asp.netjqueryajaxasmxwindows-authentication
Excessive HTTP 401s using Windows Authentication, AJAX, ASMX and external ISA
Enviornment:
- ASP.NET WebForms
- .NET 3.5
- jQuery for AJAX
- ASMX web services
- Windows Authentication
- SSL
When we run our production web application, our AJAX calls often have 2-3 HTTP 401s before we get our HTTP 200.
Is this normal?
Is there something we may be doing wrong?
NOTE: The calls do not fail, the 401s try until they succeed.
Example Traffic:
Solution
That's normal traffic for NTLM-style Integrated Windows authentication. The sequence is roughly:
- Client: HTTP GET url...
- Server: HTTP 401 WHO GOES THERE
- Client: It's-a me, the client!
- Server: HTTP 401 YEAH PROVE IT
- Client: I've got all the proof you need right here.
- Server: HTTP 200 OK
If you look in the raw responses from the server, you should see the Negotiate headers, and the corresponding encoded / encrypted requests from the client.