Re: Is NTLM Authentication very expensive? (for bandwidth)
From: x y (jamescagney90210@excite.com)
Date: 05/15/02
- Next message: x y: "Re: Setting Up SSL on IIS"
- Previous message: Rick Dekker: "Is NTLM Authentication very expensive? (for bandwidth)"
- In reply to: Rick Dekker: "Is NTLM Authentication very expensive? (for bandwidth)"
- Next in thread: Rick Dekker: "Re: Is NTLM Authentication very expensive? (for bandwidth)"
- Reply: Rick Dekker: "Re: Is NTLM Authentication very expensive? (for bandwidth)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "x y" <jamescagney90210@excite.com> Date: Wed, 15 May 2002 07:03:28 -0400
"Rick Dekker" <rick.dekker@bankofbermuda.com> wrote in message
news:3a9001c1fbfb$6c787040$3aef2ecf@TKMSFTNGXA09...
> Hi,
>
> We've got SQL Digital Dashboard 3.0 setup, with anonymous
> access disabled on the site properties and NTFS
> permissions and just using Integrated Authentication
> (NTLM). Our clients are in the same domain as the server.
>
> Due to slow reponse time of DD from our overseas locations
> i ran Network Monitor and noticed that i received a lot
> more data then the actual size of the dashboard.
>
> Running through the IIS Logs I saw that my browser goes to
> the server twice every time, once as anymous and once as
> NTLM. Now i know that this is by design. It always does
> anonymous first. But, why does it cost me about 3827 bytes
> for every request to do the NTLM (challenge/response)
> authentication? ALso shouldn't it cache this
> authentication information? At the bottom of this msg is
> an excerpt from the IIS log, with a single client (IE6)
> who's logged into our production domain and loading up the
> main page of the Digital Dashboard, you can see it always
> tries anonymous first, gets a 401 back and then uses NTLM.
> You can also see that at every first anonymous request the
> server sends 3827 bytes to the client.
>
> Because of this my browser received in total 256Kb more
> data, because there are in total 57 failed anymous HTTP
> GET requests, each sending around 3827 bytes to the
> client. This looks very expensive to me.
>
> Is this by design? Or is there something going wrong here.
I think this is working as expected. Since http is stateless and is
reauthenticated with each new page request, I would be surprised if the web
browser caches the anonymous authentication failure. To test it or to
improve performance, you could set up a new virtual folder or site for the
remote WAN sites that points to the same directories and files but where
either anonymous access is disabled, or integrated authentication is
disabled. If performance is still slow with only integrated authentication
enabled, then maybe you need a local domain controller/global catalog or
caching DNS server to improve windows authentication performance. I'm not
really sure why it would ever make sense to enable both anonymous and
windows integrated authentication, since it gives no security and less than
comprehensive logging of user browsing.
- Next message: x y: "Re: Setting Up SSL on IIS"
- Previous message: Rick Dekker: "Is NTLM Authentication very expensive? (for bandwidth)"
- In reply to: Rick Dekker: "Is NTLM Authentication very expensive? (for bandwidth)"
- Next in thread: Rick Dekker: "Re: Is NTLM Authentication very expensive? (for bandwidth)"
- Reply: Rick Dekker: "Re: Is NTLM Authentication very expensive? (for bandwidth)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
