Microsoft KB Archive/328863

= HTTP Authentication: IIS Waits for Request Entity Body Before It Sends a &quot;401 Authentication Required&quot; Response =

Article ID: 328863

Article Last Modified on 11/21/2006

-

APPLIES TO


 * Microsoft Internet Information Services 5.0

-



This article was previously published under Q328863



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
When you use the HTTP POST verb to send data to a Web site that requires authentication, Internet Information Services (IIS) 5.0 returns the &quot;401 authentication required&quot; response only after all data has been sent. This may slow down middle-tier Web applications that must authenticate each request on behalf of the issuing front-end user.



CAUSE
This issue occurs if you use Windows NT LAN Manager (NTLM) authentication at the target server.



RESOLUTION
This problem is resolved in the hotfix that is described in the following Microsoft Knowledge Base article:

810814 FIX: Web Services Performance When You Use Authentication

You can also resolve this problem by installing the Microsoft .NET Framework version 1.1. To download the .NET Framework 1.1 redistributable file, visit the following Microsoft Web site:

http://msdn.microsoft.com/netframework/technologyinfo/redist/default.aspx



WORKAROUND
To work around this issue, make sure that the client authenticates once and then uses keep-alive processing, which permits it to reuse the now-authenticated connection.



STATUS
Microsoft has confirmed that this is a problem in the .NET Framework 1.0.

Keywords: kbbug kbfix kbwin2000presp4fix kbqfe kbhotfixserver KB328863

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.