I have an IIS7 machine that is redirecting traffic for a tomcat application on our network. It was working fine until I realized that the webdav module of the application wasn’t authenticating. However, the un-proxy’d URL works just fine, so I figured it had to have something to do with IIS proxying the request.
As it turns out, I was right. A huge amount of digging led me to find that basic authentication can’t be turned on in the website that is proxying requests for other applications that use basic authentication. It seems that IIS gets confused thinking that it should authenticate on the host machine, rather than the machine that it is proxying requests to.
Once I turned off basic authentication on the IIS website, basic authentcation passed without any problems to the application being proxied. Hopefully I never need to use basic authentication on the website that is proxying for these other applications though, or I will be out of luck.