rbl9

I am doing some performance tuning of our Intranet site (IIS 6.0 / IE 6.0, managed desktop of all workstations).

Our site requires authentication, and we are using Integrated Windows Authentication successfully (Negotiate, usually Kerberos).

Using HTTPWatch, it appears that when our pages load, IE is maknig an anonymous HTTP request first, and when it gets the "401 Not Authorized" response from the server, it re-requests the same URL with the Authorization header.

This appears to be according to the HTTP RFC. But it seems that this dual-request of EVERY url is not optimal. This effectively makes every URL request happen twice, doubling the number of round-trips required to load the page. The reason this is an issue for me is that we have many user locations that have very high latencies (satellite connnections, etc.) and the number of separate HTTP requests dramatically slows the site down.

Q: Is there any way to configure IE to send the Authorization header in the first request Or failing that, is there any way to configure IE to send the initial anonymous request only on a per-web-site basis, not a per-URL basis

I will also post this question in the Technet forums.

Thanks,

RBL



Re: Internet Explorer Web Development Any way to avoid anonymous request before authenticated request?

BlazenBundy

Reading this should help you understand your problem.

http://support.microsoft.com/kb/264921

Cheers,
cBlaze'n'Bundy R




Re: Internet Explorer Web Development Any way to avoid anonymous request before authenticated request?

rbl9

Thanks for the link. The article says (in the Notes section under Windows 2000):

? When your browser establishes a connection with a Web site by using Basic or Windows Integrated authentication, it does not fall back to Anonymous during the rest of that session with the server. If you try to connect to a Web page that is marked for Anonymous only after authenticating, you are denied. (This may or may not hold true for Netscape).
? When Internet Explorer has established a connection with the server by using an authentication method other than Anonymous, it automatically passes the credentials for every new request during the duration of the session.

This tells me that only the first request should exhibit the Anonymous-then-Authenticated pair; subsequent requests should always contain the authentication header. This is not the case for me. My HTTPWatch logs clearly show a pair of requests for every URL on the page (images, JS files, etc.) with 401 then 200 response codes.

Is IE 6.0 broken in my environment Or the article wrong

Thanks,

RBL





Re: Internet Explorer Web Development Any way to avoid anonymous request before authenticated request?

Nakuldev

I'm facing the same issue!

Is there any work around here

Thanks

/nakul





Re: Internet Explorer Web Development Any way to avoid anonymous request before authenticated request?

Ixpah

I've never used HTTPWatch, so I don't know how it works, buf if it intercepts HTTP via a "proxy" then this is likely to cause different behaviour than without a proxy server. Specifically IE defaults to using HTTP/1.0 if it connects through a proxy server and this changes several things which could well be the issue you are seeing.