I'm creating an application built with React, where API requests will be sent from http://localhost:3000 to a .NET server at https://localhost:5000. This works when windows authentication is disabled, but when windows authentication is enabled using IIS, any request, return 401 unauthorized.
I've done quite a bit of research and found that I can send a GET request fine by sending the axios request with { withCredentials: true }. If I send a POST request, this would still return 401 unauthorized from the server, unless I make the request a "simple-request", by setting the content type to application/x-www-form-urlencoded, according to these specifications: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS.
Is there something I need to have in the web config for these requests to work, when windows authentication is enabled?
An answer to a similar question here, does not help me: Angular 5: Post-request & windows authentication, since having both anonymous and windows authentication enabled, will result in the initial GET request to the server, not being able to get the Active Directory username, using windows authentication, since it seems like the Anonymous Authentication takes precedence.
I can make the POST request with the content type set to application/x-www-form-urlencoded, but this seems like the wrong way to go about it. Is there some way I can set some setting on the server, so that when windows authentication is enabled, the server at https://localhost:5000 will accept any API request from http://localhost:3000 with content type of JSON?