I'm fairly new to .Net Core/Blazor and have a Blazor .Net 8 web application (server and client applications). This is an internal application so we are using Windows authentication. The server application is also the application that serves web api requests. There are pages that I have set up to be InteractiveWebAssembly with prerendering. In the client app I have set up a service that performs GETs successfully, but a Windows login dialog is popping up when I do a POST. This only happens when the application is published to the web server (IIS). Everything works as it should when running on my PC in development running in Kestrel. The server website is set up as Windows authentication on/all others off.
Server Program.cs
... builder.Services.AddAuthentication(NegotiateDefaults.AuthenticationScheme).AddNegotiate(); builder.Services.AddAuthorization(options => { options.FallbackPolicy = options.DefaultPolicy; });...app.UseHsts();app.UseHttpsRedirection();app.UseAuthentication();app.UseAuthorization();app.UseAntiforgery();...Client Program.cs
...var apiName = "ServerAPI";builder.Services.AddHttpClient(apiName, client =>{ client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress +"api/"); client.DefaultRequestHeaders.Add("Accept", "application/json");});...POST call from client service
public async Task<int> SaveRequest(RequestInfoModel model){ using var response = await httpClient.PostAsJsonAsync("Request/saverequest", model); return JsonConvert.DeserializeObject<int>(resp);}Server api controller
[HttpPost("saverequest")]public async Task<ActionResult<int>> SaveRequest([FromBody] RequestInfoModel model){ if (model == null) return BadRequest(); if (model.RequestID == null) return await CreateRequest(model); else return await UpdateRequest(model);}I've tried adding [Authorize] to the api controller thinking maybe that would tell the client to send some extra bits in the request header. I've also tried adding [AllowAnonymous] separately from [Authorize]. Both resulted in the same behavior described above. In my development I've had neither in the controller. It may also be worth noting that I can perform POSTs from within the generated swagger UI just fine. There seems to be something amiss specifically with the client app calling the web api. Any ideas are greatly appreciated!