I am developing a WebAPI service that will need to use Windows authentication on AD client servers. I try to check this locally and constantly get error 401, and then the server simply does not allow the request at all due to invalid credentials. I am running local tests on local IIS 8.5 (installed in a Windows 8.1 window). IIS includes Windows authentication with the following providers:
- NTLM
- Discuss
- Discuss: Kerberos
In addition, I turned off kernel mode authentication because IIS yells at me when I turn on both kernel modes and negotiate: kerberos. Extended protection is also disabled.
In my configuration, I have my authorization rules set for all users, and the authentication mode is set to "none":
<system.web> <authentication mode="None" /> <compilation debug="true" targetFramework="4.5" /> <httpRuntime targetFramework="4.5" /> </system.web>
Then in the controllers in webapi I put the [Authorize] attribute on all the controllers:
[Authorize] [RoutePrefix("api/Workorder")] public class WorkorderController : ApiController { ... }
Can someone explain why I get a 401 call every time I try to access API methods?
Thanks in advance!
EDIT : I changed
<authentication mode="None" /> on Windows, and that didn't help. I also deleted
NTLM from my Windows authentication providers, as my machine is not in a domain, so NTLM will not work.
I also looked through the request stream through the violinist, and I can see a series of 4 requests, each of which is trying to authenticate using the Negotiate method, and it seems that kerberos tickets are being sent back, etc.
source share