- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 10-24-2018 06:10 AM
Recommended tags: security, authentication, windows, login, popup, developer, Edge, Microsoft, Internet Explorer, Windows 10, user name, password, login behavior
This is just a quick note to the community: I prefer using Microsoft Edge for the security enhancements, but the past few days (since release of the October update for Windows 10) I've noticed a trend where the login screen for the developer.servicenow.com web site is prompting some anomalous behavior in the browser, specifically after typing my credentials and pressing the enter key, a dialog box labeled "Windows Security" pops up, with the user name and password fields and the following descriptive text:
"The server developer.servicenow.com is asking for your user name and password. The server reports that it is from Service-now."
This dialog box is generated from Windows, not within the browser (not part of the html, this is outside the sandbox). It had persistently intervened with my attempts to login, repeatedly popping up and not allowing my credentials to pass through the tunnel to the server. While I am glad to see the enhanced security efforts (this is why I like Edge), I recognized this morning that the developer.servicenow.com web site was never receiving my credentials. I am not sure if this complies with open standards regarding the behavior of https, I have to learn more.
In the meantime, here is what resolved the anomaly:
1) click or tap the Microsoft Edge settings icon (three horizontal dots in the upper right corner of the window),
2) click or tap the settings menu choice,
3) scroll down, click or tap the button labeled "View advanced settings",
4) click or tap the slider to ensure "Save passwords" is set to Off,
5) scroll down further, click or tap the slider to ensure "Have Cortana assist me in Microsoft Edge" is set to Off,
6) you may now click or tap the three horizontal dots to close the settings menu.
Now, when I type my credentials into the developer.servicenow.com login page, they are not captured, blocked, or intercepted by Windows but instead pass directly through the browser's secure tunnel to the server for authentication for the session, just as I desire. I am not sure if anyone else has seen this behavior but this message serves to document my experience for others in case the behavior continues. Internet standards like html and https are intended to provide a governance framework to enhance interoperability, but sadly as bad actors continue to educate themselves in technology (yet still deny their own values in pursuit of greed), the vendors like Microsoft will have to continue with their intention of providing customers with a safe computing environment and I applaud the efforts. In this case, some tweaking of the developer.servicenow.com website or the Windows client had to occur to sustain interoperability, and today I chose to tweak the desktop client since it is under my domain of control. I may open a ticket with Microsoft as a courtesy, since I want to restore any client security enhancements they provide (or may provide in the future).
I wish you well.
Denwood Fairley Woody
- 1,247 Views
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
I noticed sometimes the popup returns when trying to re-authenticate a session. I speculate it is due to the cached settings for the other Edge Windows and Tabs, and the behavior is repeated less often over time (I had about a hundred Edge tabs and windows at the time, and still do). I encourage regular and frequent updates, and a system reboot at least weekly.
Please note this is for my personally owned laptop, not GFE, but the results should be similar for properly configured GFE.
I wish you well.
Denwood Fairley Woody
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Interesting news on this topic, Microsoft is adopting the chromium "Blink" rendering engine, replacing the "EdgeHTML" engine that is tightly integrated with Windows. This problem will eventually go away, but in the meantime, just click or tap the cancel button if you continue to receive the Windows Security prompts when logging into the developer.servicenow.com site, it will finally give up and you will be able to login.
Denwood Fairley Woody
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
For any colleagues who are curious: "Microsoft Edge Dev Build 76.0.167.1" is the version based on Chrome, and I've been testing it on a personal computer with great results, none of the anomalies reported above.
I am not sure of the full release date, but I am pleased to see the progress.
Kind Regards,
Woody
