Repeated Authentication Prompts with Microsoft Edge

book

Article ID: 169297

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Edge (microsoftedge.exe) manages multiple Microsoft Edge Content Processes (microsoftedgecp.exe) that do the actual work of loading web pages. The content processes do not share proxy credentials that are entered by the user. As a result, when a new content process receives an authentication challenge from its proxy, the browser will prompt for proxy credentials. Users may get repeated credential prompts.


Additionally, any time you type via the Cortana search box, Edge starts the "searchui.exe" process which conducts the search and possibly generates an authentication prompt.
 

Cause

Microsoft Edge enables localhost for the internet app container only. Microsoft also special cased "localhost" as an origin to render in the internet sandbox so that it could access localhost. As a result, Windows Integrated Authentication (IWA) is not supported by the Edge user agent. 

Resolution

To minimize extraneous authentication prompts, use MS edge version 38 or later. Recent versions of Edge seem to maintain a more static set of content processes than earlier versions did. That helps reduce the number of credential prompts, but it doesn’t eliminate all of them.

 

Additional Possible Workaround(s)

  • The extraneous credential prompts have been mostly observed when using the “proxy” authentication mode. So, if possible, IP surrogate ("Proxy-IP" or "Origin-IP-Redirect") with longer surrogate refresh time can be used to minimize the authentication prompts. 
  • Use Use Enterprise Mode to improve compatibility (https://technet.microsoft.com/en-us/itpro/microsoft-edge/emie-to-improve-compatibility)
  • Enable loopback in the intranet app container as described here 

    • Access your localhost machine by using its fully qualified e.g. http://bobsbox.fabricam.com/path/ 

      Note: To avoid any vulnerabilities, Microsoft recommends disabling loopback when you've completed your task. 

  • Use IE as an alternative broswer

    • Configure browser-dependent Windows applications to use IE 11, rather than Edge.