Xamarin
A Microsoft open-source app platform for building Android and iOS apps with .NET and C#.
5,305 questions
Xamarin: Does anyone have a problem when authenticating with MSAL with option WithUseEmbeddedWebView enabled?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 7.000000000000001%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Serge Settels
1
Reputation point
Xamarin: When using AcquireTokenInteractive to authenticate against ADFS one customer forwards their authentication to a secure token server (STS). This one shows an authentication dialog against their local AD system (that default dialog which you also get when you have a IIS website secured with windows authentication).
When using the embedded webviewer (option WithUseEmbeddedWebView(true)) the user is not forwarded (and does not display the dialog). No authentication is possible.
On iOS you get a blank page, on Android you get a page load error.
When using an external webviewer the process works the same as with a webapp. The external viewer has some disadvantages.
It seems that WithUseEmbeddedWebView has limitations, but I cannot find any reference. I do not know if I should change the behaviour for this one customer.
Does anyone have more information on this?
Environment: Xamarin Forms, latest versions, iOS latest version, Android also.
Reproduce:
AcquireTokenInteractive
you see the Microsoft login screen
you enter your email address
you are forwarded to the customer specific environment
blank screen (iOS) / error (Android) / Login dialog (when using a separate browser or disable the embeddedwebview.)
If you authenticate with another emailadres then there is no problem, since the behaviour is related to the domain of the customer.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 6%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
Leon Lu (Shanghai Wicresoft Co,.Ltd.) 69,921 Reputation points Microsoft Vendor2021-05-11T14:07:18.767+00:00 I research this issue, then I find this article:https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-net-web-browsers
First of all, I find By default, MSAL.NET supports the system web browser on Xamarin.iOS and Xamarin.Android. But you can also enable the Embedded Web browser depending on your requirements (UX, need for single sign-on (SSO), security) in Xamarin.iOS and Xamarin.Android apps.
Then I find we can enable embedded webviews in Xamarin.iOS and Xamarin.Android apps. Starting with MSAL.NET 2.0.0-preview, MSAL.NET also supports using the embedded webview option
-
Serge Settels 1 Reputation point
2021-05-11T14:31:40.827+00:00 I did not recognize the "broker" part, but actually that appears to be the technology that does the forwarding.
Then this makes sense: "Currently, MSAL.NET doesn't yet support the Android and iOS brokers. Therefore to provide single sign-on (SSO), the system browser might still be a better option. Supporting brokers with the embedded web browser is on the MSAL.NET backlog."
Thanks for your reply and help!
-
Leon Lu (Shanghai Wicresoft Co,.Ltd.) 69,921 Reputation points Microsoft Vendor
2021-05-12T08:31:04.26+00:00 brokers like Microsoft Authenticator and the Android-specific Microsoft Intune Company Portal enable.
Please see this thread about "Broker" part: https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-net-use-brokers-with-xamarin-apps
-
Serge Settels 1 Reputation point
2021-05-12T09:08:29.353+00:00 I am learning as we work: a broker is an app that handles the authentication, I did not know that.
In this case the change did not help since the client does not use a broker but a redirect to their own Secure Token Service, and that fails.
I do realize now that once my clients are going to use brokers, the app needs to be able to support those as well.
And then it might be better to use the system browser instead of the embeddedwebview since the system browser supports them better by default...I find it difficult to understand why this process is so complex and fragile; you might expect Xamarin to support this by default...
-
Leon Lu (Shanghai Wicresoft Co,.Ltd.) 69,921 Reputation points Microsoft Vendor
2021-05-13T08:01:58.383+00:00 Yes, it is better to use the system browser instead of the embeddedwebview since the system browser supports them better by default
Sign in to comment