ASP.NET Performance: Get Rid of HTTP 401 and HTTP 304

Making fewer calls to IIS web server improves your ASP.NET application’s performance, or more precisely, it improves UI responsiveness or, even more precisely, it improves UX, the User Experience. Better User Experience leads to better adoption.

Quick Resource Box Free Web Performance Tools From Microsoft, Google, Yahoo, And IBM Performance Tuning with Fiddler 12 Steps To Faster Web Pages With Visual Round Trip Analyzer Rules for high performance web pages Web Performance Best Practices

In this post I will share how to improve User Experience by reducing the number of HTTP 401 and HTTP 304 responses. The Impact of HTTP 304 In general HTTP 304 is returned by web server when the browser is not really sure about up-to-date’ness of the resource. Imagine this conversation: Browser: “Hey, IIS web server, I have this GIF file in my cache stored locally. I stored it here since my last visit to your page. Not sure it’s up-to-date. Should I use it? Or, do you have a newer version?” IIS web server: “HTTP 304. Nope, there is no newer version down here in the data center. Use your locally cached version of the GIF.” Browser displays the GIF from local cache. This one extra roundtrip might look very subtle in case when there are very few static elements on the page. In case there are many static elements on the page the User Experience can be severely affected. Below is an extreme example of HTTP 304 responses captured by Fiddler. All the images in the diagram are stored in local cache but they never displayed right away – Browser first consults with the server and gets HTTP 304 before displaying it: The Impact of HTTP 401 HTTP 401 returned when Browser requests a resource that requires authentication. The fact that the resource requires authentication results in two HTTP requests – initial requests gets HTTP 401 asking for credentials, and subsequent request is satisfied with the actual response after the creds were validated. Something similar to this:   Imagine now situation that static resources such images, JavaScript, CSS files, etc require authentication. Usually these guys are the same for every user and there is no point to require authentication/authorization for it, right? If so then there is no need to waste another HTTP 401 roundtrip for them, right? Improve Performance by Partitioning Your Application Consider the following solution structure: Notice the following four folders: CSS, IMG, JS, and Restricted. The first three contains static style sheets, images, and JavaScript files respectively. The Restricted folder contains all the dynamic ASPX pages that implement your scenarios referencing the static content from the other three folders when needed. The web.config file looks as follows: <?xml version="1.0"?> <configuration>     <system.web>       <authorization>         <allow="*"/>       </authorization>     </system.web>   <location path="Restricted">     <system.web>       <authorization>         <deny="?"/>       </authorization>     </system.web>   </location> </configuration> This configuration achieves the following: Static files served from publically accessible location that way we avoid HTTP 401 extra roundtrips. System administrators are not required to fish the static files across the solution’s file structure just to set expiration policy – there are only 3 folders to specify it so there is a better chance it will happen. It should help reducing HTTP 304 extra roundtrips. Related Books Ultra-Fast ASP.NET: Build Ultra-Fast and Ultra-Scalable web sites using ASP.NET and SQL Server Developing More-Secure Microsoft ASP.NET 2.0 Applications (Pro Developer)