Hi everyone,
I am currently developing a Windows 8.1 App which uses my own custom REST API (it's making extensive use of WinJS.xhr).
Now I also want users to authenticate against my Windows Azure Active Directory, so I have implemented WsFed + SAML2 on the server side. If I browse the API in my browser, I get redirected to Microsoft's Login page and after logging in I get redirected
back to the API where the SAML Token is validated (at least that's my understanding of this whole authentication scheme). It works fine if I do it in a web browser.
I have tried to implement this in my Windows App by using the WebAuthenticationBroker. I think I got it working basically, however when I make an XHR after authenticating with WebAuthenticationBroker, I still get redirected / 401 response as if the authentication
never took place.
After debugging this process I noticed why it's not working right: The WebAuthenticationBroker uses a sandboxed browser session. This means that the (authenticated) session of the WAB UI is completely separate from the (unauthenticated) session that is used
by WinJS.xhr.
So how should I implement the authentication in my App?
