Welcome Guest Search | Active Topics | Sign In | Register

Trouble getting Windows Integrated Authentication to work with EO.WebBrowser Options
Christoph
Posted: Friday, October 9, 2020 1:02:39 PM
Rank: Newbie
Groups: Member

Joined: 10/9/2020
Posts: 1
We are unable to get Windows Integrated Authentication as Single Sign On in Windows Forms using EO.WebBrowser to work. We are using a combined scenario with IdentityServer4 and ADFS on Windows Server 2019 both are using OIDC to communicate with each other.

The authentication works in Firefox Developer Edition 82.0b5 and Google Chrome 86. We needed to initially provide credentials. But since then it works in both Browser, even after closing and restarting them. If I delete Chromes cache I need to provide credentials again but subsequent requests are automatically authenticated.

But using EO.WebBrowser (version 20.2.63) every time we start our application we get the login prompt. Once the required credentials are provided the authentication works. Every subsequent attempt works until the application was not closed. But in our application the user usually authenticates only once so we cannot profit of that circumstance. So unfortunately, every time our application is started the user gets the login prompt. In best case our users wouldn’t need to authenticate at all or only once. But our users shall not be required to enter their credentials each time the application is started.

We already tried to pass several Extra Chromium Arguments (see example code below) and passing Windows Identity into Engine.Start (see example code below). But it appears that EO.WebView is still unable to pass the required information for Windows Integrated Authentication to our ADFS so that we could get authenticated.

Is there any way to persist the information, after successful Authentication on our ADFS, so that it could be used beyond a stop of the Engine again on subsequent starts of our application?

Are we doing something wrong, why the required information cannot be transmitted? Or are we missing something?

Is there any documentation or samples about using EO.WebBrowser for Authentication via Kerberos/NTLM/Windows Integrated Authentication?

We searched through your forum, but while we found users that had the same or at least similar problems none of the provided feedback or solutions did work for our case.

Example Code:

Code: C#
Designer
....
this.loginBrowser = new EO.WinForm.WebControl();
this.loginView = new EO.WebBrowser.WebView();
this.loginBrowser.WebView = this.loginView;
....


....
var _engine = Engine.FromName(name, true);
_engine.Options.CachePath = Path.Combine(Environment.CurrentDirectory, "cache");
_engine.AllowRestart = true;
_engine.Start(WindowsIdentity.GetCurrentIdentity());
_engine.Options.ExtraCommandLineArgs = "--auth-server-whitelist=\"*.domain.local\" --auth-negotiate-delegate-whitelist=\"*.domain.local\"";
....


private void LoginForm_Load(object sender, EventArgs e)
{
	loginView.Engine = _engine;
    loginView.LoadUrlAndWait(LoginUrl);
}




eo_support
Posted: Friday, October 9, 2020 5:40:06 PM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,217
Hi,

I am not exactly sure about your entire setup however the ADFS and OIDC part should work with some kind of browser persistent mechanism, typically a cookie. The cookie is only issued by your authentication server and is saved in the browser's cache folder. So the first thing you will want to check is whether your cache folder is cleared/changed after your application restarts. You can check the cache folder using the following code:

Code: C#
string cachePath = webView.Engine.CachePath;


Your code to set the WebView's Engine is not correct because it is set too late. As a test, after you set webView.Engine you can check the property's value again to see if it is the same value you set. If it is not, then it was set too late and the new engine has not been used. In that case you can try to set the Engine in the Form's constructor after InitializeComponents has been called.

You can also display all the Engine/WebView list using the built-in debug UI. You can simply call WebView.ShowDebugUI() in your Program's Main method before you creating the first form:

https://www.essentialobjects.com/doc/webbrowser/advanced/debug.aspx#debug_ui

You can then examine the WebView's cache path to see if it is always the same and whether the contents have been cleared.

Thanks!


You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.