Community

Accessing Windows authenticated service returns 401 error after restarting browser

904
3
Jump to solution
03-09-2022 08:23 AM
YoavLeshem
by
New Contributor II
‎03-09-2022 08:23 AM

Hi.
Using arcgis server webadaptor 10.7
Windows authentication is configured as instructed in documantations.

Screenshot_49.png

Screenshot_50.png

 When first accessing a secured service from web application, a windows login dialog is displayed (expected behavior) :

Screenshot_51.png
* the netowrk request while windows dialog invoked

 Once credentials are entered, user is authorized and is able to access the service (as expected):




Screenshot_52.png

 *The validated reponse headers after credentilas are validated

Screenshot_55.png

 * The validated request haeders after credentilas are validated


The problem is when we close the browser (chrome Version 99.0.4844.51) and reopen it, trying to access the same service results with a 401 error in the network, and cors error in the console log:

Screenshot_53.png

Screenshot_54.png

 The expected results should be - 
 Either the server remebers valid credentials and authorize accsess service, or invoke login dialog.
 The currnet behvior is none of the above. The only way to invoke Windows login dialog is by hard-reload the browser (dev-tools must be open for that), or directly load the requested service in another browser tab and re-enter credentials in the Windows login dialog that is invoked there.
Please help. Are we missing something? Is this a known issue? 

 

 

 

 

 

 

 

 

 


 



0 Kudos
1 Solution

Accepted Solutions
YoavLeshem
by
New Contributor II
‎05-10-2022 06:17 AM

For future generations:
We managed to overcome this issue.
Apperantly, we had a service worker in our app which cahced the request above with invalid credentials.
Our problem was solved by unregistrating that Service worker.  

View solution in original post

0 Kudos
3 Replies
JoëlHempenius3
by
Occasional Contributor II
‎03-09-2022 11:02 PM

When first accessing a secured service from web application, a windows login dialog is displayed (expected behavior) 

In my experience, this isn't the expected behavior. The only way I could trigger this would be in an incognito window from Chrome or edge. 
But my experience is based on:

  • Server (with Webadaptor) is joined to an Active Directory
  • Clients (users) are joined to the same Active Directory

With that in place, the users are authenticated automatically based on a Kerberos Ticket and don't have to enter their username and password when they access a resource via the webadapter. This works well with Edge, Chrome and of course IE, Firefox might need some additional settings to get this working.

Are you using AD as well in your case?

-Joël Hempenius.

Languages: JavaScript, Python and Dunglish
YoavLeshem
by
New Contributor II
‎03-09-2022 11:58 PM

Hi.
I am using Active Directory.
I would expect an SSO behavior as you described, but we can accept login dialog behavior for initial use.
A more serious problem for us is the inconsistent behavior forcing the user to perform hard reload or access the service's URL directly 

0 Kudos
YoavLeshem
by
New Contributor II
‎05-10-2022 06:17 AM

For future generations:
We managed to overcome this issue.
Apperantly, we had a service worker in our app which cahced the request above with invalid credentials.
Our problem was solved by unregistrating that Service worker.  

0 Kudos