microsoft-authentication-library-for-dotnet: [Bug] WebView2-based embedded browser does not work in protected directories

Which Version of MSAL are you using ? MSAL 4.28.2

Platform net5-windows10.0.17763.0

What authentication flow has the issue?

  • Desktop / Mobile
    • Interactive

Is this a new or existing app? This is an existing app attempting to adopt new feature.

Repro

  1. Install the “evergreen” WebView2 runtime
  2. Create a .NET 5 console app with the following code
var pca = PublicClientApplicationBuilder.Create(clientId).Build();
var result = await pca.AcquireTokenInteractive(scopes)
   .WithUseEmbeddedWebView(true)
   .ExecuteAsync();
  1. dotnet publish -r win-x86 the application and copy the publish output in to a directory like %ProgramFiles% (one that requires admin permission to create a new folder).
  2. Run the console app from the new location.

Expected behavior An embedded WebView2-based browser window appears asking for sign-in.

Actual behavior An empty WinForms dialog appears. There are no errors.

Possible Solution Set the WebView2 runtime environment to point the user data folder outside of the protected directory. https://docs.microsoft.com/en-gb/microsoft-edge/webview2/concepts/userdatafolder

Additional context/ Logs / Screenshots The folder the WebView2 runtime tries to create a user data directory, for the browser profile information (cookies, etc). Moving the executable outside of a protected directory (where non-admin users have write and modify permissions) allows the WebView2 runtime to work.

image

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 15 (11 by maintainers)

Most upvoted comments

Also, we’ve discussed with the WebView2 SDK folks and they are actively working on a solution “out of the box”. So in MSAL 4.30 we will be setting the UserFolder out of program files and when WebView2 SDK finish up their work (no ETA, but work is in progress), we would upgrade as well.

+4
bgavrilMS on Apr 20, 2021

This is included in MSAL 4.30.0 release.

cc: @mjcheetham @sakkumarfirstam @luismiguelsanchezGL @FreddyD-GH

+1
pmaytak on Apr 22, 2021

@sakkumarfirstam : we’d want to release it this week.

+1
jmprieur on Apr 20, 2021

I got exactly the same issue but using a WPF .NET Core 3.1 application and the Visual Studio Setup project to create an installer (setup.exe)

PublicClientApplicationBuilder.Create(ClientId)
                .WithB2CAuthority(AuthoritySignUpSignIn)
                .WithRedirectUri(RedirectUri)
                .WithDesktopFeatures()

Then, when calling the AcquireTokenInteractive

await app.AcquireTokenInteractive(ApiScopes).ExecuteAsync();

I dont get any error, but if I run the app as administrador I receive the following error

Microsoft Edge can’t read and write to its data directory. %ProgramFiles%

I was reviewing the code to see if you guys were implementing the UserDataFolder property but I could not find it but I noticed that in the WinFormsPanelWithWebView2.cs in the line number 68 you were creating a new instance of the CoreWebView2CreationProperties which has the UseDataFolder property but it is not been used.

+1
luismiguelsanchezGL on Mar 24, 2021
Read more comments on GitHub
← microsoft-authentication-library-for-dotnet: [Bug] WAM interactive dialog (the Account Picker) is immediately canceled when shown in an elevated app
microsoft-authentication-library-for-dotnet: [Bug] Windows integrated authentication Azure AD and WinForms, Integrated Windows Auth is not supported for managed users →