I am trying to get an application working thats written in .net - targetted at 4.5.2 that uses a webapi to call a .js form
The api works fine in Server 2012r2 IIS 8.5 but refuses to work in Server 2016 IIS - throwing a flat 401 unauthorized error.
The website application is under https and SSL cert, the main application works fine, just the API that fails.
The API requires authorization, inherited from system.web.http.authorizeattribute
The authorization is passed through via an encrypted string as a token into the HTTP header.
The site is configured the same in IIS on both 2012 and 2016 servers. Direcotry permissions etc are both the same. App is using app pool identity and that app pool has read permissions over the web root dir.
.net 4.7 is installed on both servers.
Both servers have TLS 1.0,1.1 and 1.2 enabled at this point (want to disable 1.0 once we get the api working on 2016 mind)
If i remove https from site and turn it to http then the api calls the form fine.
If i run fiddler and call the api then the form is called fine as fiddler intercepts https traffic using SSLv3.0 and TLS 1.0
If on https i disable TLS 1.1 and 1.2 in my laptops browser and then call the api from the application the form is called displayed fine.
Im at a complete a dead end now.
PS - im not a dev but a server admin so coding knowledge is zero! All's i know is it works fine on everything but Server 2016 and IIS 10.
Anybody any idea's on where i can go from here please?
Many Thanks in advance
