问题
We have an IIS server running a EPICOR ERP system. The ERP system installs IIS application pool, which certain urls are remapped to be handled by the app pool.
Here is what it says about the verification:
For security reasons you should always use https with REST API
REST API supports 2 authentication methods Basic authentication The username and password are combined into a string separated by a colon and encoded using Base64. The result is placed into Authorization header: Authorization: Basic {encoded string} Token authentication The bearer token can be obtained for the user from token service. See https://epicorapp2/ERP10.1Test/TokenResource.svc/help (Token authentication should be enabled). Then access token should be send in the Authorization header in the following form: Authorization: Bearer {token string}
The IIS server itself has anonymous authentication for the top level url (and all others are turned off).
My experience in Chrome when I go to the desired URL:
https://epicorapp2/ERP10.1Test/api/help/
is that one gets a pop-up asking for username/password (where the user/passord is for the ERP system, not for the host IIS system).
But I am unable to duplicate this experience either with Postman or Insomnia (I have tried putting in the username/password in the authorization options for both Postman and Insomnia. I get a 401 authorization error.
Any ideas?
回答1:
Never got postman to work. But Insomnia works fine as soon as I was able to update the self-sign certificate to DigiCert.
来源:https://stackoverflow.com/questions/55957047/iis-app-pool-application-asks-for-password-basic-auth-but-neither-postman-or-i