Double number of calls when Basic Authentication?

Discussion in 'ASP .Net Security' started by Joe H, May 26, 2004.

  1. Joe H

    Joe H Guest

    I have a web service that is set to use Basic Authentication (for users
    outside the firewall). They are coming in over SSL. It uses Integrated
    Authentication for internal users.

    For the users who are requesting service with Basic Authentication, there is
    a VB.Net client application which is using the NetworkCredential to pass the
    authentication information to the web service.

    However, the sequence of events that seems to always happen is:

    1. client sends request
    2. service responds with 401
    3. client sends request again, this time including the authentication
    information (user, password, domain)

    So, in my IIS logs, there is a duplicate entry for each call to the web
    service. The first log entry has a user value of " - " (this entry also has
    the 401 code returned), and the second log entry has the correct user name.
    I am certain that this is affecting overall performance of the web service.

    What do I need to do in order to eliminate this "round-trip" from happening?

    Thanks,
    Joe
    Joe H, May 26, 2004
    #1
    1. Advertising

  2. Joe H

    Ken Schaefer Guest

    That's the way any HTTP authentication system works (by default). If you use
    NTLM v2 (part of Integrated Windows Auth) you'll see even more requests
    logged :)

    The first request is anonymous. The server denies the anonymous request, and
    sends back a list of supported authentication mechanisms. The client picks
    the strongest one that it supports, and then attempts the request again
    using credentials. Most clients will then cache the credentials for
    subsequent accesses to the server, until the client is terminated.

    Now, I suppose you could build a custom client that doesn't attempt
    anonymous authentication first - it authenticates from the very first
    request.

    Cheers
    Ken


    "Joe H" <> wrote in message
    news:...
    : I have a web service that is set to use Basic Authentication (for users
    : outside the firewall). They are coming in over SSL. It uses Integrated
    : Authentication for internal users.
    :
    : For the users who are requesting service with Basic Authentication, there
    is
    : a VB.Net client application which is using the NetworkCredential to pass
    the
    : authentication information to the web service.
    :
    : However, the sequence of events that seems to always happen is:
    :
    : 1. client sends request
    : 2. service responds with 401
    : 3. client sends request again, this time including the authentication
    : information (user, password, domain)
    :
    : So, in my IIS logs, there is a duplicate entry for each call to the web
    : service. The first log entry has a user value of " - " (this entry also
    has
    : the 401 code returned), and the second log entry has the correct user
    name.
    : I am certain that this is affecting overall performance of the web
    service.
    :
    : What do I need to do in order to eliminate this "round-trip" from
    happening?
    :
    : Thanks,
    : Joe
    :
    :
    Ken Schaefer, May 26, 2004
    #2
    1. Advertising

  3. I don't think this is a big deal. I am sure there are other areas that
    you can get more bang for the buck.

    On a side not if the user you are authenticating happens to have me a
    member of more than 150 groups, then you will see some serious network
    traffic in the range of 3000+ calls to the domain server.


    Joe H wrote:
    > I have a web service that is set to use Basic Authentication (for users
    > outside the firewall). They are coming in over SSL. It uses Integrated
    > Authentication for internal users.
    >
    > For the users who are requesting service with Basic Authentication, there is
    > a VB.Net client application which is using the NetworkCredential to pass the
    > authentication information to the web service.
    >
    > However, the sequence of events that seems to always happen is:
    >
    > 1. client sends request
    > 2. service responds with 401
    > 3. client sends request again, this time including the authentication
    > information (user, password, domain)
    >
    > So, in my IIS logs, there is a duplicate entry for each call to the web
    > service. The first log entry has a user value of " - " (this entry also has
    > the 401 code returned), and the second log entry has the correct user name.
    > I am certain that this is affecting overall performance of the web service.
    >
    > What do I need to do in order to eliminate this "round-trip" from happening?
    >
    > Thanks,
    > Joe
    >
    >
    Joseph E Shook [MVP - ADSI], May 26, 2004
    #3
  4. Did you set PreAuthenticate to true on your webservice proxy object? I
    think that will cause it to pass the credentials by default without the 401.

    Joe K.

    "Joe H" <> wrote in message
    news:...
    > I have a web service that is set to use Basic Authentication (for users
    > outside the firewall). They are coming in over SSL. It uses Integrated
    > Authentication for internal users.
    >
    > For the users who are requesting service with Basic Authentication, there

    is
    > a VB.Net client application which is using the NetworkCredential to pass

    the
    > authentication information to the web service.
    >
    > However, the sequence of events that seems to always happen is:
    >
    > 1. client sends request
    > 2. service responds with 401
    > 3. client sends request again, this time including the authentication
    > information (user, password, domain)
    >
    > So, in my IIS logs, there is a duplicate entry for each call to the web
    > service. The first log entry has a user value of " - " (this entry also

    has
    > the 401 code returned), and the second log entry has the correct user

    name.
    > I am certain that this is affecting overall performance of the web

    service.
    >
    > What do I need to do in order to eliminate this "round-trip" from

    happening?
    >
    > Thanks,
    > Joe
    >
    >
    Joe Kaplan \(MVP - ADSI\), May 27, 2004
    #4
  5. Joe H

    Joe H Guest

    yes... i finally figured this out...seems that the trick is to create a
    credential cache...then create a network credential...set up the properties
    of the network credential, and then add it to the cache...then set
    PreAuthenticate to true on the proxy...and it works...

    thanks to all for input...

    "Joe Kaplan (MVP - ADSI)" <> wrote
    in message news:...
    > Did you set PreAuthenticate to true on your webservice proxy object? I
    > think that will cause it to pass the credentials by default without the

    401.
    >
    > Joe K.
    >
    > "Joe H" <> wrote in message
    > news:...
    > > I have a web service that is set to use Basic Authentication (for users
    > > outside the firewall). They are coming in over SSL. It uses Integrated
    > > Authentication for internal users.
    > >
    > > For the users who are requesting service with Basic Authentication,

    there
    > is
    > > a VB.Net client application which is using the NetworkCredential to pass

    > the
    > > authentication information to the web service.
    > >
    > > However, the sequence of events that seems to always happen is:
    > >
    > > 1. client sends request
    > > 2. service responds with 401
    > > 3. client sends request again, this time including the authentication
    > > information (user, password, domain)
    > >
    > > So, in my IIS logs, there is a duplicate entry for each call to the web
    > > service. The first log entry has a user value of " - " (this entry also

    > has
    > > the 401 code returned), and the second log entry has the correct user

    > name.
    > > I am certain that this is affecting overall performance of the web

    > service.
    > >
    > > What do I need to do in order to eliminate this "round-trip" from

    > happening?
    > >
    > > Thanks,
    > > Joe
    > >
    > >

    >
    >
    Joe H, May 28, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Honne Gowda A
    Replies:
    2
    Views:
    873
    Karl Heinz Buchegger
    Oct 31, 2003
  2. Sydex
    Replies:
    12
    Views:
    6,489
    Victor Bazarov
    Feb 17, 2005
  3. andy6
    Replies:
    2
    Views:
    758
    andy6 via DotNetMonster.com
    Jun 9, 2006
  4. sweetone
    Replies:
    1
    Views:
    421
    Andrew Thompson
    Jan 20, 2007
  5. Richard Tobin
    Replies:
    24
    Views:
    788
Loading...

Share This Page