|
Home > Archive > IIS Server Security > December 2005 > HTTP status 401: Unauthorized
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
HTTP status 401: Unauthorized
|
|
| myao2005@gmail.com 2005-12-01, 2:49 am |
| Not sure this is the right group to post my question.
We are using windows 2003+ asp.net. We have a virtual directory with
the "Anonymous Access" disabled. We are using "Integrated Windows
Authentication" and "Baisc authentication" for this virtual directory.
This virtual directory is automatically updated by a build system.
We keep on seeing the 401 error for some files, especially the included
js files and css files. Even though the brower will get these files
after 2-3 tried, it singnificantly slows down the performance. If we
enable the "Anonymous Access", the problem is gone.
Can anyone give us some hint how to solve this problem?
Thanks,
Michael
| |
| David Wang [Msft] 2005-12-01, 8:55 pm |
| You should enable anonymous authentication for those commonly included
files. It is the only way to reduce the 401 errors because your
configuration is intentionally causing them. When you enable authentication
for a resource, you will see extra "401 authentication handshake responses"
which are totally by-design since that is how authentication protocols work.
Thus, if you do not want those extra handshakes, you need to disable
authentication for those resources... unless you actually *want* to enable
authentication on those resources to protect them.
For example, most people who run SSL websites will disable SSL for their
unsecured images because encryption is expensive and not necessary for
unsecured images -- thus they intentionally disable for images. The same
principle applies here -- if you run an authenticated website, disable
authentication for commonly included files that do not need to be secured
because authentication is expensive and not necessary for non-secured pages.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
<myao2005@gmail.com> wrote in message
news:1133421107.816421.207210@f14g2000cwb.googlegroups.com...
Not sure this is the right group to post my question.
We are using windows 2003+ asp.net. We have a virtual directory with
the "Anonymous Access" disabled. We are using "Integrated Windows
Authentication" and "Baisc authentication" for this virtual directory.
This virtual directory is automatically updated by a build system.
We keep on seeing the 401 error for some files, especially the included
js files and css files. Even though the brower will get these files
after 2-3 tried, it singnificantly slows down the performance. If we
enable the "Anonymous Access", the problem is gone.
Can anyone give us some hint how to solve this problem?
Thanks,
Michael
|
|
|
|
|