I have an angular js application, which is working perfectly fine in IE/Chrome. But i see that in Microsoft Edge browser it is opening the web portal, but on clicking other pages which requires windows authentication, it is not showing the credential window pop-up. "HTTP401: DENIED - The requested resource requires user authentication." Console error is displayed. Whereas this is working as expected in other browsers like IE/Chrome. web.config file is used for enabling user authentication for few pages in a web portal application. Does anyone know why Edge is behaving different?
Related
I have a Blazor WASM app with Azure AD Authentication. I use Visual Studio as IDE and use Browserlink to test before deploying to Azure App Service.
This morning (was fine yesterday) when I try to use the Browserlink "View in Browser", the website comes up properly in localhost, but when I click the Login button, the microsoft authentication window (pop up) flashes up and then disappears and I can't see it or get to it in any way.
I deployed the exact same current application to Azure App Service and the authentication window comes up as expected with no issues. I do have the localhost address in the Azure portal under the App registrations authentication section and am using https for all calls.
Not sure what else to check. Appreciate any help, thank you.
Please check if it was the issue with Internet explorer as there are known issues with pop-up windows on Internet Explorer.
During sign in, to acquire tokens using MSAL.js, the library first attempt a silent token request using the acquireTokenSilent method and checks the cache in browser storage to see if a valid token exists and returns it.See if it is not clearing the cache and has azure AD Session is found already which may not redirect or pop up for login.
If no valid token is in the cache, it sends a silent token request to Azure Active Directory (Azure AD) from a hidden iframe . However, if no valid Azure AD Session exists, silent token request fails and user can be either provided with a login popup or redirect.
In your case, at the first launch of the application, when no valid token in the cache or valid Azure AD Session is found, silent token request fails and you are presented with the login popup but subsequent logins work without login popup.
Pop up and redirect
I still have no idea what was going on. I had tried the hard refresh and empty cache option as well as a reboot.
It seems to have fixed itself as today was fine. Thank you for your responses.
I am using capacitor 3.0 to build a native iOS app with React.
The app's user is expected to login first.
I want the user's login to be handled by Microsoft Azure ActiveDirectory B2C and followed this tutorial to set this up:
https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-react
Furthermore, Microsoft offers a Microsoft Authentication Library (MSAL, https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/login-user.md), which for a login redirects to a screen managed by microsoftonline.com to take the username and password. This is a standard login interface by Microsoft, which can be custom-branded but I have not made that change. Just using the standard MS UI.
This redirect works fine in a Web/desktop browser as it opens the Microsoft login screen within the same page without opening a new browser window.
However, when accessing the login from within the Capacitor built iOS app, the user is taken to an external browser for the login, which breaks the user experience.
Any ideas on why capacitor launches a browser for login when this is not the case with the regular React web browser (non-Capacitor)?
We are having problem with ADAL redirect authentication in MS Team Desktop client recently.
We have a custom Teams app package (Team Tab) to display a page on our application server. The page uses ADAL JS library to get Graph token to access One Drive. Since the page is displayed in iframe and will be used in Teams desktop client, we use page redirect authentication in ADAL. From debug console, we can see the issue happened when ADAL sent request to “login.microsoftonline.com”(login_hint parameter is used to specify current user account). The flow stopped with error saying the “login.microsoftonline.com” can’t be displayed in iframe. In the past, “login.microsoftonline.com” simply redirected the browser to the specified redirect URL and auth flow completed without any problem.
Our application server has implemented SSO with Azure. Implicit auth flow is used to get the token. The issue only happens in Teams desktop client, we use ADAL popup (not supported in desktop client) to get token in browser. The flow was working before April. Seems to me that something has changed recently at the Microsoft login page.
Just wondering if anybody has the same issue. Any suggestions will be appreciated.
Have you looked at using Teams SSO, which uses MSAL, instead of ADAL? See here for a sample: https://github.com/pnp/teams-dev-samples/tree/master/samples/tab-sso
I'm currently try to develop an Office web addin, integrated in the Outlook (Read and Compose).
Everything works fine, except the authentication process.
Indeed, We have to authenticate the user from within Azure AD to access another application (our own application using the Azure AD Architecture where we need to call some web apis)
The solution I used is issued from this great article from Richard diZerega :
Connecting to SharePoint from Azure web app
This solution (we opt for the last scenario) works fine in our Desktop and Web based solution.
But it clearely doesn't work in phone web app , IOS app.
The problem comes from the popup Windows allowing the user to log in.
Actually, window.open, window.location.replace etc ... don't work "as expected" in our Outlook frame.
Everytime it open a popup window. (This is a good solution when the user use the desktop or web Outlook application)
I remember read somewhere that the Office Window where the plugin is loaded, is a secured Window where we can't do any sort of redirection.
I tried to work with ADAL.js, enabling the implicit flow of course, but the problem is the same. We need to redirect the frame to the Azure AD login page.
Finally, the question is : How to deal with an OAuth2/OpenID authentication in an Outlook web addin, and when we want it to work with all kind of devices ?
Login in Adal.Js is a page redirect by default. You don't have pop up issue. Adal.Js gets idtoken initially to be used for your own back end. It also does iframe requests to get access tokens for API endpoints. Office365 APIs support CORS api requests and you can use adal.js to send requests. Tokens will be attached to the requests if you define the endpoints in the config.
You can read about examples here: https://blogs.office.com/2015/03/06/increasing-opportunities-javascript-developers-office-365-platform/
or here : http://www.andrewconnell.com/blog/adal-js-cors-with-o365-apis-files-sharepoint
Is it possible to get Silverlight ASP.NET Forms authentication working on IIS?
I followed sample http://blogs.msdn.com/b/brada/archive/2008/05/03/accessing-the-asp-net-authentication-profile-and-role-service-in-silverlight.aspx and it works on ASP.NET Development Server but when hosting on IIS I get Error: "You are not authorized to view this page due to invalid authentication headers.".
Any success out there?
I can help you get rid of this ""You are not authorized to view this page due to invalid authentication headers"." error. You need to enable Anonymous authentication on your deployed application. That's it.
But Enabling forms authentication along with anonymous authentication is what I am looking for. Point is that I need to get users download my .xap which requires anonymous authentication but once .xap is downloaded in user's silverlight player, it wants to use forms authentication for log in. Multiple authentication at once doesn't seem to work for me. If you know anything in this regard, let me know please.