Re: reducing authentication traffic?

From: BB (Bernard_at_3exp.com)
Date: 03/16/03


From: "BB" <Bernard_at_3exp.com>
Date: Sun, 16 Mar 2003 12:49:10 +0800


how do you know that it re-auth in each page ?
I would try the network sniffer in David's post
check on the traffic header.

-- 
Regards,
Bernard
http://support.microsoft.com/
"DXLuvin" <dxluvin@hotmail.com> wrote in message
news:e7XdlVk6CHA.2348@TK2MSFTNGP12.phx.gbl...
> Ahh but that's the crux of our problem, (and I should've been clearer in
my
> original post)
>
> Here's a section from the link you posted:
>
>
> NOTES:
>   a.. When your browser establishes a connection with a Web site by using
> Basic or Windows Integrated authentication, it does not fall back to
> Anonymous during the rest of that session with the server. If you try to
> connect to a Web page that is marked for Anonymous only after
> authenticating, you are denied. (This may or may not hold true for
> Netscape).
>   b.. When Internet Explorer has established a connection with the server
by
> using an authentication method other than Anonymous, it automatically
passes
> the credentials for every new request during the duration of the session.
>
> Now our problem is that each new PAGE request is going through the
anonymous
> first, then the regular authentication procedure. Yet above, it clearly
> states that for the remainder of the SESSION the browser will
automatically
> send the proper credentials..
>
> Sorry...in my original post, I meant to say that it re-does the
> authentication each PAGE not each SESSION...(d'oh!)
>
> thanks for any help, and I appreciate the efforts!
>
>
>
> "BB" <Bernard_at_3exp.com> wrote in message
> news:uVCn8Ud6CHA.1612@TK2MSFTNGP11.phx.gbl...
> > This behaviour is by design I believe, as IIS will take
> > it as a new SESSION. you should only check 'basic'
> > in this case, so it will first try anonymous then basic.
> >
> > Refer, How IIS authentication works.
> > http://support.microsoft.com/?id=264921
> >
> > Rgds.
> >
> >
> >
> > "DXLuvin" <dxluvin@hotmail.com> wrote in message
> > news:OM43tsX6CHA.2404@TK2MSFTNGP09.phx.gbl...
> > > Hi,
> > >
> > > We're running into a weird behaviour that I'm *sure* could be fixed by
a
> > > registry entry (isn't it always?) but I just want to see
> > > if there's another way, or even which registry entry to modify...;)
> > >
> > > We've been examining the traffic between our corporate intranet server
> > (IIS
> > > 5.1) and an IE5.5 browser.
> > >
> > > We have basic authentication and integrated checked on the IIS server,
> and
> > > read/execute permissions for the Domain User group
> > > for NTLM security on the folder we're testing.
> > >
> > > From my understanding of authentication, the browser first attempts to
> > > connect anonymously. The server grabs that, then denies anonymous
access
> > and
> > > sends back some possible authentication "options". blah, blah, blah.
I'm
> > > sure everyone here already knows the authentication "conversation" off
> by
> > > heart, so I won't waste everyone's time posting it..
> > >
> > > Anyways we were under the impression that once the client
authenticated,
> > the
> > > server would "remember" which authentication "option" the client used,
> > etc,
> > > thereby minimizing the traffic.
> > >
> > > What we discovered was that EACH session went through the same
procedure
> > of
> > > the client first trying to connect anonymously, then getting back the
> > > "basic" request, creating a hash key, blah blah blah..
> > >
> > > Is there a way to minimize this traffic? We're trying to optimize the
> site
> > > (AMAP) for some clients down in Ecuador who are connecting over a 56k
> > > satellite feed...and these messages back and forth are generating
quite
> a
> > > few KB of data..
> > >
> > > thanks for any suggestions, I appreciate everything the
> > gurus/knowledgeables
> > > have to offer!
> > >
> > >
> >
> >
>
>


Relevant Pages

  • Re: WM5 can not sync to exchange
    ... I checked all the authentication settings and they are as you requested. ... After running the internet connection wizard I had to uncheck the Require ... On the SBS 2003 Server open the Server Management console. ... Open IIS Manager ...
    (microsoft.public.windows.server.sbs)
  • RE: WM5 can not sync to exchange
    ... code 85010014 during ActiveSync with SBS. ... On the SBS 2003 Server open the Server Management console. ... Please verify Authentication settings by the following steps. ... Open IIS Manager ...
    (microsoft.public.windows.server.sbs)
  • Re: WM5 can not sync to exchange
    ... On the SBS 2003 Server open the Server Management console. ... Please verify Authentication settings by the following steps. ... Open IIS Manager ... Collect the IIS metabase on Exchange Server and send to me: ...
    (microsoft.public.windows.server.sbs)
  • RE: Confusion on standard security methodologies.
    ... Application will talk to a back-end SQL ... By "back-end," I assume you mean on a different box from IIS? ... If SQL is on a separate box, you won't be able to use NT authentication ... impersonations (meaning that once passed to the IIS server, ...
    (microsoft.public.inetserver.iis.security)
  • Re: Nokia E50 ActiveSync problem with SBS2003 SP2
    ... Open IIS Manager ... Open properties of virtual directory OMA ... Click Start on your SBS server, ... And then please verify Authentication settings by the following steps. ...
    (microsoft.public.windows.server.sbs)