UWP - 在 ADAL 身份验证中启用专用网络

Question

We are creating a UWP app using Xamarin.forms and for Login purposes, ADAL has been used. Authentication has been happening successfully when we are connected to VPN. But when we try to run the same app in the Client.network where we don't require VPN, App is not showing ADAL IWA (Integrated Windows Authentication), instead, we are getting the Error message “We can't connect to the service you need right now. Check your.network connection or try this again later.” I have attached an image for reference. On investigating further, we found an article about the same issue with the solution in the Microsoft forum ( https://learn.microsoft.com/en-us/azure/active-directory/develop/msal.net-uwp-considerations ). The solution is to enable the Private Network in the Registry Editor in Authhost.exe in HKEY_LOCAL_MACHINE. On running the below command, we could be able to bypass the issue. But we don't want to play on editing the registry on each end-user machine or device. So, we tried editing the registry programmatically inside the app, but we got a security exception.

Enabling Private Network Through Command Prompt:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\authhost.exe\EnablePrivateNetwork = 00000001

Error while trying to edit Registry Programmatically:

System.Security.SecurityException: 'Requested registry access is not allowed.'

Reference for Editing Registry Programmatically:

https://codingvision.net/c-edit-registry-keys-or-values

So, we need to understand, what is the best way to address this issue?

1. I don't want to alter the Registry using the command prompt or Registry Editor App.

2. Is it possible to enable private.network via AD group policy or Windows OS Settings.

3. Any other possible way to Enable Private Network

Note: The same code works fine with Android Environment. The problem is only with Windows.

Answer 1

• There is no group policy existent which changes this option in registry for the private.network in ADAL authentication. But you surely can change this registry setting through group policy as it is the only solution to enable private.network for ADAL authentication. To do this, please follow the steps below in group policy: -

a) Login to the Group policy server/domain controller and open the group policy management GUI, then select the default domain group policy and edit it.

b) Then go to 'Computer Configuration --> Preferences-> Windows settings --> Registry --> New --> Registry Wizard' . The registry wizard opens and allows you to connect to the remote computer and select the appropriate registry key, ie, 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\authhost.exe\EnablePrivateNetwork = 00000001'

c) Select the correct client system that has the above registry entry present in their system and then select it. Also, please note that the registry browser allows you to select the keys from the hives 'HKEY_LOCAL_MACHINE' and 'HKEY_USERS' only. Also, if the remote system is unable to connect from the registry finder, please ensure that the system is turned on, access is not blocked by firewall and the remote registry service is not stopped.

d) Once done, the above registry entry is imported into the Group policy console along with the desired path for that registry key in the workspace. Once done, the GPO should be deployed and, in this way, the registry key will be pushed and updated on all the client systems in that domain.network.

• You will have to create a new Group policy object and select the appropriate OU from the Group policy server while deploying this registry key if you do not want to deploy it to all the domain.networks.