Re: reducing authentication traffic?
From: BB (Bernard_at_3exp.com)
Date: 03/18/03
- Next message: BB: "Re: IIS Authentication Methods"
- Previous message: BB: "Re: Access is denied"
- In reply to: DXLuvin: "Re: reducing authentication traffic?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "BB" <Bernard_at_3exp.com> Date: Tue, 18 Mar 2003 10:09:41 +0800
Mm... can you post portion of the log here.
together with complete header info ?
-- Regards, Bernard http://support.microsoft.com/ "DXLuvin" <dxluvin@hotmail.com> wrote in message news:eZocNAN7CHA.1932@TK2MSFTNGP12.phx.gbl... > Hi all, > > thanks for the responses! > > Yeah we're using a tool called "TCP Viewer" which acts as a proxy between > the browser and your target IIS server. This way, it logs > every byte across port 80 (damn usefull!) > > To answer the earlier question, we have enabled the HTTP Keep Alives already > with no noticeable effect. > > All I'm doing is refreshing the page to see the packets going back and forth > to reveal that indeed the security is somehow getting reset > every page request, rather than every session. > > any other suggestion? We're gonna try and open a call with MS support to see > what their answer is. > > As I stated, this doesn't happen with IIS 4.0. We tried the same testing > procedure, and things act normally (ie. the server "remembers" which > authentication method was used within the same session.) Both machines are > behind the same proxy server. > > thanks! > > > "BB" <Bernard_at_3exp.com> wrote in message > news:OKVJod36CHA.2308@TK2MSFTNGP10.phx.gbl... > > how do you know that it re-auth in each page ? > > I would try the network sniffer in David's post > > check on the traffic header. > > > > -- > > Regards, > > Bernard > > http://support.microsoft.com/ > > > > > > "DXLuvin" <dxluvin@hotmail.com> wrote in message > > news:e7XdlVk6CHA.2348@TK2MSFTNGP12.phx.gbl... > > > Ahh but that's the crux of our problem, (and I should've been clearer in > > my > > > original post) > > > > > > Here's a section from the link you posted: > > > > > > > > > NOTES: > > > a.. When your browser establishes a connection with a Web site by > using > > > Basic or Windows Integrated authentication, it does not fall back to > > > Anonymous during the rest of that session with the server. If you try to > > > connect to a Web page that is marked for Anonymous only after > > > authenticating, you are denied. (This may or may not hold true for > > > Netscape). > > > b.. When Internet Explorer has established a connection with the > server > > by > > > using an authentication method other than Anonymous, it automatically > > passes > > > the credentials for every new request during the duration of the > session. > > > > > > Now our problem is that each new PAGE request is going through the > > anonymous > > > first, then the regular authentication procedure. Yet above, it clearly > > > states that for the remainder of the SESSION the browser will > > automatically > > > send the proper credentials.. > > > > > > Sorry...in my original post, I meant to say that it re-does the > > > authentication each PAGE not each SESSION...(d'oh!) > > > > > > thanks for any help, and I appreciate the efforts! > > > > > > > > > > > > "BB" <Bernard_at_3exp.com> wrote in message > > > news:uVCn8Ud6CHA.1612@TK2MSFTNGP11.phx.gbl... > > > > This behaviour is by design I believe, as IIS will take > > > > it as a new SESSION. you should only check 'basic' > > > > in this case, so it will first try anonymous then basic. > > > > > > > > Refer, How IIS authentication works. > > > > http://support.microsoft.com/?id=264921 > > > > > > > > Rgds. > > > > > > > > > > > > > > > > "DXLuvin" <dxluvin@hotmail.com> wrote in message > > > > news:OM43tsX6CHA.2404@TK2MSFTNGP09.phx.gbl... > > > > > Hi, > > > > > > > > > > We're running into a weird behaviour that I'm *sure* could be fixed > by > > a > > > > > registry entry (isn't it always?) but I just want to see > > > > > if there's another way, or even which registry entry to modify...;) > > > > > > > > > > We've been examining the traffic between our corporate intranet > server > > > > (IIS > > > > > 5.1) and an IE5.5 browser. > > > > > > > > > > We have basic authentication and integrated checked on the IIS > server, > > > and > > > > > read/execute permissions for the Domain User group > > > > > for NTLM security on the folder we're testing. > > > > > > > > > > From my understanding of authentication, the browser first attempts > to > > > > > connect anonymously. The server grabs that, then denies anonymous > > access > > > > and > > > > > sends back some possible authentication "options". blah, blah, blah. > > I'm > > > > > sure everyone here already knows the authentication "conversation" > off > > > by > > > > > heart, so I won't waste everyone's time posting it.. > > > > > > > > > > Anyways we were under the impression that once the client > > authenticated, > > > > the > > > > > server would "remember" which authentication "option" the client > used, > > > > etc, > > > > > thereby minimizing the traffic. > > > > > > > > > > What we discovered was that EACH session went through the same > > procedure > > > > of > > > > > the client first trying to connect anonymously, then getting back > the > > > > > "basic" request, creating a hash key, blah blah blah.. > > > > > > > > > > Is there a way to minimize this traffic? We're trying to optimize > the > > > site > > > > > (AMAP) for some clients down in Ecuador who are connecting over a > 56k > > > > > satellite feed...and these messages back and forth are generating > > quite > > > a > > > > > few KB of data.. > > > > > > > > > > thanks for any suggestions, I appreciate everything the > > > > gurus/knowledgeables > > > > > have to offer! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: BB: "Re: IIS Authentication Methods"
- Previous message: BB: "Re: Access is denied"
- In reply to: DXLuvin: "Re: reducing authentication traffic?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
