Ask a Question related to ASP.NET Security, Design and Development.
-
Joe H #1
Double number of calls when Basic Authentication?
I have a web service that is set to use Basic Authentication (for users
outside the firewall). They are coming in over SSL. It uses Integrated
Authentication for internal users.
For the users who are requesting service with Basic Authentication, there is
a VB.Net client application which is using the NetworkCredential to pass the
authentication information to the web service.
However, the sequence of events that seems to always happen is:
1. client sends request
2. service responds with 401
3. client sends request again, this time including the authentication
information (user, password, domain)
So, in my IIS logs, there is a duplicate entry for each call to the web
service. The first log entry has a user value of " - " (this entry also has
the 401 code returned), and the second log entry has the correct user name.
I am certain that this is affecting overall performance of the web service.
What do I need to do in order to eliminate this "round-trip" from happening?
Thanks,
Joe
Joe H Guest
-
Is it support for round double number in flex
Hi, I want to round a double value in flex, such as 1.234, I want to get 2 bits after the radix point. I can only find Math.round() in flex which... -
ASP.Net Forms authentication with basic authentication popup
Relatively new to ASP.Net but have a strange problem. My site uses forms authentication for a large administration section however after the user... -
Limit the number of asyn web service calls
I have a web service the makes calls asynchronously to a server to download files. The user has the ability to select many files to download. When... -
User authentication on Web Service calls from an NTD app
I am developing a Windows Forms application that makes requests to a web service and in return receives configuration data that is user specific,... -
Number of sites calls
Jenny, The way I would handle this is to store information in an Application variable. You could increment an integer value to keep track of the... -
Ken Schaefer #2 Re: Double number of calls when Basic Authentication?
That's the way any HTTP authentication system works (by default). If you use
NTLM v2 (part of Integrated Windows Auth) you'll see even more requests
logged :-)
The first request is anonymous. The server denies the anonymous request, and
sends back a list of supported authentication mechanisms. The client picks
the strongest one that it supports, and then attempts the request again
using credentials. Most clients will then cache the credentials for
subsequent accesses to the server, until the client is terminated.
Now, I suppose you could build a custom client that doesn't attempt
anonymous authentication first - it authenticates from the very first
request.
Cheers
Ken
"Joe H" <jharri@hotmail.com> wrote in message
news:OL82otxQEHA.3348@TK2MSFTNGP09.phx.gbl...
: I have a web service that is set to use Basic Authentication (for users
: outside the firewall). They are coming in over SSL. It uses Integrated
: Authentication for internal users.
:
: For the users who are requesting service with Basic Authentication, there
is
: a VB.Net client application which is using the NetworkCredential to pass
the
: authentication information to the web service.
:
: However, the sequence of events that seems to always happen is:
:
: 1. client sends request
: 2. service responds with 401
: 3. client sends request again, this time including the authentication
: information (user, password, domain)
:
: So, in my IIS logs, there is a duplicate entry for each call to the web
: service. The first log entry has a user value of " - " (this entry also
has
: the 401 code returned), and the second log entry has the correct user
name.
: I am certain that this is affecting overall performance of the web
service.
:
: What do I need to do in order to eliminate this "round-trip" from
happening?
:
: Thanks,
: Joe
:
:
Ken Schaefer Guest
-
Joseph E Shook [MVP - ADSI] #3 Re: Double number of calls when Basic Authentication?
I don't think this is a big deal. I am sure there are other areas that
you can get more bang for the buck.
On a side not if the user you are authenticating happens to have me a
member of more than 150 groups, then you will see some serious network
traffic in the range of 3000+ calls to the domain server.
Joe H wrote:> I have a web service that is set to use Basic Authentication (for users
> outside the firewall). They are coming in over SSL. It uses Integrated
> Authentication for internal users.
>
> For the users who are requesting service with Basic Authentication, there is
> a VB.Net client application which is using the NetworkCredential to pass the
> authentication information to the web service.
>
> However, the sequence of events that seems to always happen is:
>
> 1. client sends request
> 2. service responds with 401
> 3. client sends request again, this time including the authentication
> information (user, password, domain)
>
> So, in my IIS logs, there is a duplicate entry for each call to the web
> service. The first log entry has a user value of " - " (this entry also has
> the 401 code returned), and the second log entry has the correct user name.
> I am certain that this is affecting overall performance of the web service.
>
> What do I need to do in order to eliminate this "round-trip" from happening?
>
> Thanks,
> Joe
>
>Joseph E Shook [MVP - ADSI] Guest
-
Joe Kaplan \(MVP - ADSI\) #4 Re: Double number of calls when Basic Authentication?
Did you set PreAuthenticate to true on your webservice proxy object? I
think that will cause it to pass the credentials by default without the 401.
Joe K.
"Joe H" <jharri@hotmail.com> wrote in message
news:OL82otxQEHA.3348@TK2MSFTNGP09.phx.gbl...is> I have a web service that is set to use Basic Authentication (for users
> outside the firewall). They are coming in over SSL. It uses Integrated
> Authentication for internal users.
>
> For the users who are requesting service with Basic Authentication, therethe> a VB.Net client application which is using the NetworkCredential to passhas> authentication information to the web service.
>
> However, the sequence of events that seems to always happen is:
>
> 1. client sends request
> 2. service responds with 401
> 3. client sends request again, this time including the authentication
> information (user, password, domain)
>
> So, in my IIS logs, there is a duplicate entry for each call to the web
> service. The first log entry has a user value of " - " (this entry alsoname.> the 401 code returned), and the second log entry has the correct userservice.> I am certain that this is affecting overall performance of the webhappening?>
> What do I need to do in order to eliminate this "round-trip" from>
> Thanks,
> Joe
>
>
Joe Kaplan \(MVP - ADSI\) Guest
-
Joe H #5 Re: Double number of calls when Basic Authentication?
yes... i finally figured this out...seems that the trick is to create a
credential cache...then create a network credential...set up the properties
of the network credential, and then add it to the cache...then set
PreAuthenticate to true on the proxy...and it works...
thanks to all for input...
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:uDhd8i3QEHA.252@TK2MSFTNGP10.phx.gbl...401.> Did you set PreAuthenticate to true on your webservice proxy object? I
> think that will cause it to pass the credentials by default without thethere>
> Joe K.
>
> "Joe H" <jharri@hotmail.com> wrote in message
> news:OL82otxQEHA.3348@TK2MSFTNGP09.phx.gbl...> > I have a web service that is set to use Basic Authentication (for users
> > outside the firewall). They are coming in over SSL. It uses Integrated
> > Authentication for internal users.
> >
> > For the users who are requesting service with Basic Authentication,> is> the> > a VB.Net client application which is using the NetworkCredential to pass> has> > authentication information to the web service.
> >
> > However, the sequence of events that seems to always happen is:
> >
> > 1. client sends request
> > 2. service responds with 401
> > 3. client sends request again, this time including the authentication
> > information (user, password, domain)
> >
> > So, in my IIS logs, there is a duplicate entry for each call to the web
> > service. The first log entry has a user value of " - " (this entry also> name.> > the 401 code returned), and the second log entry has the correct user> service.> > I am certain that this is affecting overall performance of the web> happening?> >
> > What do I need to do in order to eliminate this "round-trip" from>> >
> > Thanks,
> > Joe
> >
> >
>
Joe H Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
