Intro

Sometimes it happens that accessing Gerrit, Subversion (SVN) or some other services behind Apache or NGINX reverse proxy with basic authentication (even with SSO involved) shows empty/blank page and 401 unauthorized error. Apart from other reasons one of the most frequent reasons why it happens is actually setting in the browser, which prohibits usage of basic authentication. If there are no other authentication options on server available, then server actually delivers empty page or shows 401 (Unauthorized) status code and error message.

Latest version of Edge no longer shows basic authentication login dialog when some server offers that option:

https://answers.microsoft.com/en-us/microsoftedge/forum/all/latest-version-of-edge-no-longer-shows-basic/3601252b-e56b-46c0-a088-0f6084eabe47

Checking basic authentication status in Edge browser

  • Go to edge://policy URL
  • Filter/search by "AuthSchemes"
  • Original could be for example "ntlm,negotiate"
  • Expected value shall contain "basic", for example "basic,ntlm,negotiate"
    • If basic is already present:
      • make sure you closed and re-opened all instances of Edge (or whole computer just to be sure)
      • if issue with 401 unauthorized error message persists even afterwards, issue is most probably lack of permissions/authorization to access related resource as error message suggests
    • If basic is not present, continue with steps in WorkaroundforEdgebrowsertoallowsupportforbasicauthentication

Workaround for Edge browser to allow support for basic authentication

  • on Windows we need to import registry entry
    • Import following Registry Entry (.reg) files into Windows registry:
      EnableBasicAuthenticationInEdgeSettingsRegistry-version-20240308.reg

    • Import it simply by double clicking on reg file in Windows and confirm import.

    • Then close and start Edge browser again and you shall be asked for entering credentials instead of getting 401 response.

    • In some cases it still does not work (shows 401 or blank page), so in order to take changes into account you must:
      • logout+login again
      • OR simply restart Windows
    • At this point you should be already asked for entering credentials instead of getting 401 response
    • Basic authentication for Edge browser shall be now enabled. You can follow CheckingbasicauthenticationstatusinEdgebrowser to verify it.
  • on Linux we need to create managed policy
    • make sure your account is in sudoers or you run those commands under root

    • make sure folder exists:

      sudo ls -lah /etc/opt/edge/policies/managed/
    • If folder does not exist, make sure you are using Edge and find out proper location on your system

    • If folder exists then create policy as in this example, including "z" prefix (or other one suitable for your setup) to make sure our policy is potentially overriding other existing policies by being alphabetically after whatever policy files you have present:

      echo '{"AuthSchemes":"basic,ntlm,negotiate"}' | sudo tee /etc/opt/edge/policies/managed/z-authschemes-policy.json

# Our policy must be in the end of list to have a good chance to override other policy files:
sudo ls -lah /etc/opt/edge/policies/managed/

# Now just checking that it was written properly:
sudo cat /etc/opt/edge/policies/managed/z-authschemes-policy.json
    • Then close and restart Edge browser completely.
    • Basic authentication for Edge browser shall be now enabled. You can follow CheckingbasicauthenticationstatusinEdgebrowser to verify it.


  • No labels