How can we improve the Microsoft Edge developer experience?

Allow server detection of Integrated Windows Authentication (IWA) support

Allow detection (from server side) of web clients which are being managed by domain and for which we know the IWA authentication (SPNEGO, NTLM, Kerberos) is available.

The goal is to send IWA authentication request only to supported web clients, but NOT for web clients in which it is not handled (non domain edge, mobile and such) as sending a status code 401 + WWW-Authenticate HTTP header for those client leads to a very bad user experience with a login popup. Users with a web client without IWA support are proposed other classic authentication methods.

In previous IE version, such goal could be met by using a GPO to deploy a custom IE Post Platform user agent string. This value is added in the UA string and can be detected on the remote server to send IWA request only to those web client.
https://msdn.microsoft.com/en-us/library/ms537503(v=vs.85).aspx
For example :
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform]
"SOMESTRING"="IEAK"

As a suggestion : a possible implementation could be an Edge option (also available through GPO) that would send some information (eg a custom header) to "Local intranet" websites informing them that IWA is supported.

69 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Olivier Jaquemet shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Olivier Jaquemet commented  ·   ·  Flag as inappropriate

        A kludge and temporary workaround should anybody need this : There is a GPO for Edge which allows intranet site to be redirected to IE11. This way you can still use custom UA detection.

        Of course Edge being the next generation browser, I hope this feature gets accepted so users can benefit from Edge in all circumstances.

      Feedback and Knowledge Base