Re: Is NTLM Authentication very expensive? (for bandwidth)
From: Rick Dekker (rick.dekker@bankofbermuda.com)
Date: 05/16/02
- Next message: Alex: "application that read a protect access file"
- Previous message: Mark Palmer: "Account and folder replication with NLB"
- In reply to: x y: "Re: Is NTLM Authentication very expensive? (for bandwidth)"
- Next in thread: x y: "Re: Is NTLM Authentication very expensive? (for bandwidth)"
- Reply: x y: "Re: Is NTLM Authentication very expensive? (for bandwidth)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Rick Dekker" <rick.dekker@bankofbermuda.com> Date: Thu, 16 May 2002 03:32:49 -0700
Hi,
thanks, but some 3827 bytes extra for every HTTP GET
request cause it has to do the challenge response, that's
a lot of overhead.
rgds,
Rick
>-----Original Message-----
>"Rick Dekker" <rick.dekker@bankofbermuda.com> wrote in
message
>news:3a9001c1fbfb$6c787040$3aef2ecf@TKMSFTNGXA09...
>> Hi,
>>
>> We've got SQL Digital Dashboard 3.0 setup, with
anonymous
>> access disabled on the site properties and NTFS
>> permissions and just using Integrated Authentication
>> (NTLM). Our clients are in the same domain as the
server.
>>
>> Due to slow reponse time of DD from our overseas
locations
>> i ran Network Monitor and noticed that i received a lot
>> more data then the actual size of the dashboard.
>>
>> Running through the IIS Logs I saw that my browser goes
to
>> the server twice every time, once as anymous and once as
>> NTLM. Now i know that this is by design. It always does
>> anonymous first. But, why does it cost me about 3827
bytes
>> for every request to do the NTLM (challenge/response)
>> authentication? ALso shouldn't it cache this
>> authentication information? At the bottom of this msg is
>> an excerpt from the IIS log, with a single client (IE6)
>> who's logged into our production domain and loading up
the
>> main page of the Digital Dashboard, you can see it
always
>> tries anonymous first, gets a 401 back and then uses
NTLM.
>> You can also see that at every first anonymous request
the
>> server sends 3827 bytes to the client.
>>
>> Because of this my browser received in total 256Kb more
>> data, because there are in total 57 failed anymous HTTP
>> GET requests, each sending around 3827 bytes to the
>> client. This looks very expensive to me.
>>
>> Is this by design? Or is there something going wrong
here.
>
>I think this is working as expected. Since http is
stateless and is
>reauthenticated with each new page request, I would be
surprised if the web
>browser caches the anonymous authentication failure. To
test it or to
>improve performance, you could set up a new virtual
folder or site for the
>remote WAN sites that points to the same directories and
files but where
>either anonymous access is disabled, or integrated
authentication is
>disabled. If performance is still slow with only
integrated authentication
>enabled, then maybe you need a local domain
controller/global catalog or
>caching DNS server to improve windows authentication
performance. I'm not
>really sure why it would ever make sense to enable both
anonymous and
>windows integrated authentication, since it gives no
security and less than
>comprehensive logging of user browsing.
>
>
>
>
>.
>
- Next message: Alex: "application that read a protect access file"
- Previous message: Mark Palmer: "Account and folder replication with NLB"
- In reply to: x y: "Re: Is NTLM Authentication very expensive? (for bandwidth)"
- Next in thread: x y: "Re: Is NTLM Authentication very expensive? (for bandwidth)"
- Reply: x y: "Re: Is NTLM Authentication very expensive? (for bandwidth)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
