Double number of calls when Basic Authentication?

J

Joe H

I have a web service that is set to use Basic Authentication (for users
outside the firewall). They are coming in over SSL. It uses Integrated
Authentication for internal users.

For the users who are requesting service with Basic Authentication, there is
a VB.Net client application which is using the NetworkCredential to pass the
authentication information to the web service.

However, the sequence of events that seems to always happen is:

1. client sends request
2. service responds with 401
3. client sends request again, this time including the authentication
information (user, password, domain)

So, in my IIS logs, there is a duplicate entry for each call to the web
service. The first log entry has a user value of " - " (this entry also has
the 401 code returned), and the second log entry has the correct user name.
I am certain that this is affecting overall performance of the web service.

What do I need to do in order to eliminate this "round-trip" from happening?

Thanks,
Joe
 
K

Ken Schaefer

That's the way any HTTP authentication system works (by default). If you use
NTLM v2 (part of Integrated Windows Auth) you'll see even more requests
logged :)

The first request is anonymous. The server denies the anonymous request, and
sends back a list of supported authentication mechanisms. The client picks
the strongest one that it supports, and then attempts the request again
using credentials. Most clients will then cache the credentials for
subsequent accesses to the server, until the client is terminated.

Now, I suppose you could build a custom client that doesn't attempt
anonymous authentication first - it authenticates from the very first
request.

Cheers
Ken


: I have a web service that is set to use Basic Authentication (for users
: outside the firewall). They are coming in over SSL. It uses Integrated
: Authentication for internal users.
:
: For the users who are requesting service with Basic Authentication, there
is
: a VB.Net client application which is using the NetworkCredential to pass
the
: authentication information to the web service.
:
: However, the sequence of events that seems to always happen is:
:
: 1. client sends request
: 2. service responds with 401
: 3. client sends request again, this time including the authentication
: information (user, password, domain)
:
: So, in my IIS logs, there is a duplicate entry for each call to the web
: service. The first log entry has a user value of " - " (this entry also
has
: the 401 code returned), and the second log entry has the correct user
name.
: I am certain that this is affecting overall performance of the web
service.
:
: What do I need to do in order to eliminate this "round-trip" from
happening?
:
: Thanks,
: Joe
:
:
 
J

Joseph E Shook [MVP - ADSI]

I don't think this is a big deal. I am sure there are other areas that
you can get more bang for the buck.

On a side not if the user you are authenticating happens to have me a
member of more than 150 groups, then you will see some serious network
traffic in the range of 3000+ calls to the domain server.
 
J

Joe Kaplan \(MVP - ADSI\)

Did you set PreAuthenticate to true on your webservice proxy object? I
think that will cause it to pass the credentials by default without the 401.

Joe K.
 
J

Joe H

yes... i finally figured this out...seems that the trick is to create a
credential cache...then create a network credential...set up the properties
of the network credential, and then add it to the cache...then set
PreAuthenticate to true on the proxy...and it works...

thanks to all for input...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,898
Latest member
BlairH7607

Latest Threads

Top