|
|
Rank: Newbie
Groups: Member
Joined: 3/21/2014
Posts: 2
|
I am needing to connect to a website that uses Active Directory using the
EssentialObjects WebBrowser control. In Chrome there is a concept of a whitelist (AuthNegotiateDelegateWhiteList). Is there a way to do something similar with the WebBrowser control or another method to accomplish the same thing?
Thanks!
|
|
Rank: Administration
Groups: Administration
Joined: 5/27/2007
Posts: 24,088
|
Thanks for posting in the forum. We have confirmed that delegation whitelist is not supported by EO.WebBrowser. Sorry about it!
|
|
Rank: Newbie
Groups: Member
Joined: 3/21/2014
Posts: 2
|
OK, is there any other way to accomplish Windows Authentication using your control?
Thanks.
|
|
Rank: Administration
Groups: Administration
Joined: 5/27/2007
Posts: 24,088
|
Hi,
I believe Windows authentication works fine. It's just Kerberos delegation won't work. There are two lists for window authentications: trusted server list and kerberos delegation server list. AuthNegotiateDelegateWhiteList is for the later. We use empty list for both. When the web browser tries to access a page that requires authentication, the server will issue an authentication challenge to the browser. The browser has the option to respond or ignore it. For security reason, Chrome would only responds an authentication challenge from a trusted server (for Windows authentication). If the trusted server list is empty, then it checks whether the server issuing the challenge is in the user's "Local Internet" or "Trusted Sites" zone. If the server is in those list, then it will proceed to respond the authentication challenge. In our case, since our trusted server list is empty, we rely on the user's "Local Internet" and "Trusted Sites" zone settings. I believe you can use those settings as a workaround for the lack of an explicitly "trusted server list".
Kerberos delegation is something different where you wish to get one authentication ticket and use it across multiple sites/services. A typical scenario is to use the same ticket for a Web application that would need to access a database server. To enable kerberos delegate, the server must be in the "delegate whitelist". This "delegate whitelist" is what AuthNegotiateDelegateWhiteList is for in Chrome. Currently we do not have any interface to set that list.
Hope this clears up. Please feel free to let us know if you still have any questions.
Thanks!
|
|
Rank: Newbie
Groups: Member
Joined: 6/24/2015
Posts: 1
|
Do you have any plans to implement Kerberos delegation? This is the blocking factor for us. UPD: Here is related issue in the CEF repository: https://bitbucket.org/chromiumembedded/cef/issue/1150 . It includes patch for SSO authentication with NTLM/Negotiate schemes, but it is not included into release yet.
|
|
Rank: Administration
Groups: Administration
Joined: 5/27/2007
Posts: 24,088
|
Hi Max,
This is on our list but it is not a priority yet. We have just released a new version so we will be fixing a number of pressing issue for that version first, after that we can implement this.
Thanks!
|
|
Rank: Newbie
Groups: Member
Joined: 4/26/2016
Posts: 2
|
Hi,
I'm also looking for Kerberos support. Is this still in the road map for the EO.WebBrowser? In that case when?
|
|
Rank: Administration
Groups: Administration
Joined: 5/27/2007
Posts: 24,088
|
David Jonsson wrote:Hi,
I'm also looking for Kerberos support. Is this still in the road map for the EO.WebBrowser? In that case when? Kerboros support is already there. It's just the whitelist part is not there. We do not have any plan to support the whitelist part in the near future. Sorry about it!
|
|
Rank: Newbie
Groups: Member
Joined: 8/15/2018
Posts: 1
|
eo_support wrote:David Jonsson wrote:Hi,
I'm also looking for Kerberos support. Is this still in the road map for the EO.WebBrowser? In that case when? Kerboros support is already there. It's just the whitelist part is not there. We do not have any plan to support the whitelist part in the near future. Sorry about it! Is there any documentations about the kerberos authentication? We have a project that looking for a WebBrowser Control instead of IE11 that allow to Turn On / Off the kerberos authentication programatically. Thanks.
|
|
Rank: Administration
Groups: Administration
Joined: 5/27/2007
Posts: 24,088
|
Anson Woo wrote:Is there any documentations about the kerberos authentication? We have a project that looking for a WebBrowser Control instead of IE11 that allow to Turn On / Off the kerberos authentication programatically. Thanks. Due to the enormous size and complexity of the Chromium project, we do not provide documentations or technical support for any particular Chromium browser engine features beside our own programming interface. If you do not see anything in our own programming interface regarding a feature, you can search online to see if there are any command line arguments that you can pass to Chrome browser to achieve the desired result. Once you find the correct command line, you can pass it to our library through this property: https://www.essentialobjects.com/doc/eo.webbrowser.runtime.extracommandlineargs.aspxMost of the time the arguments you find online for Chrome browser will work with EO.WebBrowser. However sometimes it may not work due to several reasons: 1. Some command line arguments are for Chrome browser only, not for Chromium browser engine. Chrome browser is based on Chromium browser engine but it can have additional features/options that is not available/supported by the browser engine; 2. The version of the browser engine we use and the one the current version of the Chrome browser are different. So there can be differences between what work in our version and what works with Google Chrome; Thanks
|
|