views:

48

answers:

1

Enviornment:

  • ASP.NET WebForms
  • .NET 3.5
  • jQuery for AJAX
  • ASMX web services
  • Windows Authentication
  • SSL

When we run our production web application, our AJAX calls often have 2-3 HTTP 401s before we get our HTTP 200.

Is this normal?
Is there something we may be doing wrong?

NOTE: The calls do not fail, the 401s try until they succeed.

Example Traffic:
alt text

+2  A: 

That's normal traffic for NTLM-style Integrated Windows authentication. The sequence is roughly:

  1. Client: HTTP GET url...
  2. Server: HTTP 401 WHO GOES THERE
  3. Client: It's-a me, the client!
  4. Server: HTTP 401 YEAH PROVE IT
  5. Client: I've got all the proof you need right here.
  6. Server: HTTP 200 OK

If you look in the raw responses from the server, you should see the Negotiate headers, and the corresponding encoded / encrypted requests from the client.

mwalker
Ok cool, I looked at the headers as @John mentioned and I do see the negations taking place.
rick schott