0

according to my research, UWP-hosted apps should be able to use the current user to authenticate at webservices / webpages, if the following is true:

Capabilities:

  • Enterprise Authentication
  • Private Network (Client&Server)
  • Internet Client

However - I experience the following:

  • If I disable anonymous authentication on the webpage:
    • The Hosted-App tries to load the page, gets a 401 (with "WWW-Authentication: Negotiate and WWW-Authentication: NTLM) and then.....just sits there and does nothing (no login dialog, no error, just displays the splash-screen)
  • If I enable anonymous authentication, but [Authorize] my controllers:
    • The initial page loads OK (of course...there is no authentication)
    • The first calls to a webservice will show the login-dialogue, subsequent calls are OK.

So - my questions:

  • is what I want (automatically use the current logged in user for authentication) even possible?
  • If yes - what could be my problem?

Thanks in advance

Johannes Colmsee

Update:

It seems that (all observations I made in the last hour - the following are all "from remote PC connect to host PC"):

  • my Kerberos settings were fucked up (if you install Forefront - it will setup all so that it works, but nothing else....
  • After fixing that - I can connect to the page with "regular browsers"
  • However - if I try it from the UWP-App, this happens:
    • if I use the IP-Adresse - after the first "401" response of the server....nothing
    • if I use the "Hostname" (not the FQDN) - communicates 3 times with server (3x 401) - after this point a dialoge should show up, but it does not.
    • Unfortunately I cannot use FQDN (some name resolving problem idk...)

Both - IP-Adresse and Hostname work fine in "regular browsers". I cannot try out HTTPS right now (browsers I can shut up about certificate problems, UWP-hosted I can't)

Now....some observations from "local-to-local" connection:

  • Hostname: current user is picked up automatically
  • localhost: same
  • IP-Adresse: sits at splash screen

In this scenario I cannot watch the network-traffic (no fiddler or other means).

More Infos tomorrow maybe.

J. Colmsee
  • 3
  • 3
  • Can your current user login successfully? – Nico Zhu Dec 03 '18 at 03:18
  • When I enter my current user in the login-dialog that pops up when I do WebAPI calls - yes. The problem is, that it is not "automatically used" – J. Colmsee Dec 03 '18 at 08:31
  • Your mean that you need to typing user name password each time right? – Nico Zhu Dec 03 '18 at 09:10
  • The first time I do call WebAPI Controller. Subsequent calls will use that user. – J. Colmsee Dec 03 '18 at 16:27
  • If I do "disable anonymouse" authentication", there is no login dialogue, the app simply "gives up" after the 401 response it gets (which seems to be "OK"....the WWW-Authenticate headers sent from IIS seem to be OK) (gives up at loading index.html) – J. Colmsee Dec 03 '18 at 16:28

1 Answers1

0

I have some more Information on this Problem - it might help others to fix their Problems - so, I add it as an extra entry instead of updating.

After some Investigation - I found out, that also Edge has problems loading the pages.

this thread has some Information to Workaround / fix the issue:

https://social.technet.microsoft.com/Forums/de-DE/0face535-3c7a-4658-be34-6c376322ca34/microsoft-edge-cant-open-local-domains?forum=win10itpronetworking

for me - what worked was putting the page into "trusted sites" list - after that - Edge did load the page.

About the "automatically use current user" thingy - again - test it with Edge - if Edge does not use it, neither your app will.

For me - Opening the page with "just the Computer Name" (vs. FQDN) did use the "current user" for both - Edge and UWP-App.

Maybe one could configure it in a way that FQDN would also use the "current user" automatically.

More Information might follow.

J. Colmsee
  • 3
  • 3