Edge doesn't initiate authorization token negotiation for XHR requests from SPA app requiring integrated auth

Issue #11018116 • Assigned to Steven K.

Details

Author
ravi p.
Created
Feb 21, 2017
Privacy
This issue is public.
Found in
  • Microsoft Edge
Found in build #
14.14393
Reports
Reported by 2 people

Sign in to watch or report this issue.

Steps to reproduce

for our Intranet app we use integrated auth using negotiate authorization scheme (WWW-Authenticate: Negotiate). Both the app UX and API require integrated authorization. For UX pages in edge, integrated authorization negotiation handshake is honored and works fine. (In the network capture I can see for the first anonymous request server challenges request with 401 unauthorized with WWW-Authenticate: Negotiate, NTLM header in response. Edge pops up a window for use to enter credentials and then sends request with Authorization: negotiate <token> header, Server responding with a challenge in 401 response, edge sending another request with authorization header which is accepted by server and 200 ok response is sent).
But when this page makes an XHR request with API endpoint of the intranet site, the authorization handshake does not happen. (In the network capture I only see for the anonymous XHR request server challenges it with 401 unauthorized with WWW-Authenticate: Negotiate, NTLM header in response and that is where it ends. Edge does not show user any pop up to enter the credentials and thus does not send any response to the challenge from the server).
I same web app works fine in IE or Chrome.

Microsoft Edge 38.14393.0.0
Microsoft EdgeHTML 14.14393

Attachments

0 attachments

    Comments and activity

    • Microsoft Edge Team

      Changed Assigned To to “Steven K.”

    You need to sign in to your Microsoft account to add a comment.

    Sign in