Windows Integrated Authentication - Not Working - Canary & Dev

Steel Contributor

We use Windows Authentication for both our production and dev sites. Edge (Chromium) has worked with both of these until yesterday. We are currently on 79.0.307.0 and now we have to log in manually, rather than automatically being logged in with our Windows credentials.

 

clipboard_image_0.png

36 Replies

Just updated to 79.0.308.0, still broken.

I can't even load some of our test sites. We run Apache on Windows with the same site on multiple ports, and not even getting the auth prompt on sites not on port 80:

 

clipboard_image_0.png

79.0.309.0 - still not working,

Great, Dev just updated and now it's broken there as well!

@Keith Davis 

Hi,

Have you tried checking out these flags?

sometimes some features of Edge insider get turned off, shipping to flags, disabled by default and so on.

 

Annotation 2019-10-23 150834.png

 

@Keith Davis 

in case you or your organization is using Group policy files for Edge insider browser,

grab the new unified version of it from here: 

https://www.microsoftedgeinsider.com/en-us/enterprise

 

they are not updated, merged and applicable to all Edge insider channels.

@HotCakeX Thanks for the input, but I don't believe any of those flags are related to this issue (except maybe the profile one), still I tried enabling manually all 3, no effect. Also, I'm 99.9% sure that this feature is not classified as "experimental". :)

@HotCakeX We are and I'm pretty sure we have the most current version of the GP templates installed, but I'll verify. Thanks again.

@HotCakeX 

 

We were not on the latest version, but appears the new templates are invalid in some way:

 

clipboard_image_0.png

 

Going to start a different thread for this issue.

The whole browser is experimental and beta for now and judging by the version I think you are using Canary
You're welcome, yes better check because they are regularly updated for now that new features are added very frequently but once it hits stable release, i don't think they will need updates so often.
There was a regression in behavior sometime around 79.307 or so. The symptom is that if you're logged into the browser (e.g. the account you sync to) using your personal MSA account (e.g. @live.com) and you attempt to navigate to a site that requires your corporate network credentials, your corp credentials are not correctly sent to the website.

This problem does not appear if you're logged into the browser using your corporate (e.g. AAD) account.

The identity team is working on the fix. Apologies for the breakage-- rest assured, we blew up most of our Microsoft self-hosters, so this is highly visible. :\

The first two "Web Auth" flags shown here are not related.

 

However, **Disabling** the "Sign in to intranet websites with your profile" might have an impact. edge://flags/#edge-identity-based-http-auth

We are testing both Dev and Canary. This issue began in Canary about a week ago and the issue was pushed to Dev today.

@Eric_Lawrence Oh, thank God! I was starting to think it was only us and I know how "bugs that only affect our small universe get fixed" (only if we are lucky). :)

@Eric_Lawrence 

 


@Eric_Lawrence wrote:
The first three flags shown here are not related. **Disabling** the "Sign in to intranet websites with your profile" might have an impact.

Yes, that did fix the issue. Right now, we have only a couple of users testing (Dev and Beta channel), so we can flip that flag once this starts to happen for them until the actual fix is deployed. Thanks!

@Eric_Lawrence 

It worked - makes zero sense.

@Keith Davis You should not *enable* it, but *disable* the first. Peculiar, but working.