question

SergeSettels-6145 avatar image
0 Votes"
SergeSettels-6145 asked RobCaplan edited

Xamarin: Does anyone have a problem when authenticating with MSAL with option WithUseEmbeddedWebView enabled?

Xamarin: When using AcquireTokenInteractive to authenticate against ADFS one customer forwards their authentication to a secure token server (STS). This one shows an authentication dialog against their local AD system (that default dialog which you also get when you have a IIS website secured with windows authentication).

When using the embedded webviewer (option WithUseEmbeddedWebView(true)) the user is not forwarded (and does not display the dialog). No authentication is possible.
On iOS you get a blank page, on Android you get a page load error.
When using an external webviewer the process works the same as with a webapp. The external viewer has some disadvantages.

It seems that WithUseEmbeddedWebView has limitations, but I cannot find any reference. I do not know if I should change the behaviour for this one customer.

Does anyone have more information on this?

Environment: Xamarin Forms, latest versions, iOS latest version, Android also.
Reproduce:
AcquireTokenInteractive
you see the Microsoft login screen
you enter your email address
you are forwarded to the customer specific environment
blank screen (iOS) / error (Android) / Login dialog (when using a separate browser or disable the embeddedwebview.)
If you authenticate with another emailadres then there is no problem, since the behaviour is related to the domain of the customer.

dotnet-xamarinadfsazure-ad-multi-factor-authentication
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I research this issue, then I find this article:https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-web-browsers

First of all, I find By default, MSAL.NET supports the system web browser on Xamarin.iOS and Xamarin.Android. But you can also enable the Embedded Web browser depending on your requirements (UX, need for single sign-on (SSO), security) in Xamarin.iOS and Xamarin.Android apps.

Then I find we can enable embedded webviews in Xamarin.iOS and Xamarin.Android apps. Starting with MSAL.NET 2.0.0-preview, MSAL.NET also supports using the embedded webview option

https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-web-browsers#enable-embedded-webviews-on-ios-and-android

0 Votes 0 ·

I did not recognize the "broker" part, but actually that appears to be the technology that does the forwarding.

Then this makes sense: "Currently, MSAL.NET doesn't yet support the Android and iOS brokers. Therefore to provide single sign-on (SSO), the system browser might still be a better option. Supporting brokers with the embedded web browser is on the MSAL.NET backlog."

Thanks for your reply and help!

0 Votes 0 ·

brokers like Microsoft Authenticator and the Android-specific Microsoft Intune Company Portal enable.

Please see this thread about "Broker" part: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-use-brokers-with-xamarin-apps

0 Votes 0 ·
Show more comments

0 Answers