Using Windows Authentication Broker Credentials in WebView

Question

I am using Windows Authentication Broker successfully with Facebook! (Yes!).  After the user signs in I am displaying a Facebook page within a WebView control.  When the Facebook page loads it asks for sign-in credentials (again)!  I thought WAB was supposed to share credentials with other apps, including the web browser.  Is there a way to achieve the functionality I am looking for?

Thanks,

Shaun

Answer 1

RE: " I thought WAB was supposed to share credentials with other apps"

No.  Apps never share information like that.  Every app is sandboxed for security.

---

Jeff Sanders (MSFT)

@jsandersrocks - Windows Store Developer Solutions @WSDevSol
Getting Started With Windows Azure Mobile Services development? Click here
Getting Started With Windows Phone or Store app development? Click here
My Team Blog: Windows Store & Phone Developer Solutions
My Blog: Http Client Protocol Issues (and other fun stuff I support)

Answer 2

I'm trying to understand your scenario - you both use WAB and WebView in the same app? 

---

Matt Small - Microsoft Escalation Engineer - Forum Moderator
If my reply answers your question, please mark this post as answered.

NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

Answer 3

Hi Matt.  Good to see you again.  Somehow I missed the responses to this thread.  The Use Case.  So I use Facebook to authenticate a user via WAB and it works great.  After authentication I use the Facebook Credits API to facilitate in-app purchases.  When I open a browser page to show the check-out page the user must reauthenticate into Facebook.  Once they've authenticated (the second time) it is stored for future transactions. 

Yes, I could use the Windows Store for these purchases but I have a larger user base on Facebook and I'd like to keep my transactions centralized there.  I would argue that it isn't logical for WAB to authenticate an app using the browser and then to have the in-app browser be unable to use the same credentials...

Answer 4

I marked this as unanswered because to say "Apps never share information like that." completely disregards the fact that it is the SAME app trying to reuse credentials across WAB and the app's WebView control.  If WAB authenticates an app to Facebook using the browser, why wouldn't the browser be authenticated with Facebook??

Answer 5

OK, I understand.  You said, " WAB was supposed to share credentials with other apps".  You are not sharing with other apps at all but this is in the same app correct?

---

Jeff Sanders (MSFT)

@jsandersrocks - Windows Store Developer Solutions @WSDevSol
Getting Started With Windows Azure Mobile Services development? Click here
Getting Started With Windows Phone or Store app development? Click here
My Team Blog: Windows Store & Phone Developer Solutions
My Blog: Http Client Protocol Issues (and other fun stuff I support)

Answer 6

These are really different scenarios. When you authenticate via the WAB, you're asking for a token which you can use inside an HTTP request to FB which allows FB to confirm who you are when you want to request or post information to FB.  That token does not automatically exist inside the browser or WebView - it's not a cookie.  Instead, the WebView relies on cookies to determine that you've authenticated yourself. 

All of that said, Jeff is correct - there isn't any sharing between apps' inetcache.

---

Matt Small - Microsoft Escalation Engineer - Forum Moderator
If my reply answers your question, please mark this post as answered.

NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.