I need to create a Chrome extension that will allow us to get the user's credentials so that he will be automatically loging into the intranet (heavily-modified Wordpress).
I know for sure that Firefox can access Registry and AD credentials, but with the erratic updates and extensions that are constantly disabled by those, we can't afford to manually check every time firefox has an update.
I've searched on Google and so far I haven't found any answer. I've checked on Google labs and also on the Chrome extension store to see if there was a similar extension, but I found nothing either.
I've seen ADM released by chrome but this is for network administrators who want to centralize settings.
Any one has a clue on this?
This is not well documented, but after some research I found that this capability is built into Chrome. All you need to do is add the Wordpress site to the "Intranet" zone on a Windows PC.
The setting is accessible from Chrome (even though it is a Windows setting):
Settings/Advanced/Change Proxy Settings/Security/Local Intranet/Sites
Related
I have a project using React but the component WebCam that works perfectly in all browsers locally; but when tested in a server, doesn't show the permits pop-up to allow the use of the camera.
I don't think the code is the problem. Instead some security on the browsers. I tried to give permissions directly to the site on Chrome and I can't change it. And is not blocked, on either browser.
Some other considerations:
I haven't install any ssl certificate, is just a small testing server to play, so I wasn't thinking to install them for the moment.
could this be the problem?
The getUserMedia API requires you to serve the page over HTTPS (or on localhost). So if you haven’t set that up, that is why it’s not working in production.
See the Security section of this documentation for more details: https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia#security
We configured our Azure AD application registration to use “Conditional Access” restrictions to lock down the application to machines that are registered to the domain. Unfortunately, in order to successfully authenticate with Conditional Access enabled on chromium based browsers, a browser extension is required
There is quite a bit of documentation around this on Microsoft’s website
• Conditional Access require managed device - Azure Active Directory | Microsoft Docs
• Conditions in Conditional Access policy - Azure Active Directory | Microsoft Docs
when the user trying to log in with cefsharp browser control we see the following error. Tried enabling the browser extension did not help
Sadly CefSharp will not work with Device Management policy.
To prove device identity on Windows, the Windows broker (WAM) needs to intercept the network traffic and inject the device id. The following browsers are supported: Edge, old IE, Chrome with Windows Accounts extension and I'm not sure about Firefox.
Since CefSharp is based on Chromium but does not have the extension (and, afaik, there is no way to install it), WAM cannot inject the device ID in the requests made to AAD.
Possible workaround:
use WebView2 SDK on Windows, which is based on Edge, which is also based on Chromium... At the time of writing, Mac support is planned but not released.
And use Cef on Mac and Linux.
Due to the nature of this issue and complexity behind it, I had to migrate off CefSharp to use the new WebView2 browser component until there is a supported approach released for CefSharp and other third-party browsers to inject logic like the code below. The EdgeWebView2 works by enabling the SSO flag get_AllowSingleSignOnUsingOSPrimaryAccount
C# .NET example code below using the EdgeWebView2 browser component (as of writing this is the only way I know to defeat the authentication message "You can't get there from here"):
CoreWebView2EnvironmentOptions envOptions = new CoreWebView2EnvironmentOptions()
{
AllowSingleSignOnUsingOSPrimaryAccount = true
};
CoreWebView2Environment env = CoreWebView2Environment.CreateAsync(options: envOptions).Result;
webview.EnsureCoreWebView2Async(env);
webview.Source = new Uri("https://portal.azure.com/");
My team is in the process of developing an Office 365 add-in, specifically to enable interaction with a hosted web application, and we're encountering a "Permission needed / Bad Request" error that we can't seem to pin down.
Context:
Developing and testing the add-in involves configuring an Azure Active Directory v2 application via the management portal as well as (for development purposes) creating an xml manifest file (which is for v1 apps as opposed to the json format for v2) that can be side-loaded via the O365 interface to provide access to our hosted app (currently only xml manifests can be side-loaded). We're still very much in the process of figuring things out in Office 365, as well as Azure/Active Directory and Microsoft Graph, and the documentation is fairly broad and doesn't always seem to be up to date.
