Hi,
I have activated NTLM authentication on IIS on Windows 2003, and the log
files show that for each request, three or four hits are generated.
Typically, the first and second hit get a 401 (authentication required) and
the third hit is successful (200). While I understand this is normal
behaviour with NTLM (the browser attemps an anonymous connection first) on
the first connection, I don't understand why this is also happening for all
subsequent requests, from the same machine/browser. It looks like the
security context is lost at each request generated by the web browser.
Example:
/default.aspx 401 (no username)
/default.aspx 401 (no username)
/default.aspx 200 Domain\user
/picture.gif 401 (no username)
/picture.gif 401 (no username)
/picture.gif 200 Domain\user
If there is no way to improve this, it means that NTLM generates three times
more hits than an anonymous site, so not too efficient.
Help appreciated!
Thanks,
Tom
6  1558 
every browser request is a new session, so the handshaking is required. if
the pages include images, javascript, etc, and keepalive (http 1.1) is used,
then these will be fetched without the handshake code. after a page is
loaded, the browser closes the session.
-- bruce (sqlwork.com)
"Tom" <To*@nospam.com> wrote in message
news:41***********************@news-text.dial.pipex.com... Hi,
I have activated NTLM authentication on IIS on Windows 2003, and the log
files show that for each request, three or four hits are generated.
Typically, the first and second hit get a 401 (authentication required)
and the third hit is successful (200). While I understand this is normal
behaviour with NTLM (the browser attemps an anonymous connection first) on
the first connection, I don't understand why this is also happening for
all subsequent requests, from the same machine/browser. It looks like the
security context is lost at each request generated by the web browser.
Example:
/default.aspx 401 (no username)
/default.aspx 401 (no username)
/default.aspx 200 Domain\user
/picture.gif 401 (no username)
/picture.gif 401 (no username)
/picture.gif 200 Domain\user
If there is no way to improve this, it means that NTLM generates three
times more hits than an anonymous site, so not too efficient.
Help appreciated!
Thanks,
Tom
Thanks, but I do get the same behaviour for pictures and other files, and
keep alive is enabled on the web server...
"bruce barker" <no***********@safeco.com> wrote in message
news:e8**************@TK2MSFTNGP10.phx.gbl... every browser request is a new session, so the handshaking is required. if
the pages include images, javascript, etc, and keepalive (http 1.1) is
used,
then these will be fetched without the handshake code. after a page is
loaded, the browser closes the session.
-- bruce (sqlwork.com)
"Tom" <To*@nospam.com> wrote in message
news:41***********************@news-text.dial.pipex.com... Hi,
I have activated NTLM authentication on IIS on Windows 2003, and the log
files show that for each request, three or four hits are generated.
Typically, the first and second hit get a 401 (authentication required)
and the third hit is successful (200). While I understand this is normal
behaviour with NTLM (the browser attemps an anonymous connection first)
on
the first connection, I don't understand why this is also happening for
all subsequent requests, from the same machine/browser. It looks like the
security context is lost at each request generated by the web browser.
Example:
/default.aspx 401 (no username)
/default.aspx 401 (no username)
/default.aspx 200 Domain\user
/picture.gif 401 (no username)
/picture.gif 401 (no username)
/picture.gif 200 Domain\user
If there is no way to improve this, it means that NTLM generates three
times more hits than an anonymous site, so not too efficient.
Help appreciated!
Thanks,
Tom
This is not normal...
If keep-alives are in fact being used, then the HTTP connection should be
authenticated, and the browser should continue to send the existing
credentials for subsequent requests. If the browser is *not* sending
credentials for subsequent requests (the "no username" bit), then something
may be running on the client machine that is preventing that. I would check
there first.
Cheers
Ken
I have activated NTLM authentication on IIS on Windows 2003, and the log
files show that for each request, three or four hits are generated.
Typically, the first and second hit get a 401 (authentication required)
and the third hit is successful (200). While I understand this is normal
behaviour with NTLM (the browser attemps an anonymous connection first)
on
the first connection, I don't understand why this is also happening for
all subsequent requests, from the same machine/browser. It looks like the
security context is lost at each request generated by the web browser.
