Hello,

We recently created a Laserfiche SDK application (.NET Web API) that uses Windows Authentication and AD groups memberships to validate user permissions.

Everything has been working as expected for the most part, however, we encountered an unusual issue when attempting to configure the API as a web service in Workflow.

When workflow is configured to use "Default Authentication" the authentication fails and Workflow receives a "403: Forbidden" error.

However, if instead of using Default Authentication I select "Use the following credentials" and provide the same account (domain\username) and password used for the Workflow service, everything works as expected.

Our application includes an activity log and I can see it receives the correct username in both configurations, but for some reason it fails to validate the group memberships when using Default Authentication.

Is there something different about how authentication headers or user identity objects are handled with Default Authentication compared to manually designating credentials?