Windows Authentication doesn't work in Microsoft Edge browser for Angular 2 application

Question

In my Angular 2 project the client calls a Web API method, which requires that the user is authorized using the Windows Authentication. This call works fine in Internet Explorer 11, Firefox and Chrome but not in the Microsoft Edge, which doesn't shows the Login dialog, shows "Response with status: 401 Unauthorized for URL" in the console. If I try to open the API Url directly in Edge, it shows the dialog properly, so if I understand it correct, the problem is in Angular 2 call.

Have someome experienced the same problem with Microsoft Edge browser? Is some special header or Web API configuration required to solve the problem?

Angular 2 service:

let headers = new Headers();
let options = new RequestOptions({ headers: headers, withCredentials: true });

return this._http.get(this._productUrl, options)
  .map((response: Response) => <IProduct[]> response.json())
  .do(data => console.log('All: ' +  JSON.stringify(data)))
  .catch(this.handleError);

Web.Config in the WebApi 2 project:

<system.web>
    <authentication mode="Windows" />
    <authorization>
        <deny users="?" />
    </authorization>
 </system.web>

WebApiConfig:

var cors = new EnableCorsAttribute("http://localhost:3000", "*", "*") {SupportsCredentials = true};
config.EnableCors(cors);

Global.asax:

protected void Application_BeginRequest()
{
    if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS")
    {
        Response.Headers.Add("Access-Control-Allow-Origin", "http://localhost:3000");
        Response.Headers.Add("Access-Control-Allow-Headers", "Origin, Content-Type, X-Auth-Token");
        Response.Headers.Add("Access-Control-Allow-Methods", "GET, POST, PATCH, PUT, DELETE, OPTIONS");
        Response.Headers.Add("Access-Control-Allow-Credentials", "true");
        Response.Headers.Add("Access-Control-Max-Age", "1728000");
        Response.End();
    }
}

Answer 1

I know the question is old, but it was never answered, so here is the answer.

It's a "By design" fault from Microsoft Edge.

It won't work on localhost or machinename.

See here for the Issue

https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/4776775/