Example:
/default.aspx 401 (no username)
/default.aspx 401 (no username)
/default.aspx 200 Domain\user
/picture.gif 401 (no username)
/picture.gif 401 (no username)
/picture.gif 200 Domain\user
If there is no way to improve this, it means that NTLM generates three
times more hits than an anonymous site, so not too efficient.
Help appreciated!
Thanks,
Tom
Thanks.
The same behavior happens from several computers, running several versions
of IE, so I don't think the issue is client related...
"Ken Schaefer" <ke*******@THISadOpenStatic.com> wrote in message
news:%2***************@TK2MSFTNGP09.phx.gbl... This is not normal...
If keep-alives are in fact being used, then the HTTP connection should be
authenticated, and the browser should continue to send the existing
credentials for subsequent requests. If the browser is *not* sending
credentials for subsequent requests (the "no username" bit), then
something may be running on the client machine that is preventing that. I
would check there first.
Cheers
Ken
I have activated NTLM authentication on IIS on Windows 2003, and the
log
files show that for each request, three or four hits are generated.
Typically, the first and second hit get a 401 (authentication required)
and
the third hit is successful (200). While I understand this is normal
behaviour with NTLM (the browser attemps an anonymous connection first)
on
the first connection, I don't understand why this is also happening for
all
subsequent requests, from the same machine/browser. It looks like the
security context is lost at each request generated by the web browser.
Example:
/default.aspx 401 (no username)
/default.aspx 401 (no username)
/default.aspx 200 Domain\user
/picture.gif 401 (no username)
/picture.gif 401 (no username)
/picture.gif 200 Domain\user
If there is no way to improve this, it means that NTLM generates three
times
more hits than an anonymous site, so not too efficient.
Help appreciated!
Thanks,
Tom
Is there a proxy server between the clients and the server?
Do the client machines have any sort of "internet protection software"
installed on them?
Can you get a network trace of the traffic (eg using Ethereal: www.ethereal.com)?
It is up to the browser to send the user's credentials to the server.
Usually what should happen:
a) the first request to the server is anonymous. Server rejects anonymous
request, sends back acceptable authentication types
b) browser prompts user for credentials, and send those to the server
c) if server find the credentials acceptable, the server sends back the page
d) provided that the server said 200 OK for (c), then the browser will
continue sending the same credentials for each subsequent request to the
server until the server says "not OK"
Cheers
Ken
"Tom" <To*@nospam.com> wrote in message
news:41***********************@news-text.dial.pipex.com... Thanks.
The same behavior happens from several computers, running several versions
of IE, so I don't think the issue is client related...
"Ken Schaefer" <ke*******@THISadOpenStatic.com> wrote in message
news:%2***************@TK2MSFTNGP09.phx.gbl... This is not normal...
If keep-alives are in fact being used, then the HTTP connection should be
authenticated, and the browser should continue to send the existing
credentials for subsequent requests. If the browser is *not* sending
credentials for subsequent requests (the "no username" bit), then
something may be running on the client machine that is preventing that. I
would check there first.
Cheers
Ken
>
> I have activated NTLM authentication on IIS on Windows 2003, and the
> log
> files show that for each request, three or four hits are generated.
>
> Typically, the first and second hit get a 401 (authentication
> required)
and
> the third hit is successful (200). While I understand this is normal
> behaviour with NTLM (the browser attemps an anonymous connection
> first) on
> the first connection, I don't understand why this is also happening
> for
all
> subsequent requests, from the same machine/browser. It looks like the
> security context is lost at each request generated by the web browser.
>
> Example:
>
> /default.aspx 401 (no username)
> /default.aspx 401 (no username)
> /default.aspx 200 Domain\user
> /picture.gif 401 (no username)
> /picture.gif 401 (no username)
> /picture.gif 200 Domain\user
>
>
> If there is no way to improve this, it means that NTLM generates three
times
> more hits than an anonymous site, so not too efficient.
>
> Help appreciated!
>
> Thanks,
> Tom
ken,
There is no proxy server or firewall between the computer and the web
servers.
The machines have a standard version of IE 6.0, with no plug-in or specific
software, apart from the standard Windows XP firewall...
Thanks,
Tom
"Ken Schaefer" <ke*******@THISadOpenStatic.com> wrote in message
news:%2****************@tk2msftngp13.phx.gbl... Is there a proxy server between the clients and the server?
