Re: reducing authentication traffic?

From: BB (Bernard_at_3exp.com)
Date: 03/16/03


From: "BB" <Bernard_at_3exp.com>
Date: Sun, 16 Mar 2003 12:49:10 +0800


how do you know that it re-auth in each page ?
I would try the network sniffer in David's post
check on the traffic header.

-- 
Regards,
Bernard
http://support.microsoft.com/
"DXLuvin" <dxluvin@hotmail.com> wrote in message
news:e7XdlVk6CHA.2348@TK2MSFTNGP12.phx.gbl...
> Ahh but that's the crux of our problem, (and I should've been clearer in
my
> original post)
>
> Here's a section from the link you posted:
>
>
> NOTES:
>   a.. When your browser establishes a connection with a Web site by using
> Basic or Windows Integrated authentication, it does not fall back to
> Anonymous during the rest of that session with the server. If you try to
> connect to a Web page that is marked for Anonymous only after
> authenticating, you are denied. (This may or may not hold true for
> Netscape).
>   b.. When Internet Explorer has established a connection with the server
by
> using an authentication method other than Anonymous, it automatically
passes
> the credentials for every new request during the duration of the session.
>
> Now our problem is that each new PAGE request is going through the
anonymous
> first, then the regular authentication procedure. Yet above, it clearly
> states that for the remainder of the SESSION the browser will
automatically
> send the proper credentials..
>
> Sorry...in my original post, I meant to say that it re-does the
> authentication each PAGE not each SESSION...(d'oh!)
>
> thanks for any help, and I appreciate the efforts!
>
>
>
> "BB" <Bernard_at_3exp.com> wrote in message
> news:uVCn8Ud6CHA.1612@TK2MSFTNGP11.phx.gbl...
> > This behaviour is by design I believe, as IIS will take
> > it as a new SESSION. you should only check 'basic'
> > in this case, so it will first try anonymous then basic.
> >
> > Refer, How IIS authentication works.
> > http://support.microsoft.com/?id=264921
> >
> > Rgds.
> >
> >
> >
> > "DXLuvin" <dxluvin@hotmail.com> wrote in message
> > news:OM43tsX6CHA.2404@TK2MSFTNGP09.phx.gbl...
> > > Hi,
> > >
> > > We're running into a weird behaviour that I'm *sure* could be fixed by
a
> > > registry entry (isn't it always?) but I just want to see
> > > if there's another way, or even which registry entry to modify...;)
> > >
> > > We've been examining the traffic between our corporate intranet server
> > (IIS
> > > 5.1) and an IE5.5 browser.
> > >
> > > We have basic authentication and integrated checked on the IIS server,
> and
> > > read/execute permissions for the Domain User group
> > > for NTLM security on the folder we're testing.
> > >
> > > From my understanding of authentication, the browser first attempts to
> > > connect anonymously. The server grabs that, then denies anonymous
access
> > and
> > > sends back some possible authentication "options". blah, blah, blah.
I'm
> > > sure everyone here already knows the authentication "conversation" off
> by
> > > heart, so I won't waste everyone's time posting it..
> > >
> > > Anyways we were under the impression that once the client
authenticated,
> > the
> > > server would "remember" which authentication "option" the client used,
> > etc,
> > > thereby minimizing the traffic.
> > >
> > > What we discovered was that EACH session went through the same
procedure
> > of
> > > the client first trying to connect anonymously, then getting back the
> > > "basic" request, creating a hash key, blah blah blah..
> > >
> > > Is there a way to minimize this traffic? We're trying to optimize the
> site
> > > (AMAP) for some clients down in Ecuador who are connecting over a 56k
> > > satellite feed...and these messages back and forth are generating
quite
> a
> > > few KB of data..
> > >
> > > thanks for any suggestions, I appreciate everything the
> > gurus/knowledgeables
> > > have to offer!
> > >
> > >
> >
> >
>
>