I'm designing a WebAPI service which is going to have to use windows authentication against a client's AD servers. I'm trying to test this locally and am continually getting a 401 error, followed by the server just not allowing the request at all due to invalid credentials. I'm doing my local tests in IIS 8.5 local (installed on a windows 8.1 box). In IIS I have Windows Authentication enabled with the following providers:
- NTLM
- Negotiate
- Negotiate:Kerberos
In addition, I disabled kernel-mode authentication since IIS yells at me when I enable both kernel-mode and negotiate:kerberos. Extended protection is also disabled.
In my config, I have my authorization rules set to allow all users, and authentication mode is set to "none":
<system.web>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
Then in the controllers in the webapi, I'm putting the [Authorize] attribute on all controllers:
[Authorize]
[RoutePrefix("api/Workorder")]
public class WorkorderController : ApiController
{
...
}
Can someone explain why I get the 401 challenge every time I attempt to access the API methods?
Thanks in advance!
EDIT: I changed
<authentication mode="None" /> to Windows, and that didn't help. I also eliminated NTLM from my windows authentication providers since my machine is not on a domain so NTLM wouldn't work.
I also watched the request stream through fiddler and I'm able to see a series of 4 requests, each trying to authenticate using the Negotiate method and there appears to be kerberos tickets being passed back and forth.
