This is on Windows Server 2019, the web app is a ASP.NET MVC app (.NET FW 4.6)
I'm not sure how to debug this.
- The AppPool runs under a Managed Service Account! (not that it helps using AppPoolIdentity :-| )
- I've enabled/installed Windows and URL Authentication (disabled all else)
- I can access all other urls, but not the API ones when I add the below
- Server and client are in the same domain (MYDOMAIN)
- Getting the same response from any web browser (We have Windows auth working on a ASP.NET Core on another server from the same browser, but that is for the entire site, not just part of it)
- NTLM provider is used, kernel mode and extended protection turned off
The config looks like this:
<location path="API">
<system.web>
<authorization>
<allow users="MYDOMAIN\username" />
<deny users="*" />
<deny users="?" />
</authorization>
</system.web>
</location>
The app has it's own login (forms) but I need to use windows login just to restrict API access:
<authentication mode="Windows">
<forms loginUrl="~/Account/Login" timeout="180" slidingExpiration="true" />
</authentication>
We'd really like to avoid any coding here, just config, if possible.