Problem Description:
One of the problems that we're run into occasionally is encountering a "Bad Request" dialog message (in a browser dialog titled 'Permission needed') that is displayed when clicking the toolbar icon for our add-in. The actual URL being requested is similar to https://store.office.com/client/consentnotification.aspx with a number of parameters representing our application and it's required permissions. This results in an HTTP 400 with "Bad Request" being the only response content.
This is happening when the user clicks on our add-in in the O365 application toolbar and is occurring at the point where the user would have to authorize permission for the add-in.
This error seems to be related to the application configuration, but we can't seem to sort out how specifically (ie, some developers are encountering it, and others are not. Sometimes it'll show up if we recreate the Azure Active Directory application using one version of portal or another (there are currently two, with the v2 version being in preview).
Can anyone offer suggestions as to what might be causing this or provide information on why this might be occurring? We're not blocked, but it is rather annoying to deal with in development. I've done a fair bit of research trying to sort out why this is happening and I've gone through a number of tutorials/introductions on configuring Azure apps without success.
This turned out to be related to the Azure Active Directory Application configuration.
For the applications where this was occuring, the AADv2 application manifest was using a "signInAudience" value of "AzureADMyOrg". For cases where it was working as expected (ie, properly populating the permission request dialog) the "signInAudience" was set to "AzureADandPersonalMicrosoftAccount".
After some testing, the solution for our particular problem seemed to be either manually editting the AADv2 application manifest (json) to have "signInAudience": "AzureADandPersonalMicrosoftAccount", or via the Portal by setting the Application's Authentication Supported Account Types setting to be "Accounts in any organizational directory" (this results in a manifest setting of "signInAudience": "AzureADMultipleOrgs" which also seems to work).
I am trying to use ngMap in my application but it gives this error on internet explorer 11:
"0x80070005 - JavaScript runtime error: Access is denied."
But it works in google chrome without any errors. How can I fix this error?
Found this on Microsoft support docs:
"You may receive an "Access Denied" or a "Permission Denied" scripting
error message when you browse a secure Web site that contains multiple
frames"
CAUSE
This issue occurs because Internet Explorer does not correctly
evaluate Internet security zones before it finishes processing the
.pac file. When this occurs, Internet Explorer may assign a URL to an
unexpected zone.
WORKAROUND
To work around this issue, add the Web site that is affected to the
Trusted sites security zone in Internet Explorer. To do this, follow
these steps:
1. Start Internet Explorer.
2. On the Tools menu, click Internet Options.
3. On the Security tab, click Trusted sites, and then click Sites.
4. In the Add this Web site to the zone box, type the URL of the Web site that is affected, and then click Add.
5. Click OK. Note You can also configure Internet Explorer settings by using Group Policy. F
Also, try if this problem persists in other browsers like Chrome and Firefox
I am working on a Sharepoint 2010 site. I am testing my site behaviour on IE 11.
When I log on to my site I am getting a security prompt about allowing 'npctrl.dll' which is 'Microsoft Silverlight' add-on file. This message appears on every page. This is causing bad user experience.
When I allowed npctrl.dll on one of the pages, It showed me next security prompt with following message: This webpage Wants to run 'Microsoft Silverlight' which isn't compatible with Internet Explorer's enhanced security features.
I read somewhere that this prompt is coming due to enabled enhanced protected mode in IE11 browser.
Please let me know if it can be solved by any work-arounds.
Thanks in advance. Any help will be appreciated.
Silverlight is a legacy plugin which is no longer actively developed. As a consequence, it does not support running inside Enhanced Protected Mode's AppContainers. EPM is a security feature first introduced in IE10 and enabled by default in the desktop for IE11.
Microsoft has indicated that they're "looking at" possibly updating Silverlight to work in EPM but given that the team was effectively dissolved years ago, I wouldn't hold my breath.
The simplest workaround for this issue is to place the sites in question in Internet Explorer's Trusted Zone, which runs outside of EPM.
The long-term workaround for this issue is to migrate away from Silverlight in the browser; either replace the site with an app that runs outside the browser, or move to HTML5.