By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,446 Members | 3,120 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,446 IT Pros & Developers. It's quick & easy.

Reduce authentication traffic (remove anonymous requests)

P: n/a
Hi all,

We have an ASP.NET 2.0 intranet application on Win2003 server. The
virtual directory is configured to use Windows Intergrated
Authentication only.

Using Fiddler (http://www.fiddlertool.com/fiddler/) we notice that for
each page/image/javascript request IE makes 2 requests. The first one
is using anonymous authentication, and IIS rejects it (HTTP/1.1 401
Unauthorized). The second one uses the integrated authentication, and
the server accepts it and sends the user the data.

I am wondering if there is a way to reduce the "chatter" between the
clients and the server. Can I somehow instruct the IE to try
Intergrated Authentication the first time instead of the Anonymous?
Is there a setting on the server/client?

Thanks,

-Oleg.

Oct 17 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a
no. ntlm is a challenge/response protocol. 2 requests is the optimized mode.
normally its 3.

note: the 401 you see is the server challenge. if you use fiddler to track
first hit, you will an initial 401 without the chanllenge. (look at the
base64 coded data in the header)

-- bruce (sqlwork.com)
<Ol*********@gmail.comwrote in message y its 6
news:11**********************@h48g2000cwc.googlegr oups.com...
Hi all,

We have an ASP.NET 2.0 intranet application on Win2003 server. The
virtual directory is configured to use Windows Intergrated
Authentication only.

Using Fiddler (http://www.fiddlertool.com/fiddler/) we notice that for
each page/image/javascript request IE makes 2 requests. The first one
is using anonymous authentication, and IIS rejects it (HTTP/1.1 401
Unauthorized). The second one uses the integrated authentication, and
the server accepts it and sends the user the data.

I am wondering if there is a way to reduce the "chatter" between the
clients and the server. Can I somehow instruct the IE to try
Intergrated Authentication the first time instead of the Anonymous?
Is there a setting on the server/client?

Thanks,

-Oleg.

Oct 18 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.