Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
657 views
in Technique[技术] by (71.8m points)

iis - Avoiding 401 response for each request using NTLM

We have here an asp.net 3.5 application using NTLM based windows authentication. The system runs on a private network that actually distributed over different geographic places (connected via VPN).

We are now trying to optimize the website's performance. Because the way NTLM works, every new request to the IIS is composed with 3 different requests while the first 2 is 401 responses. We are trying to minimize the amount of these requests to be only at the beginning of the session. We found this solution. Unfortunately it didn't change anything and we keep getting this 401 response (which consumes time).

In order to see the traffic i first used the Fiddler app. Somehow, when I use Fiddler, there is only 1 authentication process at the beginning of the session (exactly as I wish), but when I close Fiddler and check the traffic via WireShark I can see that I still have this 401 response for each request.

The used clients are IE6, IIS version 6.

Can someone advise?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

NTLM/Negotiate, unlike all other HTTP authentication schemes, are connection-oriented protocols.

In IIS, there are various settings which control whether authentication will be demanded for all requests on a previously authenticated connection (e.g. AuthPersistSingleRequest). Independent of that setting, I believe IIS will automatically demand re-authentication when making a POST request.

If your server is impairing connection reuse (e.g. by sending a Connection: close header in responses) you must fix that because otherwise the reauthentication will occur. You can easily check for such authentication-reuse foiling headers using Fiddler.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...