-1

I have IIS 8.5.9600.16384 running on Windows Server 2012R2 and a website configured as application with separate application pool. In IIS Authentication only "Anonymous Authentication" is enabled. To perform authentication, my site uses it's own login prompt and calls a .net core backend with basic schema, something like POST /mycorebackend/login with http header Authorization: Portal base64encoded_username_and_password_here

Everything works just fine if authentication is successful and backend responds with HTTP OK. But if backend returns 401 Unauthorized I've got pop-up from IIS asking me to provide credentials, like I'm trying to access a folder with some content, but I'm not. I just need to get my 401 error and continue my js execution without any prompts.

Can anyone help or at least give a me hint where to search for? I think this may be related to IIS-kestrel integration or so... For some reason IIS tries other schemes or so...

Thank you

Pavel Maltsev
  • 59
  • 1
  • 8
  • 1
    That's the typical misunderstanding. IIS never "prompts for credentials". The prompt is purely a browser side behavior whenever HTTP 401 response is received (the so-called challenged based authentication). So, no matter what is the actual cause of that 401 error (access denied, no user credentials, or others), you see the prompt if the browser decides to. Thus, revise your backend to use another error code other than 401 please. – Lex Li Dec 24 '22 at 00:38
  • No need to prompt them for username or password when you use anonymous authentication, and what code is in your backend? What do they do? – samwu Dec 26 '22 at 02:41

1 Answers1

0

enter image description here

I think you are looking for these settings. that should resolve it

ramuhuyu
  • 31
  • 1
  • 3