IIS Authorization Rules breaks WP REST-API and results in fail in Site Health

apperently it seems the wordpress rest-api cannot work with restricted authorizations.

when i change the default Allow All Users / this:

to a restricting ad group and remove the All Users (obviously):

which creates this web.config:

system.webServer
    security
        authorization
            remove users=* roles= verbs= /
            add accessType=Allow roles=DOMAIN\Test-Group /
        /authorization
    /security
/system.webServer

all seems fine

at first glance,

but if we go to WP Site Health it reveals this errors:

so it seems the wp REST-Api cannot operate without anonymous / All Users access.

How can i fix this or am i missing something and need to adjust some settings?

thank you

Topic authorization rest-api iis Wordpress

Category Web

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.