Re: 401 responses with ntlm enabled
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 01/15/05
- Next message: Brian J Spencer UK: "Re: ASPs and NTFS permissions"
- Previous message: David Wang [Msft]: "Re: Anonymous Access on IIS6"
- In reply to: Andy Fish: "401 responses with ntlm enabled"
- Next in thread: Andy Fish: "Re: 401 responses with ntlm enabled"
- Reply: Andy Fish: "Re: 401 responses with ntlm enabled"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 Jan 2005 23:48:50 -0800
The sequence you observe is normal NTLM authentication negotiation.
What is not usual is that it should happen only once per authenticated user
because the authentication is per-connection. If you see the same user
repeatedly re-authenticating, it indicates that either:
1. the application is doing something that closes the connection, which
forces reauthentication
2. any network device (like proxy servers) between the server and client is
socket pooling and violating NTLM
3. if the client is running .Net Framework network classes, it could have
this behavior and there is an "unsafe" workaround that essentially breaks
authentication for performance.
4. Your server is configured to not have keep-alives
5. Something on your server is forcing the connection closed
6. the server has a bug
7. Etc
Network Monitor trace of the re-authenticated request/responses in question
need to be made in order to distinguish amongst all those possibilities. You
can install this from Windows Server 2003 CD using Add/Remove
Programs\Windows Components\Network Monitoring Tools
-- //David IIS http://blogs.msdn.com/David.Wang This posting is provided "AS IS" with no warranties, and confers no rights. // "Andy Fish" <ajfish@blueyonder.co.uk> wrote in message news:OV45R7i%23EHA.1392@tk2msftngp13.phx.gbl... Hi, I'm using iis6 and my web app is configured for integrated windows authentication. From a user perspective it looks fine, i.e. you log using your windows credentials and then you can use the site. However, looking at the IIS log, every HTTP request gets sent 3 times. the first 2 times, the cs-username field is blank and the response is 401; the third time the cs-username field is correct and the response is 200. I've turned on all the fields in the web log and for the first request, the sc-substatus is 2 and sc-win32 status is 2148074254; the second request has sc-substatus 1 and sc-win32-status 0. my app is asp.net but I get the same behaviour when requesting images, css and javascript includes, so I don't think that's relevant. TIA for any ideas Andy
- Next message: Brian J Spencer UK: "Re: ASPs and NTFS permissions"
- Previous message: David Wang [Msft]: "Re: Anonymous Access on IIS6"
- In reply to: Andy Fish: "401 responses with ntlm enabled"
- Next in thread: Andy Fish: "Re: 401 responses with ntlm enabled"
- Reply: Andy Fish: "Re: 401 responses with ntlm enabled"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
