IIS app pool application asks for password (basic auth) but neither postman or insomnia can respond

Question

We have an IIS server running a EPICOR ERP system. The ERP system installs IIS application pool, which certain urls are remapped to be handled by the app pool.

Here is what it says about the verification:

For security reasons you should always use https with REST API

REST API supports 2 authentication methods Basic authentication The username and password are combined into a string separated by a colon and encoded using Base64. The result is placed into Authorization header: Authorization: Basic {encoded string} Token authentication The bearer token can be obtained for the user from token service. See https://epicorapp2/ERP10.1Test/TokenResource.svc/help (Token authentication should be enabled). Then access token should be send in the Authorization header in the following form: Authorization: Bearer {token string}

The IIS server itself has anonymous authentication for the top level url (and all others are turned off).

My experience in Chrome when I go to the desired URL:

https://epicorapp2/ERP10.1Test/api/help/

is that one gets a pop-up asking for username/password (where the user/passord is for the ERP system, not for the host IIS system).

But I am unable to duplicate this experience either with Postman or Insomnia (I have tried putting in the username/password in the authorization options for both Postman and Insomnia. I get a 401 authorization error.

Any ideas?

Answer 1

Never got postman to work. But Insomnia works fine as soon as I was able to update the self-sign certificate to DigiCert.