Can't login when inside corporation network

AzureAD / azure-activedirectory-library-for-dotnet

ADAL authentication libraries for .net

http://aka.ms/aaddev

MIT License

358 stars 214 forks source link

Can't login when inside corporation network #1032

Closed gi097 closed 6 years ago

gi097 commented 6 years ago

I am using ADAL.NET in Xamarin. The login works fine, however when I am inside the corporation network the ADFS redirects to the internal server, which should not happen, it returns a 404. How can I force the app to redirect to our external server? Are there some parameters that I am missing?

jmprieur commented 6 years ago

Hello @gi097 Did you do all what is recommended in the following paragraph: Properties of PlatformParameter specific to WinRT and UWP (Corporate network)

Alternatively, if this application is only meant to run on a domain, you might want to consider using AcquireTokenSilentAsync using Integrated authentication on Windows (Kerberos)

jbpoulsen commented 6 years ago

I am also using ADAL.NET in Xamarin and it works perfectly on every platform except for UWP on corporate network. The issue is only in the released versions of the app, so it does not happen in Debug mode.

The only way i can get around this issue is by running the following command using cmd, but its not a viable solution since i cannot force every single user to call this: REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\authhost.exe" /v EnablePrivateNetwork /t REG_DWORD /d 1 /f

Let me know if you need more information.

jennyf19 commented 6 years ago

Thanks @jbpoulsen - we'll look into this issue

Anant-Dabhi commented 6 years ago

I have same issue on one of my user WIA not work in corporate network however it user try to access from outside network it working perfect. In internal network when user set "EnablePrivateNetwork=1" it working but changing reg. value for every user is not feasible solution.

Is that any other workaround for above issue?

jmprieur commented 6 years ago

@tatvaanant : maybe the solution is to work with the domain admins so that they add this registry key in the group policies: http://woshub.com/how-to-create-modify-and-delete-registry-keys-using-gpo/

henrik-me commented 6 years ago

@tatvaanant @gi097 @jbpoulsen : Is this still an issue for you? I do not thing that the library can do anything about it. PrivateNetwork must be set and for a corporate network that has as mentioned above likely to be set using group policies. I will close the issue, however please feel free to re-open if you find that there is something the library can do here.