I have a WebAPI, which is a part of a bigger WebForms app, deployed on IIS 10 under the https://domain/SimpleApp.
I have noticed that when calling an API endpoint using https://domain/simpleapp/api/endpoint I'm getting redirected (status code 302) to https://domain/SimpleApp/api/endpoint.
I didn't set any url-rewrite rules.
It is causing some errors when consuming the API on iOS app - some endpoints are secured, and when redirecting, the "Authorization" header is dropped (default behavior on Apple platform). For the record: the redirect occurs for both, secured and non-secured endpoints.
Is it some default IIS configuration? Can it be changed, so it will not redirect the request (or is it easier to handle this issue on the iOS app)?
Ok, I've found what was the issue. It is nicely described in this post: Beware WIF Session Authentication Module (SAM) redirects and WebAPI services in the same application