FiddlerCore - Modern Authentication Microsoft Outlook

1 Answer 183 Views
FiddlerCore Windows
Luke
Top achievements
Rank 1
Luke asked on 19 May 2021, 11:05 AM

Hi,

Is there a way to handle Modern Authentication with fiddlercore? 

Thanks,

1 Answer, 1 is accepted

Sort by
0
Nick Iliev
Telerik team
answered on 20 May 2021, 01:11 PM

Hello Luke,

 

Could you elaborate more about what you mean by handling? As a MITM proxy, Fiddler could track all authorization flows and can be used to debug potential issues for any authorization functionalities. (that are using HTTP or HTTPS). Modern authentication is not a single set of methods but a different combination of protocols like SAML, OAuth, etc. There are many examples of how to use Fiddler to debug those protocols, for example:

 

https://jackstromberg.com/2016/08/tutorial-using-fiddler-to-debug-saml-tokens-issued-from-adfs/

https://docs.telerik.com/fiddler-everywhere/knowledge-base/basic-authentication-with-fiddler-everywhere

https://stackoverflow.com/questions/23106210/trying-to-get-a-oauth-token-using-fiddler

 

 

 

Regards,
Nick Iliev
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Luke
Top achievements
Rank 1
commented on 16 Jun 2021, 12:08 PM

Hi Nick,

Sorry for the late replay and thanks for responding and the examples. I am specifically working with 0365 applications and fiddlercore, whilst using the default configuration for fiddlercore I cannot sign in to 0365 applications using oauth authentication and I get 401 responses. If I sign in without the fiddlercore application running the application gets a refresh token and uses that successfully when I turn fiddlercore back on, however this expires and fiddlercore app cannot obtain a new token. By the look of those examples it seems possible that you can decrypt the https message and store the valid token received and reuse and replace it in any requests that are sent out?
Nick Iliev
Telerik team
commented on 17 Jun 2021, 12:27 PM

Yes, you should either store the token via your own implementation or bypass the office365 endpoints so that the authentication is not going through the Fiddler proxy.
Tags
FiddlerCore Windows
Asked by
Luke
Top achievements
Rank 1
Answers by
Nick Iliev
Telerik team
Share this question
or