Rick,
I have some basic JSON API features in my app. I use https://app.apiary.io/ to host the documentation for it. I discovered today that when Basic Authentication is active at my endpoint (IIS), that IIS responds with html. I can 'solve' the problem by turning off Basic Auth. If the same endpoint is visited by anyone else, there is no request for user and pass and no sign that basic auth is necessary.
This feels like a newb kind of question, but I figured you could tell me easily.
ps: I made sure that IUSR has at least read permissions on all files. Maybe we need to setup a paid support call to have you review if you say NO IDEA...
IIS should return a HTTP 401
request for authentication. The output may still be HTML with an error message, but the status code is what you should be looking at.
+++ Rick ---
I hear you but I am wondering if you understood my situation. A page that is reachable by a regular anonymous web visitor renders a json page right now, no problem. The same url when called from https://app.apiary.io/ returns an html authenication error page to that system. It only does this when I activate Basic Auth on the website. When I activate Basic Auth, it does NOT force that same casual web browser to ask for user and pass, it only returns an error page to the https://app.apiary.io/ site.
That is what seems very strange to me. My reason for giving a s**t about it is because I need Basic Auth for some other pages that I do want to be secured. I guess you will tell me the server that makes the outbound call to my WWWC server must be checking the low level connection and or sending a string that triggers that behavior.
It does it on http as well in case you were curious.
When you enable Basic Authentication in IIS you are enabling Basic Authentication against Windows Accounts. This is different from Basic Authentication that you manage yourself in your application selectively.
If you are doing manual Basic Authentication with your own logic then you don't need to enable that functionality in IIS.
If your auth dialog always pops up it likely means you've restricted access to authenticated users on the virtual or folder.
+++ Rick ---