Why two POST Operations?

[Blake]

Hello,

This is perhaps a bit of a newbie question, but I am using the Apache
Axis tcpmon program to inspect xml-based web services messages with ASP
..NET and IIS and have noticed that I am not observing the expected
simple request-response MEP, but instead two POST operations.

I am using the dead-simple 'math' web service that adds two numbers. The
output looks something like this. This is the client request message to
add 1 and 1. The client and server are both msft .NET based (C#).

POST /math/math.asmx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client
Protocol 1.1.4322.573)
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://www.mathworld.org/math/Add"
Authorization: Negotiate
TlRMTVNTUAABAAAAt7II4AkACQAlAAAABQAFACAAAABCTEFLRVdPUktHUk9VUA==
Content-Length: 311
Expect: 100-continue
Host: localhost

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<Add xmlns="http://www.mathworld.org/math">
<x>1</x>
<y>1</y>
</Add>
</soap:Body>
</soap:Envelope>POST /math/math.asmx HTTP/1.1


!!!! From here, the server returns with:

HTTP/1.1 401 Access Denied
Server: Microsoft-IIS/5.1
Date: Mon, 20 Oct 2003 20:36:14 GMT
WWW-Authenticate: Negotiate
TlRMTVNTUAACAAAACgAKADAAAAA1worg209i4NWBroJIxQsAAAAAAEQARAA6AAAAQgBMAEEASwBFAAIACgBCA...
Content-Length: 4033
Content-Type: text/html

followed by some html stuff to tell humans that they are denied, even
though this is being consumed by a web services client.


!!! Then, my client does the following:
POST /math/math.asmx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client
Protocol 1.1.4322.573)
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://www.mathworld.org/math/Add"
Authorization: Negotiate
TlRMTVNTUAADAAAAAAAAAEAAAAAAAAAAQAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAQAAAAAAAAABAAAAANcKI4A==
Content-Length: 311
Expect: 100-continue
Host: localhost

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<Add xmlns="http://www.mathworld.org/math">
<x>1</x>
<y>1</y>
</Add>
</soap:Body>
</soap:Envelope>


!!!!! Everything works, the service returns the correct response as follows:

HTTP/1.1 100 Continue
Server: Microsoft-IIS/5.1
Date: Mon, 20 Oct 2003 20:36:14 GMT
X-Powered-By: ASP.NET

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.1
Date: Mon, 20 Oct 2003 20:36:14 GMT
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private, max-age=0
Content-Type: text/xml; charset=utf-8
Content-Length: 335


<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<AddResponse xmlns="http://www.mathworld.org/math">
<AddResult>2</AddResult>
</AddResponse>
</soap:Body>
</soap:Envelope>


Is this behavior a "Microsoft-custom-IIS" behavior or is this how I
would expect the request and response messages to be with any "standard"
XML-based web service?

I can't figure out why the request needs to be sent twice. This seems
like a huge waste given the verbosity of XML as it is.



Thanks,

Blake

 

[Chris Botha]

I am a bit curious about this one too. After taking off anonymous access
from my WEB Service site a while ago and implementing impersonation, I
thought I saw a remarkable drop in performance, but (silently) hoped that it
was my imagination (I should have known better). After reading your post, I
thought let me check the logs, and YES, there they were, two posts for each
request, 1st fails with 401 (access denied), and the second succeeds.
I then connected to the aspx page using IE, and it succeeds every time, no
401 messages in the logs. I guess the question is what is the difference
between IE and a DOTNET client calling the aspx page?

I wonder if someone from MS care to respond, giving good or bad news.
I'm using Framework 1.0 latest SP on this computer, but will check it
tomorrow on Framework 1.1.
Note that the DOTNET client creates the proxy to the WEB service only at
startup and sticks the credentials into it at startup as well, so it is not
a question of creating/deleting the proxy.

 

[Blake]

Chris,

I'm glad to see you are seeing the same behavior. This seems a bit
serious to me. It's fine as long as I'm playing around with 'Hello
World' .NET samples, but when real data has to be sent two POST
operations could be a disaster for efficiency.

Blake

 

[Chris Botha]

Oohoo, bad news, same thing happens on Framework 1.1. Problem is we don't
use it for the "Hello World" sample.
No response from MS yet, but I am sure if a MS representative, for example
Dino Chiesa, reads this, they will not keep quiet.
If nobody respond, then I think we should wait a number of days and re-post
the problem. Sigh!

 

[Tomas Restrepo \(MVP\)]

Hi Blake, Chris,

I'm glad to see you are seeing the same behavior. This seems a bit
serious to me. It's fine as long as I'm playing around with 'Hello
World' .NET samples, but when real data has to be sent two POST
operations could be a disaster for efficiency.

No surprise there. If you look at Chris' information, you'll easily
recognize that he has IIS authentication enabled on the WebSite (actually,
he even has Integrated Authentication enabled only... easy to see by the
first response from the server). This just happens to be how HTTP
authentication works: you try the first time without authentication, get an
401 error telling you which authentication methods are supported, and then
try again with the corresponding credentials.