Can you bypass the "AuthenticateRequest" portion of an IIS request

Question

While looking at the New Relic logs for an Azure website (.Net MVC, Owin 3.0.1) it says our servers are spending 8.56% of total wall clock CPU serving favicon.ico*, with 95.9% of that time on the "AuthenticateRequest" step.

Is it possible to "bypass" any authentication when serving resources that are not protected/require no user information? Any hints of where to look to figure out what is happening in that step?

• I have some ideas as to why we are serving favicon.ico so much which can be reduced, but I would like to apply this fix globally to a lot of other parts of the site.

Answer 1

My issues were entirely due to Owin 3.0.1 upgrade, downgrading to Owin 3.0.0 dropped my total CPU load by about 85%, Database by about 50%, and this particular screenshot from 66.7MS to 1.2 MS on the AuthenticateRequest step.