Re: Is NTLM Authentication very expensive? (for bandwidth)
From: Harald Ums (Harald.Ums.NOSPAM@t-online.de)
Date: 05/16/02
- Next message: John Kenyon: "Re: URLScan RemoveServerHeader blocking .asf requests"
- Previous message: Crimson Star: "Re: Result Codes"
- In reply to: Rick Dekker: "Is NTLM Authentication very expensive? (for bandwidth)"
- Next in thread: Rick Dekker: "Re: Is NTLM Authentication very expensive? (for bandwidth)"
- Reply: Rick Dekker: "Re: Is NTLM Authentication very expensive? (for bandwidth)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Harald Ums" <Harald.Ums.NOSPAM@t-online.de> Date: Thu, 16 May 2002 23:57:47 +0200
Q264921 states:
- When Internet Explorer has established a connection with the server by
using
an authentication method other than Anonymous, it automatically passes the
credentials for every new request during the duration of the session.
Now that's the theory.
Contrary to popular belief is not everything with HTTP stateless -
especially not when you use NTLM authentication.
NTLM uses a permanant channel. That's why it will not work when http
keep-alive is disabled on the server or you go through a proxy.
Your trace looks as if that tcp connection to your server is established and
then broken down again, established/broken down.
Everytime when this happens you have your additional overhead: you
authenticate again.
I cannot see a similar behaviour in our domain.
Harald Ums
"Rick Dekker" <rick.dekker@bankofbermuda.com> wrote in message
news:3a9001c1fbfb$6c787040$3aef2ecf@TKMSFTNGXA09...
> Hi,
>
> We've got SQL Digital Dashboard 3.0 setup, with anonymous
> access disabled on the site properties and NTFS
> permissions and just using Integrated Authentication
> (NTLM). Our clients are in the same domain as the server.
>
> Due to slow reponse time of DD from our overseas locations
> i ran Network Monitor and noticed that i received a lot
> more data then the actual size of the dashboard.
>
> Running through the IIS Logs I saw that my browser goes to
> the server twice every time, once as anymous and once as
> NTLM. Now i know that this is by design. It always does
> anonymous first. But, why does it cost me about 3827 bytes
> for every request to do the NTLM (challenge/response)
> authentication? ALso shouldn't it cache this
> authentication information? At the bottom of this msg is
> an excerpt from the IIS log, with a single client (IE6)
> who's logged into our production domain and loading up the
> main page of the Digital Dashboard, you can see it always
> tries anonymous first, gets a 401 back and then uses NTLM.
> You can also see that at every first anonymous request the
> server sends 3827 bytes to the client.
>
> Because of this my browser received in total 256Kb more
> data, because there are in total 57 failed anymous HTTP
> GET requests, each sending around 3827 bytes to the
> client. This looks very expensive to me.
>
> Is this by design? Or is there something going wrong here.
>
> Thanks a lot in advace,
>
> Rick Dekker
> Lead Analyst Programmer
> Bank of Bermuda
>
>
> Here's the IIS Log (csv format)
>
> date,time,c-ip,cs-username,s-ip,s-port,cs-method,cs-uri-
> stem,sc-status,sc-bytes,cs-bytes,,,cs(Referer)
- Next message: John Kenyon: "Re: URLScan RemoveServerHeader blocking .asf requests"
- Previous message: Crimson Star: "Re: Result Codes"
- In reply to: Rick Dekker: "Is NTLM Authentication very expensive? (for bandwidth)"
- Next in thread: Rick Dekker: "Re: Is NTLM Authentication very expensive? (for bandwidth)"
- Reply: Rick Dekker: "Re: Is NTLM Authentication very expensive? (for bandwidth)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
