Menu
As far as I understand, OPTIONS request must be processed without authentication. I am hosting my web application in IIS 7.x and 8.x and it is using NTLM and Kerberos authentication (this is an intranet application).
How do I disable authentication for OPTIONS request in IIS in case of Windows authentication?
716
To disable NTLM, use the Group Policy setting Network Security: Restrict NTLM. If necessary, you can create an exception list to allow specific servers to use NTLM authentication.
In the IIS Manager: Expand the computer name, then Sites, then Default Web Site, then click on the name of the desired site. Select Authentication. Set Windows Authentication to Disabled and set Basic Authentication to Enabled.
Navigation to Application Management > Authentication Providers. Choose the web application you wish to configure from the drop-down in the top right corner (this includes the Central Administration web application) Click on 'Default' Set the authentication to Negotiate (Kerberos)
In the Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options section, find and enable the Network Security: Restrict NTLM: Audit NTLM authentication in this domain policy and set its value to Enable all.
Go to handler mappings feature in IIS and edit Authentication handler and remove OPTIONS verb from registering for requests with OPTIONS. Hope that helps
116
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
