This is on Windows Server 2019, the web app is a ASP.NET MVC app (.NET FW 4.6)
I’m not sure how to debug this.
- The AppPool runs under a Managed Service Account! (not that it helps using AppPoolIdentity 😐 )
- I’ve enabled/installed Windows and URL Authentication (disabled all else)
- I can access all other urls, but not the API ones when I add the below
- Server and client are in the same domain (MYDOMAIN)
- Getting the same response from any web browser (We have Windows auth working on a ASP.NET Core on another server from the same browser, but that is for the entire site, not just part of it)
- NTLM provider is used, kernel mode and extended protection turned off
The config looks like this:
<location path="API"> <system.web> <authorization> <allow users="MYDOMAINusername" /> <deny users="*" /> <deny users="?" /> </authorization> </system.web> </location>
The app has it’s own login (forms) but I need to use windows login just to restrict API access:
<authentication mode="Windows"> <forms loginUrl="~/Account/Login" timeout="180" slidingExpiration="true" /> </authentication>
We’d really like to avoid any coding here, just config, if possible.