tried to do, was to add Fiddler into the mix to see what was going on. This made the experience even stranger because suddenly all web calls started to succeed?!
In a desperate attempt, I opened up the Windows 8 manifest and added the capability for Private Networks:
The Private Networks (Client & Server capability provides inbound and outbound access to home and work networks through the firewall. This capability is typically used for games that communicate across the local area network (LAN), and for apps that share data across a variety of local devices. If your app specifies musicLibrary, picturesLibrary, or videosLibrary, you don't need to use this capability to access the corresponding library in a Home Group. Inbound access to critical ports is always blocked. The capability is written in the AppxManifest.xml file as the following code shows:
Afterwards the application worked fine.
Anyone with more insight who can explain why this solved the issue? I’m guessing this is required because the DNS is resolved to an internal network address…
Remark: To validate if my guess was correct, I removed the capability again and this time connected from outside our company network. I started the application and everything was working as expected.