Irregular AD login prompts for SharePoint 2013 after subsequent AJAX calls in Edge

Question

Since some time ago some customers complain that they get login prompts while using our webparts on a SharePoint 2013 web part page. The web application has been configured to use Windows Authentication (on-premise Active Directory).

Our web part consists of an UpdatePanel and a number of Buttons with (server) click events, and a gridview with a SelectedIndexChanged event. The problem happens when __doPostBack is called within the UpdatePanel, but not always.

Sometimes it happens after some time of user inactivity (for instance after 3 minutes), however the problem doesn't occur systematically.

If we get a login prompt while monitoring the Developer Tools Network tab, we see that no network traffic took place nor any console error appeared before the call that initiated the login prompt. When a login prompt appears, and you don't enter the correct credentials or click Cancel, the following message appears in the Dev Toolbar console:

PageRequestManagerServerErrorException

After an unsuccesful or canceled login attempt, in the Network tab HTTP Status code 401 (Unauthorized) is returned for default.aspx, with Initiator ScriptResource.axd?xxxx:

HTTP 401 Unauthorized in Dev Toolbar Network tab

We've checked the request headers of a succesful AJAX call versus an unsuccesful one, but the information we get is mostly the same:

Differences between succesful and unsuccesful AJAX call

Does anybody have an idea what might be going wrong? What are we missing? Any help on this would be greatly appreciated.

Many thanks,

Eddy and Robbert Windex

Update:

Our webpart is implemented as a custom control (ASP.NET Server Control). Its child controls are added during the serverside control lifecycle in a CreateControlHierarchy method.

We further use client scripting to handle some things client-side, like:

• preventing postbacks before the last postback has been completed
• doing the actual postback using __doPostBack (SelectedIndexChanged en Paging Events)

Below is the implementation of the following client-side event handlers:

• Click event of table row

• Click event of pager buttons

     // Client-side Click event of GridView Table Row
  
     function BusinessObjectView_RowClk(sender, target, args, ev, id, single, deselectEnabled) {
         var vars = BusinessObjectView_GetGlobalVars(id);
         var e = ev ? ev : event, obj = e.target || e.srcElement;
         var checkBox = BusinessObjectView_GetCheckBox(obj);
  
         if (single || obj.className != businessObjectView_checkBoxClass) {
  
             // If same row selected -> Deselect this
             if (deselectEnabled && vars.selectedId == checkBox.value) { 
                 var selectedId = $get(id + "_selectedId");
                 selectedId.value = "";
  
                 // Set SelectedIndex to -1
                 args = "Select$-1"; 
  
                 sender.className = "wccGridViewRow";
                 checkBox.checked = false;
                 vars.selectedId = null;
             }
             else
                 // Use BusinessObject ID for unique row identification
                 vars.selectedId = checkBox.value; 
  
             // Don't fire SelectedIndexChanged after click on action button
             if (obj.parentNode.className != "wcc_ActionPanel") {
  
                 // Prevent ParameterCountException on double click
                 if (businessObjectView_loading == null || businessObjectView_loading.style.display == "none") 
  
                     // Trigger SelectedIndexChanged event of GridView
                     __doPostBack(target, args);
  
                 BusinessObjectView_AnimateRow(sender, id);
             }
         }
         businessObjectView_ClickHandled = true;
     }
  
     // Client-side Page event of GridView
  
     function BusinessObjectView_Page(obj, uniqueId) {
         if (!obj.disabled) { // Prevent multiple postbacks (in case the user clicks again before the last postback was completed)
             AnimateElement(obj.id, '');
  
             // Trigger Page event of GridView
             __doPostBack(uniqueId, 'Page$' + (obj.value - 1)); 
  
             obj.disabled = true;
         }
     }
  

This code has been in use for the last 15 years or so without any (major) problems. However, sometime last year our customers started expierencing these random Active Directory logon prompts while using the web part page. They seem to happen during these __doPostBack calls.

When this happens, after you re-enter your correct credentials the postback and subsequent postbacks are completed succesfully. When you cancel the logon prompt a generic PageRequestManagerServerError is thrown. Unfortanately we haven't been able to find what exactly leads to that error.

Any ideas on what might be going wrong?

Thanks,

Eddy