401 Returned for every 5th call in an ASP.NET MVC application that returns JSON

Question

This is nuts.

I have an ASP.NET MVC application using Windows authentication that, amongst other things, interacts with a number of ExtJs Javascript components by returning JSON data to them.

The problem is that even after the user is successfully authenticated, every 5th request to grab some JSON data from MVC results in TWO "401 Unauthorized" responses followed by a "200 OK" response. Again, this happens every 5th call ... why? I have no idea.

Interestingly enough, each response contains the expected JSON!!!

Anyone else experiencing this behavior or have any ideas on why its happening?

Thanks - wg

Answer 1

I had this happen to me once, and in my case, it was because I had the virtual web folder use two different authentication methods: Windows Authentication and basic authentication.

Every so often IIS would try and authenticate the user using Windows Authentication instead of the basic HTTP authentication I had meant it to use (this happened most especially in Internet Explorer) and return an "Unauthorized" response.

Try disabling authentication methods that you aren't using, and see what happens.

Answer 2

It appears this is how Windows Authentication works by design:

http://stackoverflow.com/questions/581090/how-do-i-stop-401-responses-from-tfs-2008/581275#581275

I had this same issue with an ASP.NET MVC application running on IIS 6, but using Forms authentication. It drove me crazy until I realized that our server is setup to authenticate via NTLM for every request, since it's an internal intranet server. So it's really a non-issue, since the request processes fine after the 200 response, and doesn't seem to bog down the load time at all.