locked
WebAuthenticationBroker not working as expected

    Question

  • Hi everyone,

    I am currently developing a Windows 8.1 App which uses my own custom REST API (it's making extensive use of WinJS.xhr).

    Now I also want users to authenticate against my Windows Azure Active Directory, so I have implemented WsFed + SAML2 on the server side. If I browse the API in my browser, I get redirected to Microsoft's Login page and after logging in I get redirected back to the API where the SAML Token is validated (at least that's my understanding of this whole authentication scheme). It works fine if I do it in a web browser.

    I have tried to implement this in my Windows App by using the WebAuthenticationBroker. I think I got it working basically, however when I make an XHR after authenticating with WebAuthenticationBroker, I still get redirected / 401 response as if the authentication never took place.

    After debugging this process I noticed why it's not working right: The WebAuthenticationBroker uses a sandboxed browser session. This means that the (authenticated) session of the WAB UI is completely separate from the (unauthenticated) session that is used by WinJS.xhr.

    So how should I implement the authentication in my App?


    Friday, February 14, 2014 10:41 AM