0

I am dealing with a third party REST API server which uses Basic Authentication. We don't have control over that server and in case of a 401 chrome pops up a dialog for username and password which is essentially because of the WWW-Authenticate header which is present in the response in case of a 401. We have a reverse proxy setup on Azure through which all the requests are being made to the API server. I am wondering if there is a way we can suppress/remove the WWW-Authenticate header in the reverse proxy IIS webconfig somehow. Or is there any other way to suppress this dialog without the help from the API server itself. The front-end is an Angular application. Thanks in Advance!

Update: We are able to achieve the same in our local dev environment where we are using nginx by just adding proxy_hide_header WWW-Authenticate; to the server.conf file. Does IIS has something similar that can be used to strip that header from the response?

newbie
  • 663
  • 2
  • 6
  • 19
  • Is your angular js application sending HTTP request against to your 3rd party rest api, and which responding 401? – Gary Liu Oct 21 '16 at 06:05
  • @GaryLiu-MSFT yes that is what is happening – newbie Oct 21 '16 at 12:52
  • 1
    Check the answer for suppressing WWW-Authenticate header in IIS at this [link](https://stackoverflow.com/questions/9859627/how-to-prevent-browser-to-invoke-basic-auth-popup-and-handle-401-error-using-jqu) – Rahil Ahmad Feb 01 '18 at 07:48

0 Answers0