Web Api hosted in IIS - 401 Unauthorized error

Question

I wrote Web Api, for intranet environment. Like as other applications, Web Api configured for Windows Authentication. But the error returned is:

HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.0
WWW-Authenticate: NTLM
WWW-Authenticate: Negotiate
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Date: Thu, 13 Mar 2014 22:05:12 GMT
Content-Length: 6171
Proxy-Support: Session-Based-Authentication

how can I fixed this?

I do not know what you think exactly? I have only Windows Authentication enabled for web api application on IIS. What can I do to catch domain user name in web api controler? — hashtag, Mar 14 '14 at 22:16

score 0 · Answer 1 · answered Mar 17 '14 at 22:13

This is what fiddler catch:

No authentication protocol (including anonymous) is selected in IIS.Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication.Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reach the Web server.The Web server is not configured for anonymous access and a required authorization header was not received.The "configuration/system.webServer/authorization" configuration section may be explicitly denying the user access.

score 0 · Answer 2 · edited May 23 '17 at 12:05

I suspect that the application consuming the service may be hosted on the same server and referencing via a fully qualified domain name. In this case, the problem may be caused by the loopback check. In order to test, try referencing the service without using the fully qualified domain name and see if it works. If it does, use the following steps to specify which host names are on the local computer.

Method 1: Specify host names (Preferred method if NTLM authentication is desired) (http://support.microsoft.com/kb/896861)

To specify the host names that are mapped to the loopback address and can connect to Web sites on your computer, follow these steps:

Set the DisableStrictNameChecking registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base: 281308 Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name
Click Start, click Run, type regedit, and then click OK.
In Registry Editor, locate and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
Right-click MSV1_0, point to New, and then click Multi-String Value.
Type BackConnectionHostNames, and then press ENTER.
Right-click BackConnectionHostNames, and then click Modify.
In the Value data box, type the host name or the host names for the sites that are on the local computer, and then click OK.
Quit Registry Editor, and then restart the IISAdmin service.

http://blogs.4ward.it/impersonation-issues-401-error-mvc-and-web-api-4-5/

Similar question - 401 Unauthorized error web api mvc windows authentication

Web Api hosted in IIS - 401 Unauthorized error

2 Answers2