Web Connection User Discussions
Basic Authentication Question / Issue
Gravatar is a globally recognized avatar based on your email address. Basic Authentication Question / Issue
  Michael B
  All
  Apr 1, 2020 @ 08:46am

Rick,

I have some basic JSON API features in my app. I use https://app.apiary.io/ to host the documentation for it. I discovered today that when Basic Authentication is active at my endpoint (IIS), that IIS responds with html. I can 'solve' the problem by turning off Basic Auth. If the same endpoint is visited by anyone else, there is no request for user and pass and no sign that basic auth is necessary.

This feels like a newb kind of question, but I figured you could tell me easily.

ps: I made sure that IUSR has at least read permissions on all files. Maybe we need to setup a paid support call to have you review if you say NO IDEA...

Gravatar is a globally recognized avatar based on your email address. re: Basic Authentication Question / Issue
  Rick Strahl
  Michael B
  Apr 1, 2020 @ 01:38pm

IIS should return a HTTP 401 request for authentication. The output may still be HTML with an error message, but the status code is what you should be looking at.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Basic Authentication Question / Issue
  Michael B
  Rick Strahl
  Apr 1, 2020 @ 05:57pm

I hear you but I am wondering if you understood my situation. A page that is reachable by a regular anonymous web visitor renders a json page right now, no problem. The same url when called from https://app.apiary.io/ returns an html authenication error page to that system. It only does this when I activate Basic Auth on the website. When I activate Basic Auth, it does NOT force that same casual web browser to ask for user and pass, it only returns an error page to the https://app.apiary.io/ site.

That is what seems very strange to me. My reason for giving a s**t about it is because I need Basic Auth for some other pages that I do want to be secured. I guess you will tell me the server that makes the outbound call to my WWWC server must be checking the low level connection and or sending a string that triggers that behavior.

It does it on http as well in case you were curious.

Gravatar is a globally recognized avatar based on your email address. re: Basic Authentication Question / Issue
  Rick Strahl
  Michael B
  Apr 2, 2020 @ 02:18am

When you enable Basic Authentication in IIS you are enabling Basic Authentication against Windows Accounts. This is different from Basic Authentication that you manage yourself in your application selectively.

If you are doing manual Basic Authentication with your own logic then you don't need to enable that functionality in IIS.

If your auth dialog always pops up it likely means you've restricted access to authenticated users on the virtual or folder.

+++ Rick ---

© 1996-2024