Re: 401 responses with ntlm enabled
From: Andy Fish (ajfish_at_blueyonder.co.uk)
Date: 01/16/05
- Next message: chris1968_at_gmail.com: "HELP: IIS6 FTP security & domains"
- Previous message: Ken Schaefer: "Re: IIS Auth Error - Kerberos/NTLM not accepting credentials"
- In reply to: David Wang [Msft]: "Re: 401 responses with ntlm enabled"
- Next in thread: David Wang [Msft]: "Re: 401 responses with ntlm enabled"
- Reply: David Wang [Msft]: "Re: 401 responses with ntlm enabled"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 16 Jan 2005 15:51:22 -0000
Thanks David,
can I just clarify what you mean by "connection" in this case. do you mean
the actual tcp/ip socket connection between the 2 servers?
I thought HTTP was connectionless and would re-establish a new connection
for each request.
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:Oaraypt%23EHA.1408@TK2MSFTNGP10.phx.gbl...
> The sequence you observe is normal NTLM authentication negotiation.
>
> What is not usual is that it should happen only once per authenticated
> user
> because the authentication is per-connection. If you see the same user
> repeatedly re-authenticating, it indicates that either:
> 1. the application is doing something that closes the connection, which
> forces reauthentication
> 2. any network device (like proxy servers) between the server and client
> is
> socket pooling and violating NTLM
> 3. if the client is running .Net Framework network classes, it could have
> this behavior and there is an "unsafe" workaround that essentially breaks
> authentication for performance.
> 4. Your server is configured to not have keep-alives
> 5. Something on your server is forcing the connection closed
> 6. the server has a bug
> 7. Etc
>
> Network Monitor trace of the re-authenticated request/responses in
> question
> need to be made in order to distinguish amongst all those possibilities.
> You
> can install this from Windows Server 2003 CD using Add/Remove
> Programs\Windows Components\Network Monitoring Tools
>
> --
> //David
> IIS
> http://blogs.msdn.com/David.Wang
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> //
> "Andy Fish" <ajfish@blueyonder.co.uk> wrote in message
> news:OV45R7i%23EHA.1392@tk2msftngp13.phx.gbl...
> Hi,
>
> I'm using iis6 and my web app is configured for integrated windows
> authentication. From a user perspective it looks fine, i.e. you log using
> your windows credentials and then you can use the site.
>
> However, looking at the IIS log, every HTTP request gets sent 3 times. the
> first 2 times, the cs-username field is blank and the response is 401; the
> third time the cs-username field is correct and the response is 200.
>
> I've turned on all the fields in the web log and for the first request,
> the
> sc-substatus is 2 and sc-win32 status is 2148074254; the second request
> has
> sc-substatus 1 and sc-win32-status 0.
>
> my app is asp.net but I get the same behaviour when requesting images, css
> and javascript includes, so I don't think that's relevant.
>
> TIA for any ideas
>
> Andy
>
>
>
- Next message: chris1968_at_gmail.com: "HELP: IIS6 FTP security & domains"
- Previous message: Ken Schaefer: "Re: IIS Auth Error - Kerberos/NTLM not accepting credentials"
- In reply to: David Wang [Msft]: "Re: 401 responses with ntlm enabled"
- Next in thread: David Wang [Msft]: "Re: 401 responses with ntlm enabled"
- Reply: David Wang [Msft]: "Re: 401 responses with ntlm enabled"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
