We have developed a web application using angularjs and web api. The application is deployed in IIS 8.5. Users are in AD domain, our site is added in local intranet zone and also selected automatic login only in intranet zone option.
We are using web api token based authentication using OWIN in our application. So we disabled all IIS authentication methods other than anonymous authentication. The token will be generated at the server side while login to the application and this token will send back to the client side. We are saving this token in sessionStorage and will attach in the http request header like "Authorization : Bearer auth_token".
But in some times, mostly if we wait more than 1 minute, we could see that "Authorization: Negotiate some_token" is sending in our api calls. So the server will respond with a 401 unauthorized error.
Anybody experinced in same? Thanks in advance
We were able to avoid this issue by applying document.execCommand('ClearAuthenticationCache', false); in our app.js file.
By enabling anonumous authntication at the rool level also solves our issue.