I have web serivces that use HTTP Basic Auth that I'm trying to setup behind an ARR server. The services don't use IIS basic auth they actually decode the "Authorization" header from the request directly and compare against a database. The service work as expected when tested locally.
When going through ARR the reposnse always comes back as 401, because it appears that the "Authorization" header from the client does not get passed through ARR to the back-end web servers. I do not have the Basic authentication module even installed on the backedn servers or the ARR server. Both back-end and ARR servers use IIS8 on Server 2012.
My web.config for the ARR site is:
---
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<serverVariables>
</serverVariables>
<action type="Rewrite" url="{C:1}://myapi.my-site.com-farm/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
---
My WebFarm is setup as follows:
---
<webFarm name="myapi.my-site.com-farm" enabled="true">
<server address="server1.internal-domain.net" enabled="true" />
<applicationRequestRouting>
<protocol httpVersion="PassThrough" keepAlive="true" timeout="00:05:00" reverseRewriteHostInResponseHeaders="true" responseBufferLimit="10240" />
<affinity useCookie="true" />
</applicationRequestRouting>
</webFarm>
---
The ARR and Rewrite works for all unauthenticated request, but the request that require auth don't come through with the header.
What am i doing wrong, does ARR not support passing through Authorization headers?