Re: "Hidden" HTTP 401 Errors

From: Ken Schaefer (kenREMOVE_at_THISadopenstatic.com)
Date: 10/25/04


Date: Mon, 25 Oct 2004 12:45:36 +1000

Do you have "keep-alives" enabled on the server? What is the timeout (in
seconds)? The default timeout is 900 seconds (about 15 minutes). Some
authentication mechanisms involve authentication the hTTP connection - if
you do not have keep-alives enabled, or the http connection has been closed,
you will need to re-authenticate (well, this is how I think it works).

Cheers
Ken

"Eric Kassan" <mail@EricKassan.net> wrote in message
news:uCMIgcVuEHA.2820@TK2MSFTNGP15.phx.gbl...
> As I mentioned in my original question, I can understand this for the
> first request to a session, but I am seeing this happen many times
> throughout a session. A couple examples:
>
> 1. A page is requested with security credentials, later the same second
> the browser requests an image referenced in the page without credentials
> (first). Failure triggers the request to be resent with credentials so
> the user sees the site "working".
>
> 2. Eight minutes later, the user clicks a link referencing another page
> on the same site. The request comes in (first) without credentials.
>
> I looked at:
>
> INFO: How IIS Authenticates Browser Clients
> http://support.microsoft.com/default.aspx?scid=kb;en-us;264921
> "When Internet Explorer has established a connection with the server by
> using an authentication method other than Anonymous, it automatically
> passes the credentials for every new request during the duration of the
> session."
>
> So this shouldn't happen. The clients involved are IE 6.0. What am I
> missing?
>
> Thanks.
>
>



Relevant Pages

  • Re: BASIC authentication Issues with IE - Part II - Solved but WHY?
    ... it does not know the difference between a request from IE or from ... some other HTTP client. ... Some other authentication schemes are more ... IIS can sometimes remember the token for a particular set of credentials so ...
    (microsoft.public.inetserver.iis.security)
  • Re: Authentification - Server Variables ( omg! )
    ... | an anonymous request to the remote web site first, ... there is no authentication info in the request/response ... | credentials against AD through ActiveDirectory membership provider... ... | Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Securing static files
    ... It's not the session - it's the authentication timeout - you can set the timeout in the element in web.config. ... they are kicked back to the login page. ... The user may log in with other credentials. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Authentification - Server Variables ( omg! )
    ... an anonymous request to the remote web site first, ... and as for those Server Variable (related to authentication info), ... credentials against AD through ActiveDirectory membership provider... ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Windows Authentication Timeout
    ... The problem is that with Windows auth, the browser caches those credentials ... >> | Yes, I have looked at Forms Authentication, the problem is that I ... just so I can have an authentication timeout? ... >> | I believe that the reason they are prompted twice on the first request ...
    (microsoft.public.dotnet.framework.aspnet.security)