Webservice performance when using authentication

AndrewWhite · ‎02-23-2011

We are using active directory authentication on our arcgis webservices. I'm watching the requests and responses using Fiddler. I notice that when I make a request from one of our services I always get a 401 error response saying "not authorized", then I get a successful 200 response with my data.

So, it looks to me like the arcgis client classes are attempting anonymous requests and if they are challenged by getting a 401 response, then they send another request supplying credentials.

Is there a way to force my requests to use my credentials the first time instead of waiting to get the unauthorized error response?

We're using VPN on mobile devices so chattiness is definitely a performance issue.

JenniferNery · ‎02-23-2011

This is expected behavior. You can reproduce the same trace of web requests when using your web browser, if you set up Internet Options this way:
Internet Options > Security > Local Intranet > Custom level... > User Authentication > Prompt for user name and password.
Internet Options > Advanced > Security > uncheck Enable Integrated Windows Authentication.

A 401 response from the service is neccesary. Without this, Credentials eventhough it is supplied in the request, will be ignored. You will find that if you restore your Internet Options settings (when Automatic logon is used), Fiddler will still show that 401 response from the server is received.

http://msdn.microsoft.com/en-us/library/aa383144(v=vs.85).aspx

AndrewWhite · ‎02-24-2011

Okay. Thank you.