Hi Max,
after you change the ARR settings try adding these steps
in the inbound rule add this
<set name="RESPONSE_Set_Cookie" value="X-OPENHAB-AUTH-HEADER=1" />
in the server variables add this
<add name="RESPONSE_Set_Cookie" />
In Openhab under your settings and then API security
check advanced and then enable Allow basic authentication and save!
with those settings and the added steps I have mentioned I think you will get the behavior you want.
I have included this full web config as a reference not all is required but I think it gives you a better idea.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<customErrors mode="Off" />
<httpRuntime requestPathInvalidCharacters="<,>,%,&,\,?" />
<authentication mode="Windows" />
</system.web>
<system.webServer>
<rewrite>
<rules>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://win19testserver.openhab2.nolocal:8080/{R:1}" />
<serverVariables>
<set name="HTTP_AUTHORIZATION" value="{AUTH_USER}" replace="false" />
<set name="HTTP_X_FORWARDED_FOR" value="$proxy_add_x_forwarded_for" />
<set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
<set name="Authorization" value="""" />
<set name="RESPONSE_Set_Cookie" value="X-OPENHAB-AUTH-HEADER=1" />
</serverVariables>
</rule>
</rules>
<outboundRules>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1" enabled="true">
<match filterByTags="A, Form, Img" pattern="^http(s)?://win19testserver.openhab2.nolocal:8080/(.*)" />
<action type="Rewrite" value="{HTMLEncode:{HTTP_REFERER}}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1" logicalGrouping="MatchAny">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^application/json" />
</preCondition>
</preConditions>
</outboundRules>
<allowedServerVariables>
<remove name="X_Forwarded-Proto" />
<remove name="X-Forwarded-For" />
<remove name="X-Forwarded-Prefix" />
<remove name="X-Real-IP" />
<remove name="X-Forwarded-Server" />
<remove name="X-Forwarded-Scheme" />
<remove name="X-Forwarded-Host" />
<add name="HTTP_AUTHORIZATION" />
<add name="Authorization" />
<add name="HTTP_X_FORWARDED_HOST" />
<add name="HTTP_X_FORWARDED_SCHEME" />
<add name="HTTP_X_FORWARDED_SERVER" />
<add name="HTTP_X_REAL_IP" />
<add name="HTTP_X_FORWARDED_PREFIX" />
<add name="HTTP_X_FORWARDED_FOR" />
<add name="HTTP_X_FORWARDED_PROTO" />
<add name="HTTP_COOKIE" />
<add name="ORIGINAL_HOST" />
<add name="ORIGINAL_URL" />
<add name="HTTP_X_OPENHAB_AUTH_HEADER" />
<add name="RESPONSE_Set_Cookie" />
</allowedServerVariables>
</rewrite>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Credentials" value="True" />
<add name="Access-Control-Allow-Headers" value="Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range" />
<add name="Access-Control-Allow-Methods" value="GET,POST,OPTIONS,PUT,DELETE,PATCH" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Hope this helps.
oh yea do not forget to disable anonymous and enable basic authentication I also set the app pool for this site to no managed code .
update: missed adding these first 2 server variables in web config they had only been added in GUI… 