Forum Xamarin.Forms

Announcement:

The Xamarin Forums have officially moved to the new Microsoft Q&A experience. Microsoft Q&A is the home for technical questions and answers at across all products at Microsoft now including Xamarin!

To create new threads and ask questions head over to Microsoft Q&A for .NET and get involved today.

Xamarin Forms : Handle SSO in WebView with application's MSAL authentication token

Hi all,
I have implemented the MSAL authentication using Xamarin forms and need to load another Url on Webview with already authenticated user during App Login with MSAL, Android working fine but iOS webview is again asking the user credentials to authenticate new URl on webview.
Could some one suggest how to achieve this if already implemented this, thanks in advance.

Best Answer

Answers

  • Ganesh.4229Ganesh.4229 USMember ✭✭

    @NicoleLu Yes , I have integrated MSAL Nuget and integrated Login Authentication, able to authenticate with my AD account and stored Access token, now after authentication I need to load other Url on Webview, which has also requesting login in iOS Webview while loading, but Android its passing through webview with earlier login Authentication and working fine.

    My requirement is iOS also should work without asking re login on webview.
    I tried rendering native webview and and tried in iOS still facing same issue.

    intention is load a Url on webview with authenticated user on iOS.

    Thanks

  • LandLuLandLu Member, Xamarin Team Xamurai

    Hi @Ganesh.4229 May I ask why you want to open other pages using WebView.
    I noticed that you had retrieved the token through the first authentication.
    We could retrieve the user information by using the token instead of a new webview. And I think we should avoid using a built-in webview to request authentication.
    It may cause some security issues.

    My requirement is iOS also should work without asking re login on webview.

    There are different cache strategies between iOS and Android. The webview in iOS doesn't automatically cache the authentication cookies so it will ask the user to enter the user name and password again.
    We need to manually inject the cookies refer to:
    https://stackoverflow.com/questions/61828868/xamarin-wkwebview-and-cookies
    However, we don't know how the MSAL retrieved data from the cookies. So I recommend using the token to request data instead of the webview.

  • Ganesh.4229Ganesh.4229 USMember ✭✭

    @LandLu Thank you,

    Answer to your query, May I ask why you want to open other pages using WebView.

    Because , I need to open other website urls related to the same organization, as user is already authenticated using his credentials and need to skip login again on newly loaded websites too.

    would like to avoid these multiple logins on other urls inside the app webview to make sure SSO work on all.

    Thank you

  • NicoleLuNicoleLu Member, Xamarin Team Xamurai
    edited October 2020

    @Ganesh.4229 As Land has mentioned, embeded WebView for iOS loses session cookie by design:

    WKWebView — Each WKWebView instance has its own cookie storage. See the WKHTTPCookieStore class for more information.

    If it's possible, you can use system browser as a work around, but with this issue, it may not work in iOS 14 for now. You can also choose to open an issue in this github repository or ask questions in Azure Microsoft Q&A to ask for other workarounds.

Sign In or Register to comment.