So I have developed a small application to take my home power meter info and puts it into PI using the web api. For ease of development (I am not a developer and did not want to deal yet with security), I had added anonymous (and basic while I was at it) authentication to the web api so the configuration https://localhost/piwebapi/system/configuration looked something like this:
I got my program up and running and decided to install Coresight at this point to build a display to monitor my power consumption. I was not able to search in Coresight. My first issue was that Coresight 2014 must be installed in a domain in order for searching to work (I guess it requires Kerberos authentication to the web api for af searching). It would have been nice to know this first (huge warning on the install program might be nice - or maybe don't even let me install without acknowledging this), but it was easy enough to switch from workgroup to domain on my vm. Ok - so now searching af or tags still would not work! So now everything looks right - the index crawler was running (https://localhost/piwebapi/admin/search/database.html) - I've switched to a domain (and reinstalled where necessary under a domain account that had the right groups/privileges) - what else is there? I realized at some point the only other change I had made to the configuration of the system was the web api authentication. This did not make sense - as I hadn't disabled Kerberos web api authentication, but I went ahead and I removed anonymous from the web api authentication to look like this:
So I discovered that Coresight 2014 requires that you remove anonymous authentication from the web api if you happen to have added it in.
So I am posting this for 2 reasons. First is to share my experience in case someone else is having this problem.
The second is to ask the question - why does Coresight 2014 require that anonymous be removed? I realize it requires Kerberos - but it also seems to be checking first to see if anonymous is enabled.
As for me - I am more curious then anything at this point - I just want to understand more around this design (I assume it is by design). But in the scheme of things, it doesn't matter - I already changed my web api program to use authentication (a best practice anyway - it wasn't the best idea to have anonymous authentication to the web api, especially since disablewrites=false was set allowing full read/write access to any anonymous user).