Community
Select to view content in your preferred language

Embedding a secure Experience Builder app inside WebView (.NET MAUI)

99
1
Jump to solution
2 weeks ago
Labels (2)
Labels
KevinCheriyan
by
Frequent Contributor
2 weeks ago

I have a .NET MAUI application that I need to load an Experience Builder application from the client's portal in. The user is already authenticated earlier in their workflow at app-start. 

I can load the Exp Builder app from WebView by setting the Source property to its URL in Portal. The issue is that I'm being asked to authenticate by logging in inside the WebView. I'd like to avoid this workflow where the user has to enter their credentials more than once in the entire application workflow. 

I tried passing the access token from Portal by setting &token=token-value as a parameter to the WebView source. Unfortunately, this didn't work either. 

What have others tried to get this authentication working for them?


--------------------------------------------------
Application Developer, GeoMarvel
0 Kudos
1 Solution

Accepted Solutions
MatveiStefarov
by Esri Contributor
Esri Contributor
Tuesday

Logging in Runtime and then applying those credentials to web requests would require injecting headers into all requests.  Outside Windows, this is quite hard to do.  Even .NET 10's upcoming HybridWebView web request interception is only fully functional on Windows/WinUI.

The only practical approach I can think of is to make the user sign into portal in a WebView first, and then transfer authorization to the Maps SDK app via OAuth (i.e. using an IOAuthAuthorizeHandler that goes to the already-signed-in WebView instead of a popping out into the system browser).  And I am not 100% sure if that would work either.

View solution in original post

1 Reply
MatveiStefarov
by Esri Contributor
Esri Contributor
Tuesday

Logging in Runtime and then applying those credentials to web requests would require injecting headers into all requests.  Outside Windows, this is quite hard to do.  Even .NET 10's upcoming HybridWebView web request interception is only fully functional on Windows/WinUI.

The only practical approach I can think of is to make the user sign into portal in a WebView first, and then transfer authorization to the Maps SDK app via OAuth (i.e. using an IOAuthAuthorizeHandler that goes to the already-signed-in WebView instead of a popping out into the system browser).  And I am not 100% sure if that would work either.