Add documentation for default credential use (#18412)

tlmii · scottaddie · web-flow · commit 6ea70cf883f4 · 2020-05-20T17:17:30.000-05:00
* Add documentation for default credential use * Edit pass on HTTP REPL default credentials PR (#18413) * react to feedback Co-authored-by: Scott Addie <10702007+scottaddie@users.noreply.github.com>
diff --git a/aspnetcore/web-api/http-repl.md b/aspnetcore/web-api/http-repl.md
@@ -5,7 +5,7 @@ description: Learn how to use the HTTP REPL .NET Core Global Tool to browse and
 monikerRange: '>= aspnetcore-2.1'
 ms.author: scaddie
 ms.custom: mvc
-ms.date: 12/11/2019
+ms.date: 05/20/2020
 no-loc: [Blazor, "Identity", "Let's Encrypt", Razor, SignalR]
 uid: web-api/http-repl
 ---
@@ -809,7 +809,23 @@ To set an HTTP request header, use one of the following approaches:
 
 ## Test secured endpoints
 
-The HTTP REPL supports the testing of secured endpoints through the use of HTTP request headers. Examples of supported authentication and authorization schemes include basic authentication, JWT bearer tokens, and digest authentication. For example, you can send a bearer token to an endpoint with the following command:
+The HTTP REPL supports the testing of secured endpoints in two ways: via the default credentials of the logged in user or through the use of HTTP request headers. 
+
+### Default credentials
+
+Consider a scenario in which the web API you're testing is hosted in IIS and is secured with Windows authentication. You want the credentials of the user running the tool to flow across to the HTTP endpoints being tested. To pass the default credentials of the logged in user:
+
+1. Set the `httpClient.useDefaultCredentials` preference to `true`:
+
+    ```console
+    pref set httpClient.useDefaultCredentials true
+    ```
+
+1. Exit and restart the tool before sending another request to the web API.
+
+### HTTP request headers
+
+Examples of supported authentication and authorization schemes include basic authentication, JWT bearer tokens, and digest authentication. For example, you can send a bearer token to an endpoint with the following command:
 
 ```console
 set header Authorization "bearer <TOKEN VALUE>"
