New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with Single Sign-On (SSO) Implementation in WPF Application #4739
Comments
@JineshKamdar98 what would be helpful here is some minimally reproducible code sample. Can you please put one together and share it (can be its own repo)? It would help the team diagnose the specific scenario that you are implementing. |
@localden, we have one scenario where we need to get authentication result using AcquireTokenSilent API and the thing we observed is when we call this API, it can log users in successfully but it can't set MSIS Auth cookies in our custom WebView2 control and because of that when we render any web application with the use of same WebView2 control, it couldn't find any MSIS Auth cookies and couldn't able to do login while on the other hand when we call AcquireTokenInteractive API with our custom WebView2 control, it prompts for the user credentials and when users able to login successfully it sets MSIS Auth cookies in our custom WebView2 control and the result is users are able to log into web application which renders in the same WebView2 control. Code sample:Not Setting Cookies: ============================================================================== Setting Cookies and works properly: builder = AcquireTokenInteractiveBuilderExtension.GetAcquireTokenInteractiveAsync(builder, authResult = await builder.ExecuteAsync(); In above code, CustomWebUI is our Custom WebView2 control. |
Hi @JineshKamdar98 - you implemented your own browser based on WebView2 using extensibility. This is fine. The problem with SSO is that WebView2 does not provide SSO by default, you have to enable it. You do this by setting this property: https://learn.microsoft.com/en-us/dotnet/api/microsoft.web.webview2.core.corewebview2environmentoptions.allowsinglesignonusingosprimaryaccount?view=webview2-dotnet-1.0.2478.35 |
@bgavrilMS , Thank you for your suggestion but I already tried enabling "AllowSingleSignOnUsingOSPrimaryAccount" setting but it didn't work with this scenario. |
@JineshKamdar98 is ADFS auth critical to the repro? Sharing of ADFS cookies (MSISAuth) between your angular web app and WPF app can be problematic especially if they run in a separate process. If you don't use ADFS accounts just regular AAD are you able to get SSO between WPF and SPA ? Do I understand correctly that if the user is prompted (as part of AcquireTokenInteractive) to re-auth then MSISAuth is dropped and SSO between WPF and SPA works ? |
@iulico-1 , I didn't try this on AAD. Also, to clear your understanding - If user is prompted as a part of AcquireTokenInteractive then users are being asked to enter credentials and MSISAuth cookies are being set and we can achieve SSO between WPF and SPA. The problem is in another scenario when we are calling AcquireTokenSilent which does not prompt the user about credentials so, MSISAuth cookies are dropped in this scenario and we can't able to achieve SSO between WPF and SPA. Just to make clarification that my web app & WPF app both are running in same process. |
Library version used
4.43.0.0
.NET version
.NET Framework 4.8
Scenario
PublicClient - desktop app
Is this a new or an existing app?
None
Issue description and reproduction steps
Hello everyone,
I'm encountering an issue with the implementation of Single Sign-On (SSO) in our WPF application, and I'd appreciate some guidance or insights from the community.
Here's a breakdown of our setup:
We've managed to achieve this integration successfully. However, we encountered a roadblock when attempting to implement automatic login in the WPF application under specific conditions. More specifically:
Has anyone else encountered a similar issue, or perhaps have insights into what might be causing this behavior? Any assistance or suggestions would be greatly appreciated!
Thank you in advance for your help.
Relevant code snippets
No response
Expected behavior
AcquireTokenSilent API should set MSIS Auth Cookies.
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
No response
The text was updated successfully, but these errors were encountered: