Re: reducing authentication traffic?

From: DXLuvin (dxluvin@hotmail.com)
Date: 03/17/03


From: "DXLuvin" <dxluvin@hotmail.com>
Date: Mon, 17 Mar 2003 14:56:22 -0700


Hi all,

thanks for the responses!

Yeah we're using a tool called "TCP Viewer" which acts as a proxy between
the browser and your target IIS server. This way, it logs
every byte across port 80 (damn usefull!)

To answer the earlier question, we have enabled the HTTP Keep Alives already
with no noticeable effect.

All I'm doing is refreshing the page to see the packets going back and forth
to reveal that indeed the security is somehow getting reset
every page request, rather than every session.

any other suggestion? We're gonna try and open a call with MS support to see
what their answer is.

As I stated, this doesn't happen with IIS 4.0. We tried the same testing
procedure, and things act normally (ie. the server "remembers" which
authentication method was used within the same session.) Both machines are
behind the same proxy server.

thanks!

"BB" <Bernard_at_3exp.com> wrote in message
news:OKVJod36CHA.2308@TK2MSFTNGP10.phx.gbl...
> how do you know that it re-auth in each page ?
> I would try the network sniffer in David's post
> check on the traffic header.
>
> --
> Regards,
> Bernard
> http://support.microsoft.com/
>
>
> "DXLuvin" <dxluvin@hotmail.com> wrote in message
> news:e7XdlVk6CHA.2348@TK2MSFTNGP12.phx.gbl...
> > Ahh but that's the crux of our problem, (and I should've been clearer in
> my
> > original post)
> >
> > Here's a section from the link you posted:
> >
> >
> > NOTES:
> > a.. When your browser establishes a connection with a Web site by
using
> > Basic or Windows Integrated authentication, it does not fall back to
> > Anonymous during the rest of that session with the server. If you try to
> > connect to a Web page that is marked for Anonymous only after
> > authenticating, you are denied. (This may or may not hold true for
> > Netscape).
> > b.. When Internet Explorer has established a connection with the
server
> by
> > using an authentication method other than Anonymous, it automatically
> passes
> > the credentials for every new request during the duration of the
session.
> >
> > Now our problem is that each new PAGE request is going through the
> anonymous
> > first, then the regular authentication procedure. Yet above, it clearly
> > states that for the remainder of the SESSION the browser will
> automatically
> > send the proper credentials..
> >
> > Sorry...in my original post, I meant to say that it re-does the
> > authentication each PAGE not each SESSION...(d'oh!)
> >
> > thanks for any help, and I appreciate the efforts!
> >
> >
> >
> > "BB" <Bernard_at_3exp.com> wrote in message
> > news:uVCn8Ud6CHA.1612@TK2MSFTNGP11.phx.gbl...
> > > This behaviour is by design I believe, as IIS will take
> > > it as a new SESSION. you should only check 'basic'
> > > in this case, so it will first try anonymous then basic.
> > >
> > > Refer, How IIS authentication works.
> > > http://support.microsoft.com/?id=264921
> > >
> > > Rgds.
> > >
> > >
> > >
> > > "DXLuvin" <dxluvin@hotmail.com> wrote in message
> > > news:OM43tsX6CHA.2404@TK2MSFTNGP09.phx.gbl...
> > > > Hi,
> > > >
> > > > We're running into a weird behaviour that I'm *sure* could be fixed
by
> a
> > > > registry entry (isn't it always?) but I just want to see
> > > > if there's another way, or even which registry entry to modify...;)
> > > >
> > > > We've been examining the traffic between our corporate intranet
server
> > > (IIS
> > > > 5.1) and an IE5.5 browser.
> > > >
> > > > We have basic authentication and integrated checked on the IIS
server,
> > and
> > > > read/execute permissions for the Domain User group
> > > > for NTLM security on the folder we're testing.
> > > >
> > > > From my understanding of authentication, the browser first attempts
to
> > > > connect anonymously. The server grabs that, then denies anonymous
> access
> > > and
> > > > sends back some possible authentication "options". blah, blah, blah.
> I'm
> > > > sure everyone here already knows the authentication "conversation"
off
> > by
> > > > heart, so I won't waste everyone's time posting it..
> > > >
> > > > Anyways we were under the impression that once the client
> authenticated,
> > > the
> > > > server would "remember" which authentication "option" the client
used,
> > > etc,
> > > > thereby minimizing the traffic.
> > > >
> > > > What we discovered was that EACH session went through the same
> procedure
> > > of
> > > > the client first trying to connect anonymously, then getting back
the
> > > > "basic" request, creating a hash key, blah blah blah..
> > > >
> > > > Is there a way to minimize this traffic? We're trying to optimize
the
> > site
> > > > (AMAP) for some clients down in Ecuador who are connecting over a
56k
> > > > satellite feed...and these messages back and forth are generating
> quite
> > a
> > > > few KB of data..
> > > >
> > > > thanks for any suggestions, I appreciate everything the
> > > gurus/knowledgeables
> > > > have to offer!
> > > >
> > > >
> > >
> > >
> >
> >
>
>