Dave,
Assuming there is no delay when you access the Web service with anonymous
access, then the delay would be caused by integrated authentication.
Otherwise it will be something else.
In ASP.NET, by default authentication occurs for each request (doesn't
matter its the first request or sebsequent) so you should see the same
delay on each request. Otherwise it could be something else going on
causing the problem. One example is, the Web service accesses DB, the name
resolution takes sometime and once the name is resolved it is cached. So
the first time is slow and then subsequent is fast and will be slow again
if the service is idle for some time and the cached expires. You can use
Network Monitor to get a network trace to troubleshoot the network problem.
If anonymous is fast but integrated auth is slow for every request, read
the info below:
NTLM authentication is connection-based on IIS by default. That means NTLM
authentication occurs only on the first request on each connection. There
is no authentication for subsequent requests on the same connection. This
greatly improves the performance by eliminating the overheads associated
with NTLM authentication. For example, in the following code, User A will
be authenticated to access the Web service. UserB can access the Web
service without authentication.
NetworkCredential myCred = new
NetworkCredential("UserA","PasswordA","DomainA");
CredentialCache myCache = new CredentialCache();
myCache.Add(new Uri("http://server/webservicetest/service1.asmx"), "NTLM",
myCred);
svc.Credentials = myCache;
string result = svc.HelloWorld();
myCred = new NetworkCredential("UserB","PasswordB","DomainB");
CredentialCache myCache = new CredentialCache();
myCache.Add(new Uri("http://server/webservicetest/service1.asmx"), "NTLM",
myCred);
svc.Credentials = myCache;
result = svc.HelloWorld();
In .NET, there is a change in the behavior. Each request will be
authenticated. .NET achieves this by closing each connection from .NET Web
clients when communicating with IIS. So a new connection will be opened for
each request and hence each request will be authenticated. Both UserA and
UserB will be authenticated in the sample above.
This design has significant overhead because NTLM is expensive. We
escalated this issue to the Microsoft Web service product team. They came
up with a solution. The solution requires installing a fix in .NET 1.0
(rolled into v1.1). Two properties were added:
UnsafeAuthenticatedConnectionSharing and ConnectionGroupName.
UnsafeAuthenticatedConnectionSharing is FALSE by default, meaning the same
behavior as without the fix. However if you install the hot fix and you set
UnsafeAuthenticatedConnectionSharin to true, the connection will NOT be
closed after a request. Any request belonging to the same
ConnectionGroupName will share the same authenticated connection
(authentication only once for each ConnectionGroupName). Multiple requests
with different ConnectionGroupName will use different connections. In the
example below, each request will use its own connection and will be
authenticated individually because they have different GroupConnectionName.
If I change svc.ConnectionGroupName = "b" to svc.ConnectionGroupName = "a"
both requests will share the same connection and only the first request
will be authenticated.
svc.UnsafeAuthenticatedConnectionSharing = true;
NetworkCredential myCred = new
NetworkCredential("UserA","PasswordA","DomainA");
CredentialCache myCache = new CredentialCache();
myCache.Add(new Uri("http://server/webservicetest/service1.asmx"), "NTLM",
myCred);
svc.Credentials = myCache;
svc.ConnectionGroupName = "a";
string result = svc.HelloWorld();
myCred = new NetworkCredential("UserB","PasswordB","DomainB");
CredentialCache myCache = new CredentialCache();
myCache.Add(new Uri("http://server/webservicetest/service1.asmx"), "NTLM",
myCred);
svc.Credentials = myCache;
svc.ConnectionGroupName = "b";
result = svc.HelloWorld();
I wish it helps,
David
Microsoft Developer Support
Distributed Services
This posting is provided "AS IS" with no warranties, and confers no rights.
|
