Article ID: 328863 - Last Review: November 21, 2006 - Revision: 4.3

HTTP Authentication: IIS Waits for Request Entity Body Before It Sends a "401 Authentication Required" Response

Retired KB ArticleRetired KB Content Disclaimer
View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
This article was previously published under Q328863
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx (http://www.microsoft.com/technet/security/prodtech/IIS.mspx)
Expand all | Collapse all

SYMPTOMS

When you use the HTTP POST verb to send data to a Web site that requires authentication, Internet Information Services (IIS) 5.0 returns the "401 authentication required" response only after all data has been sent. This may slow down middle-tier Web applications that must authenticate each request on behalf of the issuing front-end user.
Back to the top

CAUSE

This issue occurs if you use Windows NT LAN Manager (NTLM) authentication at the target server.
Back to the top

RESOLUTION

This problem is resolved in the hotfix that is described in the following Microsoft Knowledge Base article:
810814  (http://support.microsoft.com/kb/810814/ ) FIX: Web Services Performance When You Use Authentication
You can also resolve this problem by installing the Microsoft .NET Framework version 1.1. To download the .NET Framework 1.1 redistributable file, visit the following Microsoft Web site:
http://msdn.microsoft.com/netframework/technologyinfo/redist/default.aspx (http://msdn.microsoft.com/netframework/technologyinfo/redist/default.aspx)
Back to the top

WORKAROUND

To work around this issue, make sure that the client authenticates once and then uses keep-alive processing, which permits it to reuse the now-authenticated connection.
Back to the top

STATUS

Microsoft has confirmed that this is a problem in the .NET Framework 1.0.
Back to the top
APPLIES TO
  • Microsoft Internet Information Services 5.0
Back to the top
Keywords: 
kbhotfixserver kbqfe kbbug kbfix kbwin2000presp4fix KB328863
Back to the top
Retired KB ArticleRetired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Back to the top