I have an Express API running on IIS with iisnode. I have only Windows Authentication enabled and can send GET requests.
POST requests however return "401 Unauthorized: Access is denied due to invalid credentials."
I include credentials in the React fetch request:
await fetch("https://website", {
method: "POST",
credentials: "include",
headers: etc..)
and in my Express code:
app.use(cors({ origin: "https://website", credentials: true }))
I have the CORS module installed and in my web.config I have:
<cors enabled="true">
<add origin="https://website" allowCredentials="true">
<allowHeaders allowAllRequestedHeaders="true" />
</add>
</cors>
I also have in my web.config:
<system.web>
<authentication mode="Windows"/>
<authorization>
<add accessType="Allow" verbs="GET, OPTIONS, POST, PUT" users="*"/>
<allow roles="*" users="*" />
<deny users=?" />
</authorization>
</system.web>
I have tried removing "WebDAV" but that did not work. I also have set "ExtensionlessUrlHandler-Integrated-4.0" to allow all verbs. My web.config contains all the necessary code to make iisnode work, which I have not included in the post. I also tried adding a "allowMethods" tag inside the CORS tag but that did not work.
Any ideas on why my GET and OPTIONS requests validate correctly, but my POST requests get blocked? A solution should not include enabling "Anonymous authentication" because that is not an option.
I resolved the issue by removing the <add accessType="Allow" verbs="GET, OPTIONS, POST, PUT" users="*" /> line from within authorization.