3

We have here an ASP.NET 3.5 application using NTLM based Windows authentication. The system runs on a private network that is actually distributed over different geographic places (connected via VPN).

We are now trying to optimize the website's performance. Because the way NTLM works, every new request to the IIS is composed of 3 different requests while the first 2 are 401 responses. We are trying to minimize the amount of these requests to be only at the beginning of the session. We found the solution described in Improving the Performance of IIS 6.0 Applications. Unfortunately it didn't change anything and we keep getting this 401 response (which consumes time).

In order to see the traffic I first used the Fiddler application. Somehow, when I use Fiddler, there is only 1 authentication process at the beginning of the session (exactly as I wish), but when I close the Fiddler application and check the traffic via Wireshark I can see that I still have this 401 response for each request.

The clients use Internet Explorer 6, IIS version 6.

How can we fix this problem?

Peter Mortensen
  • 2,319
  • 5
  • 23
  • 24
Satumba
  • 143
  • 1
  • 5
  • I'm not able to reproduce your issue with IE6 on Windows XP SP3 and IIS 6 on Windows Server 2003 Std. Ed. 32-bit Service Pack 2. The "AuthPersistSingleRequest" setting does exactly what the article says it should and I see a two 401 results (using a sniffer to watch the conversation) at the start of the HTTP conversation and then 200's for every subsequent request. – Evan Anderson Aug 03 '09 at 16:40
  • Correct. But, what about the up-coming conversation? Again I’ll have two 401 at the beginning of it followed by 200 for subsequent requests? I would like to avoid the 401s at the beginning of each conversation start. Can I ? – Satumba Aug 04 '09 at 06:20
  • I can confirm the behaviour with fiddler, i.e. normally I get a 401.5, 401.1 and 200 for every request (authentication with NTLM); when I use Fiddler I only see this behaviour for the first request. – Benjamin J Athawes Dec 13 '11 at 09:16

1 Answers1

2

Just a thought, but because fiddler is a proxy, it might be keeping your TCP/IP connections open. See the Fiddler Help Page regarding Reuse connections to servers and Reuse client connections.

You should also make sure you've got "Use HTTP 1.1" and "Use HTTP 1.1 through Proxies" are chceked, and double check that your KeepAliveTimeout registry setting is not really low.

Christopher_G_Lewis
  • 3,647
  • 21
  • 27
  • You are right! and i'm trying to imitate the fiddler operation so the connection won't be closed using the browser, but i guess this is a matter of how the client works (in this case, the IE browser...). What do you think about that? – Satumba Aug 05 '09 at 13:37
  • It is not clear to me... the 2 options in the Fiddler Reuse connections to servers and Reuse client connections should act as keep alive. Why when i'm using the Fiddler proxy i'm getting 401 only at the beginning of the first conversation while the reset are 401 free, and when shut the fiddler down i'm getting 401 for each conversation start? so annoying... – Satumba Aug 05 '09 at 13:54
  • What's your KeepAliveTimeout registry setting? – Christopher_G_Lewis Aug 05 '09 at 14:54
  • On the IIS it was 120 sec, The registry setting didn't inculde this value, so i added it as written in the "How to" you sent. But unfortunately it did nothing new... – Satumba Aug 06 '09 at 04:55
  • +1 for the point around Fiddler reusing client and server connections (and the corresponding options) – Benjamin J Athawes Dec 13 '11 at 09:18