IE bug: webapp is in trusted sites - can't call webapi #102

Closed
sergsalo opened this Issue Mar 25, 2015 · 9 comments

Comments

Projects
None yet
8 participants
@sergsalo

Let's say I have webApp and webApi (see sample: https://github.com/AzureADSamples/SinglePageApp-WebAPI-AngularJS-DotNet). I published webApp to azurewebsites, so ADAL js can work with IE and webApi. WebApi is in different domain, so CORS is enabled and everything works pretty good - I can call webApi and receive data back. Now, if I add webApp into "Trusted Sites" in IE - it can no longer call webApi. Error I get back:
Error description:AADSTS50058: User account identifier is not provided.
Trace ID: bbefadd6-5a88-45e9-a029-a7fbbbf4c280
Correlation ID: df1736d7-f20f-4814-992a-fea38b2f26ed
Timestamp: 2015-03-25 22:47:05Z

It continues to work fine in Chrome in either scenario.

@leandroshan

This comment has been minimized.

Show comment
Hide comment
@leandroshan

leandroshan Mar 30, 2015

I have *.mydomain.com in the LOCAL INTRANET list of sites and it DOES NOT work for me either, if I remove from the list, it works just fine. Please help !

I have *.mydomain.com in the LOCAL INTRANET list of sites and it DOES NOT work for me either, if I remove from the list, it works just fine. Please help !

@omercs

This comment has been minimized.

Show comment
Hide comment
@omercs

omercs Mar 31, 2015

Contributor

It should be related to cookie access from iFrame. I will try to repro this and get back to you.

Contributor

omercs commented Mar 31, 2015

It should be related to cookie access from iFrame. I will try to repro this and get back to you.

@omercs

This comment has been minimized.

Show comment
Hide comment
@omercs

omercs Mar 31, 2015

Contributor

I try to repro and noticed HTML1202 error in console. You can see details here: https://msdn.microsoft.com/en-us/library/ie/dn423949(v=vs.85).aspx

This error is related to the default setting for Intranet sites. IE is showing intranet site in compatibility view. If you go to Tools->Compatibility View Settings->Uncheck "Display intranet sites in compatibility view", it will continue to work.

Let me know if this fixes your issue.

Contributor

omercs commented Mar 31, 2015

I try to repro and noticed HTML1202 error in console. You can see details here: https://msdn.microsoft.com/en-us/library/ie/dn423949(v=vs.85).aspx

This error is related to the default setting for Intranet sites. IE is showing intranet site in compatibility view. If you go to Tools->Compatibility View Settings->Uncheck "Display intranet sites in compatibility view", it will continue to work.

Let me know if this fixes your issue.

@sergsalo

This comment has been minimized.

Show comment
Hide comment
@sergsalo

sergsalo Apr 1, 2015

In my case the website is not in the LOCAL INTRANET and it still doesn't work if it is in Trusted Sites

sergsalo commented Apr 1, 2015

In my case the website is not in the LOCAL INTRANET and it still doesn't work if it is in Trusted Sites

@omercs

This comment has been minimized.

Show comment
Hide comment
@omercs

omercs Apr 30, 2015

Contributor

Update for IE: If you put your site in the trusted site list, cookies are not accessible for iframe requests. You need to remove protected mode for Internet zone or add the authority url for the login to the trusted sites as well.

Contributor

omercs commented Apr 30, 2015

Update for IE: If you put your site in the trusted site list, cookies are not accessible for iframe requests. You need to remove protected mode for Internet zone or add the authority url for the login to the trusted sites as well.

@AbdoDabbas

This comment has been minimized.

Show comment
Hide comment
@AbdoDabbas

AbdoDabbas Jun 23, 2015

Does it work with AngularJs+IE8 ?

Does it work with AngularJs+IE8 ?

@lukianol

This comment has been minimized.

Show comment
Hide comment
@lukianol

lukianol Aug 20, 2015

Hi,

We experience the same issue on IE11.
As soon as our website is added to Trusted Sites we cannot login using adal.js.
Workaround is to add AAD login page to trusted sites as well

Hi,

We experience the same issue on IE11.
As soon as our website is added to Trusted Sites we cannot login using adal.js.
Workaround is to add AAD login page to trusted sites as well

@pbjorklund

This comment has been minimized.

Show comment
Hide comment
@pbjorklund

pbjorklund Dec 3, 2015

I think this is related...

When outlook.office365.com is in trusted sites adal.js fails on
image

Now I don't really know how but the fact that it failed makes angular unable to compile my template in the webapp version of outlook in IE (works in outlook desktop and in chrome).

image

My route config below (tried lot's of permutations of the templateurl, no slash, slash, no appread, etc)

$routeProvider
      .when('/', {
        templateUrl: '/AppRead/Home/Home.html',
        extraQueryParameter: 'nux=1',
        controller: 'homeController',
        controllerAs: "vm",
        requireADLogin: true
      });

But the worst thing is that it seems like Visual Studio adds outlook.office365.com to trusted sites on f5 debug.

I think this is related...

When outlook.office365.com is in trusted sites adal.js fails on
image

Now I don't really know how but the fact that it failed makes angular unable to compile my template in the webapp version of outlook in IE (works in outlook desktop and in chrome).

image

My route config below (tried lot's of permutations of the templateurl, no slash, slash, no appread, etc)

$routeProvider
      .when('/', {
        templateUrl: '/AppRead/Home/Home.html',
        extraQueryParameter: 'nux=1',
        controller: 'homeController',
        controllerAs: "vm",
        requireADLogin: true
      });

But the worst thing is that it seems like Visual Studio adds outlook.office365.com to trusted sites on f5 debug.

@polita

This comment has been minimized.

Show comment
Hide comment
@polita

polita May 16, 2016

IE and Edge don't share cookies across different security zones, so cookies acquired in one zone are not accessible in another. You can eliminate the boundaries by putting them in the same zone so they share the cookie jar. Unfortunately, we don't have a better solution at the moment for IE and Edge.

polita commented May 16, 2016

IE and Edge don't share cookies across different security zones, so cookies acquired in one zone are not accessible in another. You can eliminate the boundaries by putting them in the same zone so they share the cookie jar. Unfortunately, we don't have a better solution at the moment for IE and Edge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment