WebView2 Not Respecting Windows Account (allowSingleSignOnUsingOSPrimaryAccount)

Question

I have a .NET 5.0 WinForms app that uses WebView2 with the evergreen runtime. I create my own environment with allowSingleSIgnOnUsingOSPrimaryAccount set to true (see snippet below). This results in the user opening up the app viewing our AzureAD fronted web app and authenticating against our app reg without the need to type in a user/pass or go through MFA.

  var _cacheFolderPath = Path.Combine(Application.UserAppDataPath, "Myappname.exe.WebView2"); 
  CoreWebView2EnvironmentOptions webViewEnvironmentOptions = new CoreWebView2EnvironmentOptions(allowSingleSignOnUsingOSPrimaryAccount: _config.UseWindowsAuth);
  var webView2Environment = CoreWebView2Environment.CreateAsync(browserExecutableFolder: null, userDataFolder: _cacheFolderPath, options: webViewEnvironmentOptions).Result;
         
  webView.EnsureCoreWebView2Async(webView2Environment);

On most machines, this works as expected, but there are a few machines where users are prompted for password. So a user that seamlessly logs in to our web app when logged into Windows on their primary machine may go to one of these particular machines and get prompted for an email/pass and MFA. I'm not seeing errors, event logs, etc....it just seems as though setting this value to true in code is simply being ignored or overridden.

I've tried to look for documentation related to Group Policy settings possibly being the cause, but there is not a lot I found regarding this for WebView2. Is there anything that is/can be set explicitly through GP, or some other mechanism that may be having some effect WebView2's behavior regarding allowSingleSignOnUsingOSPrimaryAccount?

Answer 1

Maybe try to go with something like this:

      var options = new CoreWebView2EnvironmentOptions
      {
        AllowSingleSignOnUsingOSPrimaryAccount = true,
        AdditionalBrowserArguments = "--auth-server-whitelist=_"
      };
    
      var userdatafolder = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), "Incognito", new Random().Next().ToString());

      var environment = await CoreWebView2Environment.CreateAsync(null, userdatafolder, options: options);

      Debug.WriteLine("InitializeAsync");
      await WebView21.EnsureCoreWebView2Async(environment);
      Debug.WriteLine($"WebView2 Runtime version: {WebView21.CoreWebView2.Environment.BrowserVersionString}");