Re: reducing authentication traffic?
From: BB (Bernard_at_3exp.com)
From: "BB" <Bernard_at_3exp.com> Date: Sun, 16 Mar 2003 12:49:10 +0800
how do you know that it re-auth in each page ?
I would try the network sniffer in David's post
check on the traffic header.
-- Regards, Bernard http://support.microsoft.com/ "DXLuvin" <email@example.com> wrote in message news:e7XdlVk6CHA.2348@TK2MSFTNGP12.phx.gbl... > Ahh but that's the crux of our problem, (and I should've been clearer in my > original post) > > Here's a section from the link you posted: > > > NOTES: > a.. When your browser establishes a connection with a Web site by using > Basic or Windows Integrated authentication, it does not fall back to > Anonymous during the rest of that session with the server. If you try to > connect to a Web page that is marked for Anonymous only after > authenticating, you are denied. (This may or may not hold true for > Netscape). > b.. When Internet Explorer has established a connection with the server by > using an authentication method other than Anonymous, it automatically passes > the credentials for every new request during the duration of the session. > > Now our problem is that each new PAGE request is going through the anonymous > first, then the regular authentication procedure. Yet above, it clearly > states that for the remainder of the SESSION the browser will automatically > send the proper credentials.. > > Sorry...in my original post, I meant to say that it re-does the > authentication each PAGE not each SESSION...(d'oh!) > > thanks for any help, and I appreciate the efforts! > > > > "BB" <Bernard_at_3exp.com> wrote in message > news:uVCn8Ud6CHA.1612@TK2MSFTNGP11.phx.gbl... > > This behaviour is by design I believe, as IIS will take > > it as a new SESSION. you should only check 'basic' > > in this case, so it will first try anonymous then basic. > > > > Refer, How IIS authentication works. > > http://support.microsoft.com/?id=264921 > > > > Rgds. > > > > > > > > "DXLuvin" <firstname.lastname@example.org> wrote in message > > news:OM43tsX6CHA.2404@TK2MSFTNGP09.phx.gbl... > > > Hi, > > > > > > We're running into a weird behaviour that I'm *sure* could be fixed by a > > > registry entry (isn't it always?) but I just want to see > > > if there's another way, or even which registry entry to modify...;) > > > > > > We've been examining the traffic between our corporate intranet server > > (IIS > > > 5.1) and an IE5.5 browser. > > > > > > We have basic authentication and integrated checked on the IIS server, > and > > > read/execute permissions for the Domain User group > > > for NTLM security on the folder we're testing. > > > > > > From my understanding of authentication, the browser first attempts to > > > connect anonymously. The server grabs that, then denies anonymous access > > and > > > sends back some possible authentication "options". blah, blah, blah. I'm > > > sure everyone here already knows the authentication "conversation" off > by > > > heart, so I won't waste everyone's time posting it.. > > > > > > Anyways we were under the impression that once the client authenticated, > > the > > > server would "remember" which authentication "option" the client used, > > etc, > > > thereby minimizing the traffic. > > > > > > What we discovered was that EACH session went through the same procedure > > of > > > the client first trying to connect anonymously, then getting back the > > > "basic" request, creating a hash key, blah blah blah.. > > > > > > Is there a way to minimize this traffic? We're trying to optimize the > site > > > (AMAP) for some clients down in Ecuador who are connecting over a 56k > > > satellite feed...and these messages back and forth are generating quite > a > > > few KB of data.. > > > > > > thanks for any suggestions, I appreciate everything the > > gurus/knowledgeables > > > have to offer! > > > > > > > > > > > >