according to my research, UWP-hosted apps should be able to use the current user to authenticate at webservices / webpages, if the following is true:
Capabilities:
- Enterprise Authentication
- Private Network (Client&Server)
- Internet Client
However - I experience the following:
- If I disable anonymous authentication on the webpage:
- The Hosted-App tries to load the page, gets a 401 (with "WWW-Authentication: Negotiate and WWW-Authentication: NTLM) and then.....just sits there and does nothing (no login dialog, no error, just displays the splash-screen)
- If I enable anonymous authentication, but [Authorize] my controllers:
- The initial page loads OK (of course...there is no authentication)
- The first calls to a webservice will show the login-dialogue, subsequent calls are OK.
So - my questions:
- is what I want (automatically use the current logged in user for authentication) even possible?
- If yes - what could be my problem?
Thanks in advance
Johannes Colmsee
Update:
It seems that (all observations I made in the last hour - the following are all "from remote PC connect to host PC"):
- my Kerberos settings were fucked up (if you install Forefront - it will setup all so that it works, but nothing else....
- After fixing that - I can connect to the page with "regular browsers"
- However - if I try it from the UWP-App, this happens:
- if I use the IP-Adresse - after the first "401" response of the server....nothing
- if I use the "Hostname" (not the FQDN) - communicates 3 times with server (3x 401) - after this point a dialoge should show up, but it does not.
- Unfortunately I cannot use FQDN (some name resolving problem idk...)
Both - IP-Adresse and Hostname work fine in "regular browsers". I cannot try out HTTPS right now (browsers I can shut up about certificate problems, UWP-hosted I can't)
Now....some observations from "local-to-local" connection:
- Hostname: current user is picked up automatically
- localhost: same
- IP-Adresse: sits at splash screen
In this scenario I cannot watch the network-traffic (no fiddler or other means).
More Infos tomorrow maybe.
I have some more Information on this Problem - it might help others to fix their Problems - so, I add it as an extra entry instead of updating.
After some Investigation - I found out, that also Edge has problems loading the pages.
this thread has some Information to Workaround / fix the issue:
https://social.technet.microsoft.com/Forums/de-DE/0face535-3c7a-4658-be34-6c376322ca34/microsoft-edge-cant-open-local-domains?forum=win10itpronetworking
for me - what worked was putting the page into "trusted sites" list - after that - Edge did load the page.
About the "automatically use current user" thingy - again - test it with Edge - if Edge does not use it, neither your app will.
For me - Opening the page with "just the Computer Name" (vs. FQDN) did use the "current user" for both - Edge and UWP-App.
Maybe one could configure it in a way that FQDN would also use the "current user" automatically.
More Information might follow.