Do the client machines have any sort of "internet protection software"
installed on them?
Can you get a network trace of the traffic (eg using Ethereal:
www.ethereal.com)?
It is up to the browser to send the user's credentials to the server.
Usually what should happen:
a) the first request to the server is anonymous. Server rejects anonymous
request, sends back acceptable authentication types
b) browser prompts user for credentials, and send those to the server
c) if server find the credentials acceptable, the server sends back the
page
d) provided that the server said 200 OK for (c), then the browser will
continue sending the same credentials for each subsequent request to the
server until the server says "not OK"
Cheers
Ken
"Tom" <To*@nospam.com> wrote in message
news:41***********************@news-text.dial.pipex.com... Thanks.
The same behavior happens from several computers, running several
versions of IE, so I don't think the issue is client related...
"Ken Schaefer" <ke*******@THISadOpenStatic.com> wrote in message
news:%2***************@TK2MSFTNGP09.phx.gbl... This is not normal...
If keep-alives are in fact being used, then the HTTP connection should
be authenticated, and the browser should continue to send the existing
credentials for subsequent requests. If the browser is *not* sending
credentials for subsequent requests (the "no username" bit), then
something may be running on the client machine that is preventing that.
I would check there first.
Cheers
Ken
>>
>> I have activated NTLM authentication on IIS on Windows 2003, and the
>> log
>> files show that for each request, three or four hits are generated.
>>
>> Typically, the first and second hit get a 401 (authentication
>> required)
> and
>> the third hit is successful (200). While I understand this is normal
>> behaviour with NTLM (the browser attemps an anonymous connection
>> first) on
>> the first connection, I don't understand why this is also happening
>> for
> all
>> subsequent requests, from the same machine/browser. It looks like the
>> security context is lost at each request generated by the web
>> browser.
>>
>> Example:
>>
>> /default.aspx 401 (no username)
>> /default.aspx 401 (no username)
>> /default.aspx 200 Domain\user
>> /picture.gif 401 (no username)
>> /picture.gif 401 (no username)
>> /picture.gif 200 Domain\user
>>
>>
>> If there is no way to improve this, it means that NTLM generates
>> three
> times
>> more hits than an anonymous site, so not too efficient.
>>
>> Help appreciated!
>>
>> Thanks,
>> Tom
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Nicholas Then |
last post by:
I am writing an application that uses Remoting that is
hosted within IIS. We have an SSL cert enabled on the
server. We are using windows authentication on this
remoting service. Everything...
|
by: Eric |
last post by:
Hallo all, I have to find a bug in an existing software I have taken over
from someone that left our company. It's written in VC++ 7.1 using ATL and
connects to a webservice calling a method there....
|
by: russell.lane |
last post by:
I've established user login identity impersonation and delegation for a
multi-tier web application. I'm running into a case where authentication
fails when a user accesses the app from a browser...
|
by: samir.kuthiala |
last post by:
I do some requests in the background on a page using the XMLHttpRequest
object. My site uses NTLM Authentication. However if the user is not
logged in, it throws up an ugly dialog box. Is there...
|
by: r0main |
last post by:
Hi,
I'm building a .NET C# Windows Forms Application, and I am facing
authentication issues.
The application makes requests to an http web server using the
HttpWebRequest class. But it...
|
by: looping |
last post by:
Hi,
I have to make internet connections through an ISA proxy server that
use NTLM or Kerberos authorization method.
I've found a program in python called ntlmaps that act like a proxy and
could...
|
by: George Vasiliou |
last post by:
Hi to all,
I have made up a small client / server application with WinSock (port 443)
at VB6.
I have install server in my Home, and client is running behind a proxy
server.
Client cannot...
|
by: pycraze |
last post by:
Hi ,
I am working on NTLM (Windows NT Lan Manager )APS
(Authentication Proxy Server ) , to port to C language .
I am using ethereal to monitor the packets sent between client and
server ....
|
by: =?Utf-8?B?TGVuc3Rlcg==?= |
last post by:
A C# (.NET 2) application which uses the System.Net.HttpWebRequest object to
request a resource over HTTPS is failing following the installation of a new
proxy server on our internal network with...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
